;;; Copyright © 2016 Mike Gerwitz <mtg@gnu.org>
;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
-;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
-;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com>
+;;; Copyright © 2017, 2018, 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017, 2019 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2018, 2019 Chris Marusich <cmmarusich@gmail.com>
+;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net>
;;;
;;; This file is part of GNU Guix.
;;;
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (guix download)
+ #:use-module (guix gexp)
+ #:use-module (guix git-download)
#:use-module (guix build-system gnu)
#:use-module (guix build-system glib-or-gtk)
+ #:use-module (guix build-system python)
#:use-module (gnu packages autotools)
+ #:use-module (gnu packages base)
#:use-module (gnu packages curl)
#:use-module (gnu packages check)
#:use-module (gnu packages docbook)
#:use-module (gnu packages documentation)
+ #:use-module (gnu packages dns)
#:use-module (gnu packages gettext)
#:use-module (gnu packages graphviz)
#:use-module (gnu packages gtk)
#:use-module (gnu packages man)
#:use-module (gnu packages networking)
#:use-module (gnu packages cyrus-sasl)
+ #:use-module (gnu packages popt)
#:use-module (gnu packages readline)
#:use-module (gnu packages tls)
#:use-module (gnu packages tex)
#:use-module (gnu packages perl)
#:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages python)
+ #:use-module (gnu packages python-crypto)
+ #:use-module (gnu packages python-xyz)
+ #:use-module (gnu packages swig)
+ #:use-module (gnu packages web)
#:use-module (gnu packages xml))
(define-public ccid
(package
(name "ccid")
- (version "1.4.29")
+ (version "1.4.33")
(source (origin
(method url-fetch)
- (uri (string-append
- "https://ccid.apdu.fr/files/"
- name "-" version ".tar.bz2"))
+ (uri (string-append "https://ccid.apdu.fr/files/ccid-"
+ version ".tar.bz2"))
(sha256
(base32
- "0kdqmbma6sclsrbxy9w85h7cs0v11if4nc2r9v09613k8pl2lhx5"))))
+ "0974h2v9wq0j0ajw3c7yckaw8wqcppb2npfhfhmv9phijy9xlmjj"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags (list (string-append "--enable-usbdropdir=" %output
(("/bin/echo") (which "echo")))
#t)))))
(native-inputs
- `(("perl" ,perl)
+ `(("pcsc-lite" ,pcsc-lite) ; only required for headers
+ ("perl" ,perl)
("pkg-config" ,pkg-config)))
(inputs
- `(("libusb" ,libusb)
- ("pcsc-lite" ,pcsc-lite)))
+ `(("libusb" ,libusb)))
(home-page "https://ccid.apdu.fr/")
(synopsis "PC/SC driver for USB smart card devices")
(description
(define-public eid-mw
(package
(name "eid-mw")
- (version "4.3.4")
- (source (origin
- (method url-fetch)
- (uri (string-append
- "https://github.com/Fedict/eid-mw/archive/v"
- version ".tar.gz"))
- (file-name (string-append name "-" version ".tar.gz"))
- (sha256
- (base32
- "1ay9znry9dkhhn783paqy8czvv3w5gdpmq8ag8znx9akza8c929z"))))
+ (version "4.4.27")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/Fedict/eid-mw")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "17lw8iwp7h5cs3db80sysr84ffi333cf2vrhncs9l6hy6glfl2v1"))))
(build-system glib-or-gtk-build-system)
(native-inputs
`(("autoconf" ,autoconf)
("automake" ,automake)
- ("gettext" ,gnu-gettext)
+ ("gettext" ,gettext-minimal)
("libtool" ,libtool)
("pkg-config" ,pkg-config)
("perl" ,perl)))
(arguments
`(#:phases
(modify-phases %standard-phases
- ;; The github tarball doesn't contain a configure script.
- (add-before 'configure 'autoreconf
- (lambda _ (zero? (system* "autoreconf" "-i")))))))
+ (add-after 'unpack 'bootstrap
+ (lambda _
+ ;; configure.ac relies on ‘git --describe’ to get the version.
+ ;; Patch it to just return the real version number directly.
+ (substitute* "scripts/build-aux/genver.sh"
+ (("/bin/sh") (which "sh"))
+ (("^(GITDESC=).*" _ match) (string-append match ,version "\n")))
+ (invoke "sh" "./bootstrap.sh"))))))
(synopsis "Belgian eID Middleware")
(description "The Belgian eID Middleware is required to authenticate with
online services using the Belgian electronic identity card.")
(home-page "https://developers.yubico.com/yubico-c/")
(license license:bsd-2)))
+(define-public softhsm
+ (package
+ (name "softhsm")
+ (version "2.6.1")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://dist.opendnssec.org/source/"
+ "softhsm-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1wkmyi6n3z2pak1cj5yk6v6bv9w0m24skycya48iikab0mrr8931"))))
+ (build-system gnu-build-system)
+ (arguments
+ '(#:configure-flags '("--disable-gost"))) ; TODO Missing the OpenSSL
+ ; engine for GOST
+ (inputs
+ `(("openssl" ,openssl)))
+ (native-inputs
+ `(("pkg-config" ,pkg-config)
+ ("cppunit" ,cppunit)))
+ (synopsis "Software implementation of a generic cryptographic device")
+ (description
+ "SoftHSM 2 is a software implementation of a generic cryptographic device
+with a PKCS #11 Cryptographic Token Interface.")
+ (home-page "https://www.opendnssec.org/softhsm/")
+ (license license:bsd-2)))
+
(define-public pcsc-lite
(package
(name "pcsc-lite")
- (version "1.8.23")
+ (version "1.8.26")
(source (origin
(method url-fetch)
- (uri (string-append
- "https://pcsclite.apdu.fr/files/"
- name "-" version ".tar.bz2"))
+ (uri (string-append "https://pcsclite.apdu.fr/files/"
+ "pcsc-lite-" version ".tar.bz2"))
(sha256
(base32
- "1jc9ws5ra6v3plwraqixin0w0wfxj64drahrbkyrrwzghqjjc9ss"))))
+ "1ndvvz0fgqwz70pijymsxmx25mzryb0zav1i8jjc067ndryvxdry"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags '("--enable-usbdropdir=/var/lib/pcsc/drivers"
(define-public opensc
(package
(name "opensc")
- (version "0.17.0")
+ (version "0.20.0")
(source (origin
(method url-fetch)
(uri (string-append
version "/opensc-" version ".tar.gz"))
(sha256
(base32
- "0043jh5g7q2lyd5vnb0akwb5y349isx7vbm9wqhlgav7d20wcwxy"))))
+ "0qs8pabkrpj1z52bkdsk59s2z6q5m0hfh9d5j1f68qs4lksb9x5v"))))
(build-system gnu-build-system)
(arguments
`(#:phases
(define-public yubico-piv-tool
(package
(name "yubico-piv-tool")
- (version "1.5.0")
+ (version "1.6.1")
(source (origin
(method url-fetch)
(uri (string-append
name "-" version ".tar.gz"))
(sha256
(base32
- "1axa0lnky5gsc8yack6mpfbjh49z0czr1cv52gbgjnx2kcbpb0y1"))))
+ "10xgdc51xvszkxmsvqnbjs8ixxz7rfnfahh3wn8glllynmszbhwi"))))
(build-system gnu-build-system)
(inputs
- `(("perl" ,perl)
+ `(("gengetopt" ,gengetopt)
+ ("perl" ,perl)
("pcsc-lite" ,pcsc-lite)
("openssl" ,openssl)))
(native-inputs
`(("doxygen" ,doxygen)
("graphviz" ,graphviz)
+ ("help2man" ,help2man)
("check" ,check)
("texlive-bin" ,texlive-bin)
("pkg-config" ,pkg-config)))
;; license for that one file. Please see it for details. The vast
;; majority of files are licensed under bsd-2.
(license license:bsd-2)))
+
+(define-public yubikey-personalization
+ (package
+ (name "yubikey-personalization")
+ (version "1.19.3")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://developers.yubico.com/" name
+ "/Releases/ykpers-" version ".tar.gz"))
+ (sha256
+ (base32
+ "0jhvnavjrpwzmmjcw486df5s48j53njqgyz36yz3dskbaz3kwlfr"))))
+ (build-system gnu-build-system)
+ (arguments
+ '(#:configure-flags (list (string-append "--with-udevrulesdir="
+ (assoc-ref %outputs "out")
+ "/lib/udev/rules.d"))))
+ (inputs
+ `(("json-c" ,json-c-0.13)
+ ("libusb" ,libusb)
+ ;; The library "libyubikey" is also known as "yubico-c".
+ ("libyubikey" ,libyubikey)))
+ (native-inputs
+ `(("pkg-config" ,pkg-config)
+ ("eudev" ,eudev)))
+ (home-page "https://developers.yubico.com/yubikey-personalization/")
+ (synopsis "Library and tools to personalize YubiKeys")
+ (description
+ "The YubiKey Personalization package contains a C library and command
+line tools for personalizing YubiKeys. You can use these to set an AES key,
+retrieve a YubiKey's serial number, and so forth.")
+ (license license:bsd-2)))
+
+(define-public python-pyscard
+ (package
+ (name "python-pyscard")
+ (version "1.9.9")
+ (source (origin
+ (method url-fetch)
+ ;; The maintainer publishes releases on various sites, but
+ ;; SourceForge is apparently the only one with a signed release.
+ (uri (string-append
+ "mirror://sourceforge/pyscard/pyscard/pyscard%20"
+ version "/pyscard-" version ".tar.gz"))
+ (sha256
+ (base32
+ "082cjkbxadaz2jb4rbhr0mkrirzlqyqhcf3r823qb0q1k50ybgg6"))))
+ (build-system python-build-system)
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ ;; Tell pyscard where to find the PCSC include directory.
+ (add-after 'unpack 'patch-platform-include-dirs
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((pcsc-include-dir (string-append
+ (assoc-ref inputs "pcsc-lite")
+ "/include/PCSC")))
+ (substitute* "setup.py"
+ (("platform_include_dirs = \\[.*?\\]")
+ (string-append
+ "platform_include_dirs = ['" pcsc-include-dir "']")))
+ #t)))
+ ;; pyscard wants to dlopen libpcsclite, so tell it where it is.
+ (add-after 'unpack 'patch-dlopen
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "smartcard/scard/winscarddll.c"
+ (("lib = \"libpcsclite\\.so\\.1\";")
+ (simple-format #f
+ "lib = \"~a\";"
+ (string-append (assoc-ref inputs "pcsc-lite")
+ "/lib/libpcsclite.so.1"))))
+ #t)))))
+ (inputs
+ `(("pcsc-lite" ,pcsc-lite)))
+ (native-inputs
+ `(("swig" ,swig)))
+ (home-page "https://github.com/LudovicRousseau/pyscard")
+ (synopsis "Smart card library for Python")
+ (description
+ "The pyscard smart card library is a framework for building smart card
+aware applications in Python. The smart card module is built on top of the
+PCSC API Python wrapper module.")
+ (license license:lgpl2.1+)))
+
+(define-public python2-pyscard
+ (package-with-python2 python-pyscard))
+
+(define-public libu2f-host
+ (package
+ (name "libu2f-host")
+ (version "1.1.10")
+ (source (origin
+ (method url-fetch)
+ (uri
+ (string-append
+ "https://developers.yubico.com"
+ "/libu2f-host/Releases/libu2f-host-" version ".tar.xz"))
+ (sha256
+ (base32
+ "0vrivl1dwql6nfi48z6dy56fwy2z13d7abgahgrs2mcmqng7hra2"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:configure-flags
+ (list "--enable-gtk-doc"
+ (string-append "--with-udevrulesdir="
+ (assoc-ref %outputs "out")
+ "/lib/udev/rules.d"))
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'patch-docbook-xml
+ (lambda* (#:key inputs #:allow-other-keys)
+ ;; Avoid a network connection attempt during the build.
+ (substitute* "gtk-doc/u2f-host-docs.xml"
+ (("http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd")
+ (string-append (assoc-ref inputs "docbook-xml")
+ "/xml/dtd/docbook/docbookx.dtd")))
+ #t)))))
+ (inputs
+ `(("json-c" ,json-c-0.13)
+ ("hidapi" ,hidapi)))
+ (native-inputs
+ `(("help2man" ,help2man)
+ ("gengetopt" ,gengetopt)
+ ("pkg-config" ,pkg-config)
+ ("gtk-doc" ,gtk-doc)
+ ("docbook-xml" ,docbook-xml-4.3)
+ ("eudev" ,eudev)))
+ (home-page "https://developers.yubico.com/libu2f-host/")
+ ;; TRANSLATORS: The U2F protocol has a "server side" and a "host side".
+ (synopsis "U2F host-side C library and tool")
+ (description
+ "Libu2f-host provides a C library and command-line tool that implements
+the host-side of the Universal 2nd Factor (U2F) protocol. There are APIs to
+talk to a U2F device and perform the U2F Register and U2F Authenticate
+operations.")
+ ;; Most files are LGPLv2.1+, but some files are GPLv3+.
+ (license (list license:lgpl2.1+ license:gpl3+))))
+
+(define-public libu2f-server
+ (package
+ (name "libu2f-server")
+ (version "1.1.0")
+ (source (origin
+ (method git-fetch)
+ (uri
+ (git-reference
+ (url "https://github.com/Yubico/libu2f-server")
+ (commit (string-append "libu2f-server-" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1nmsfq372zza5y6j13ydincjf324bwfcjg950vykh166xkp6wiic"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:configure-flags
+ (list "--enable-gtk-doc"
+ "--enable-tests")))
+ (inputs
+ `(("json-c" ,json-c-0.13)
+ ("libressl" ,libressl)))
+ (native-inputs
+ `(("autoconf" ,autoconf)
+ ("automake" ,automake)
+ ("libtool" ,libtool)
+ ("check" ,check)
+ ("gengetopt" ,gengetopt)
+ ("help2man" ,help2man)
+ ("pkg-config" ,pkg-config)
+ ("gtk-doc" ,gtk-doc)
+ ("which" ,which)))
+ (home-page "https://developers.yubico.com/libu2f-server/")
+ ;; TRANSLATORS: The U2F protocol has a "server side" and a "host side".
+ (synopsis "U2F server-side C library")
+ (description
+ "This is a C library that implements the server-side of the
+@dfn{Universal 2nd Factor} (U2F) protocol. More precisely, it provides an API
+for generating the JSON blobs required by U2F devices to perform the U2F
+Registration and U2F Authentication operations, and functionality for
+verifying the cryptographic operations.")
+ (license license:bsd-2)))
+
+(define-public pam-u2f
+ (package
+ (name "pam-u2f")
+ (version "1.0.8")
+ (source (origin
+ (method git-fetch)
+ (uri
+ (git-reference
+ (url "https://github.com/Yubico/pam-u2f")
+ (commit (string-append "pam_u2f-" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "04d9davyi33gqbvga1rvh9fijp6f16mx2xmnn4n61rnhcn2jac98"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:configure-flags
+ (list (string-append "--with-pam-dir="
+ (assoc-ref %outputs "out") "/lib/security"))))
+ (inputs
+ `(("libu2f-host" ,libu2f-host)
+ ("libu2f-server" ,libu2f-server)
+ ("linux-pam" ,linux-pam)))
+ (native-inputs
+ `(("autoconf" ,autoconf)
+ ("automake" ,automake)
+ ("libtool" ,libtool)
+ ("asciidoc" ,asciidoc)
+ ("pkg-config" ,pkg-config)))
+ (home-page "https://developers.yubico.com/pam-u2f/")
+ (synopsis "PAM module for U2F authentication")
+ (description
+ "This package provides a module implementing PAM over U2F, providing an
+easy way to integrate the YubiKey (or other U2F compliant authenticators) into
+your existing infrastructure.")
+ (license license:bsd-2)))
+
+(define-public python-fido2
+ (package
+ (name "python-fido2")
+ (version "0.5.0")
+ (source (origin
+ (method url-fetch)
+ (uri
+ (string-append
+ "https://github.com/Yubico/python-fido2/releases/download/"
+ version "/fido2-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1pl8d2pr6jzqj4y9qiaddhjgnl92kikjxy0bgzm2jshkzzic8mp3"))
+ (snippet
+ ;; Remove bundled dependency.
+ #~(delete-file "fido2/public_suffix_list.dat"))))
+ (build-system python-build-system)
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'install-public-suffix-list
+ (lambda* (#:key inputs #:allow-other-keys)
+ (copy-file
+ (string-append (assoc-ref inputs "public-suffix-list")
+ "/share/public-suffix-list-"
+ ,(package-version public-suffix-list)
+ "/public_suffix_list.dat")
+ "fido2/public_suffix_list.dat")
+ #t)))))
+ (propagated-inputs
+ `(("python-cryptography" ,python-cryptography)
+ ("python-six" ,python-six)))
+ (native-inputs
+ `(("python-mock" ,python-mock)
+ ("python-pyfakefs" ,python-pyfakefs)
+ ("public-suffix-list" ,public-suffix-list)))
+ (home-page "https://github.com/Yubico/python-fido2")
+ (synopsis "Python library for communicating with FIDO devices over USB")
+ (description
+ "This Python library provides functionality for communicating with a Fast
+IDentity Online (FIDO) device over Universal Serial Bus (USB) as well as
+verifying attestation and assertion signatures. It aims to support the FIDO
+Universal 2nd Factor (U2F) and FIDO 2.0 protocols for communicating with a USB
+authenticator via the Client-to-Authenticator Protocol (CTAP 1 and 2). In
+addition to this low-level device access, classes defined in the
+@code{fido2.client} and @code{fido2.server} modules implement higher level
+operations which are useful when interfacing with an Authenticator, or when
+implementing a Relying Party.")
+ ;; python-fido2 contains some derivative files originally from pyu2f
+ ;; (https://github.com/google/pyu2f). These files are licensed under the
+ ;; Apache License, version 2.0. The maintainers have customized these
+ ;; files for internal use, so they are not really a bundled dependency.
+ (license (list license:bsd-2 license:asl2.0))))
+
+(define-public python2-fido2
+ (package-with-python2 python-fido2))
+
+(define-public python-yubikey-manager
+ (package
+ (name "python-yubikey-manager")
+ (version "2.1.0")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://developers.yubico.com/yubikey-manager/Releases"
+ "/yubikey-manager-" version ".tar.gz"))
+ (sha256
+ (base32
+ "11rsmcaj60k3y5m5gdhr2nbbz0w5dm3m04klyxz0fh5hnpcmr7fm"))))
+ (build-system python-build-system)
+ (propagated-inputs
+ `(("python-six" ,python-six)
+ ("python-pyscard" ,python-pyscard)
+ ("python-pyusb" ,python-pyusb)
+ ("python-click" ,python-click)
+ ("python-cryptography" ,python-cryptography)
+ ("python-pyopenssl" ,python-pyopenssl)
+ ("python-fido2" ,python-fido2)))
+ (inputs
+ `(("yubikey-personalization" ,yubikey-personalization)
+ ("pcsc-lite" ,pcsc-lite)
+ ("libusb" ,libusb)))
+ (native-inputs
+ `(("swig" ,swig)
+ ("python-mock" ,python-mock)))
+ (home-page "https://developers.yubico.com/yubikey-manager/")
+ (synopsis "Command line tool and library for configuring a YubiKey")
+ (description
+ "Python library and command line tool for configuring a YubiKey. Note
+that after installing this package, you might still need to add appropriate
+udev rules to your system configuration to be able to configure the YubiKey as
+an unprivileged user.")
+ (license license:bsd-2)))
+
+(define-public python2-yubikey-manager
+ (package-with-python2 python-yubikey-manager))
HCoop / jackhill / guix / guix.git / blobdiff