yubikey-agent

  • Open
  • quality assurance status badge
Details
3 participants
  • Ludovic Courtès
  • Christopher Baines
  • Nicolas Graves
Owner
unassigned
Submitted by
Nicolas Graves
Severity
normal
N
N
Nicolas Graves wrote on 8 Oct 2022 18:36
(address . guix-patches@gnu.org)
87r0zil1bh.fsf@ngraves.fr
Small go package series to add yubikey-agent.

--
Best regards,
Nicolas Graves
N
N
Nicolas Graves wrote on 8 Oct 2022 18:39
[PATCH 1/3] gnu: Add go-github-com-go-piv-piv-go.
(address . 58381@debbugs.gnu.org)(address . ngraves@ngraves.fr)
20221008163932.15808-1-ngraves@ngraves.fr
* gnu/packages/security-token.scm (go-github-com-go-piv-piv-go): New variable.
---
gnu/packages/security-token.scm | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)

Toggle diff (53 lines)
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 447a7a582d..3dc619ed4f 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -17,6 +17,7 @@
;;; Copyright © 2022 John Kehayias <john.kehayias@protonmail.com>
;;; Copyright © 2022 Petr Hodina <phodina@protonmail.com>
;;; Copyright © 2022 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
+;;; Copyright © 2022 Nicolas Graves <ngraves@ngraves.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -44,6 +45,7 @@ (define-module (gnu packages security-token)
#:use-module (guix build-system cargo)
#:use-module (guix build-system cmake)
#:use-module (guix build-system gnu)
+ #:use-module (guix build-system go)
#:use-module (guix build-system glib-or-gtk)
#:use-module (guix build-system python)
#:use-module (gnu packages autotools)
@@ -967,3 +969,30 @@ (define-public cardpeek
It also has limited support for Mifare Classic compatible cards (Thalys card)")
(license license:gpl3+)
(home-page "http://pannetrat.com/Cardpeek")))
+
+(define-public go-github-com-go-piv-piv-go
+ (package
+ (name "go-github-com-go-piv-piv-go")
+ (version "1.10.0")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/go-piv/piv-go")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "1j2szvvwgd0ysbap42rap4f60pj4smmmrxjlx0y131l3ki6v6gdm"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/go-piv/piv-go/piv"
+ #:unpack-path "github.com/go-piv/piv-go"
+ #:tests? #f))
+ (native-inputs (list pkg-config))
+ (propagated-inputs (list pcsc-lite))
+ (home-page "https://github.com/go-piv/piv-go")
+ (synopsis "A Go YubiKey PIV implementation")
+ (description "YubiKeys implement the PIV specification for managing smart
+card certificates. This package provides a simpler alternative to GPG for
+managing asymmetric keys on a YubiKey.")
+ (license license:asl2.0)))
--
2.38.0
N
N
Nicolas Graves wrote on 8 Oct 2022 18:39
[PATCH 2/3] gnu: Add go-github-com-twpayne-go-pinentry-minimal.
(address . 58381@debbugs.gnu.org)(address . ngraves@ngraves.fr)
20221008163932.15808-2-ngraves@ngraves.fr
* gnu/packages/security-token.scm (go-github-com-twpayne-go-pinentry-minimal): New variable.
---
gnu/packages/security-token.scm | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)

Toggle diff (35 lines)
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 3dc619ed4f..af7325ee79 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -996,3 +996,28 @@ (define-public go-github-com-go-piv-piv-go
card certificates. This package provides a simpler alternative to GPG for
managing asymmetric keys on a YubiKey.")
(license license:asl2.0)))
+
+(define-public go-github-com-twpayne-go-pinentry-minimal
+ (package
+ (name "go-github-com-twpayne-go-pinentry-minimal")
+ (version "0.0.0-20220113210447-2a5dc4396c2a")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/twpayne/go-pinentry-minimal")
+ (commit (go-version->git-ref version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "1rzy0r8bf6qhfvymsg36db07pgrv10kn0yanc12ph73mg9rw2qgz"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/twpayne/go-pinentry-minimal/pinentry"
+ #:unpack-path "github.com/twpayne/go-pinentry-minimal"))
+ (home-page "https://github.com/twpayne/go-pinentry-minimal")
+ (synopsis "Pinentry client")
+ (description
+ "This package provides a minimal client to GnuPG's pinentry,
+which only depends on Go's standard library. It is a fork of
+@url{https://github.com/twpayne/go-pinentry}.")
+ (license license:expat)))
--
2.38.0
N
N
Nicolas Graves wrote on 8 Oct 2022 18:39
[PATCH 3/3] gnu: Add yubikey-agent.
(address . 58381@debbugs.gnu.org)(address . ngraves@ngraves.fr)
20221008163932.15808-3-ngraves@ngraves.fr
* gnu/packages/security-token.scm (yubikey-agent): New variable.
---
gnu/packages/security-token.scm | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)

Toggle diff (49 lines)
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index af7325ee79..306d0b86e6 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -62,6 +62,7 @@ (define-module (gnu packages security-token)
#:use-module (gnu packages graphviz)
#:use-module (gnu packages gnome)
#:use-module (gnu packages gnupg)
+ #:use-module (gnu packages golang)
#:use-module (gnu packages gtk)
#:use-module (gnu packages libusb)
#:use-module (gnu packages linux)
@@ -1021,3 +1022,34 @@ (define-public go-github-com-twpayne-go-pinentry-minimal
which only depends on Go's standard library. It is a fork of
@url{https://github.com/twpayne/go-pinentry}.")
(license license:expat)))
+
+(define-public yubikey-agent
+ (let* ((commit "6d9db9c29100daacbe83e74653c79c94acc5958d")
+ (revision "1"))
+ (package
+ (name "yubikey-agent")
+ (version (git-version "0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/FiloSottile/yubikey-agent")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "06y2qjq0m365sdl6inxzfnqyd346i5sgfis5crw2zmgsl1q5kdws"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "filippo.io/yubikey-agent"))
+ (propagated-inputs
+ (list go-golang-org-x-term
+ go-golang-org-x-sys
+ go-golang-org-x-crypto
+ go-github-com-twpayne-go-pinentry-minimal
+ go-github-com-go-piv-piv-go
+ pcsc-lite))
+ (native-inputs (list pkg-config))
+ (home-page "https://filippo.io/yubikey-agent")
+ (synopsis "yubikey-agent")
+ (description "yubikey-agent is a seamless ssh-agent for YubiKeys.")
+ (license license:bsd-3))))
--
2.38.0
C
C
Christopher Baines wrote on 11 Oct 2022 12:48
Re: [bug#58381] [PATCH 1/3] gnu: Add go-github-com-go-piv-piv-go.
(name . Nicolas Graves)(address . ngraves@ngraves.fr)
87pmeyab3i.fsf@cbaines.net
Nicolas Graves via Guix-patches via <guix-patches@gnu.org> writes:

Toggle quote (5 lines)
> * gnu/packages/security-token.scm (go-github-com-go-piv-piv-go): New variable.
> ---
> gnu/packages/security-token.scm | 29 +++++++++++++++++++++++++++++
> 1 file changed, 29 insertions(+)

Hi Nicolas,

These patches look pretty good to me, just some things to check with
propagated-inputs though.

Toggle quote (46 lines)
> diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
> index 447a7a582d..3dc619ed4f 100644
> --- a/gnu/packages/security-token.scm
> +++ b/gnu/packages/security-token.scm
> @@ -17,6 +17,7 @@
> ;;; Copyright © 2022 John Kehayias <john.kehayias@protonmail.com>
> ;;; Copyright © 2022 Petr Hodina <phodina@protonmail.com>
> ;;; Copyright © 2022 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
> +;;; Copyright © 2022 Nicolas Graves <ngraves@ngraves.fr>
> ;;;
> ;;; This file is part of GNU Guix.
> ;;;
> @@ -44,6 +45,7 @@ (define-module (gnu packages security-token)
> #:use-module (guix build-system cargo)
> #:use-module (guix build-system cmake)
> #:use-module (guix build-system gnu)
> + #:use-module (guix build-system go)
> #:use-module (guix build-system glib-or-gtk)
> #:use-module (guix build-system python)
> #:use-module (gnu packages autotools)
> @@ -967,3 +969,30 @@ (define-public cardpeek
> It also has limited support for Mifare Classic compatible cards (Thalys card)")
> (license license:gpl3+)
> (home-page "http://pannetrat.com/Cardpeek")))
> +
> +(define-public go-github-com-go-piv-piv-go
> + (package
> + (name "go-github-com-go-piv-piv-go")
> + (version "1.10.0")
> + (source
> + (origin
> + (method git-fetch)
> + (uri (git-reference
> + (url "https://github.com/go-piv/piv-go")
> + (commit (string-append "v" version))))
> + (file-name (git-file-name name version))
> + (sha256
> + (base32 "1j2szvvwgd0ysbap42rap4f60pj4smmmrxjlx0y131l3ki6v6gdm"))))
> + (build-system go-build-system)
> + (arguments
> + '(#:import-path "github.com/go-piv/piv-go/piv"
> + #:unpack-path "github.com/go-piv/piv-go"
> + #:tests? #f))
> + (native-inputs (list pkg-config))
> + (propagated-inputs (list pcsc-lite))

What relation does pcsc-lite have to this package, and why does it need
to be propagated?

If this can be avoid, that would be good. Otherwise it would be good to
mention why the propagation is needed in a comment.
-----BEGIN PGP SIGNATURE-----

iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmNFSlFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh
aW5lcy5uZXQACgkQXiijOwuE9XfYFg/+P0CYkrsWuE6xqm1WTl0jLculxpSCQZM/
vRNiycXl9IXf4xz2OFrswi4d6yqdYQt2Fi1SOoLIOz1nkq60P6ARdd0W5BADfbi6
3BOV7IW2fDDtufuhfYxZC5ThskTlGwvJ6aoN8dPY2D+CroK4Vlb4Xzq6JbxxGqnk
1QpNklCmyoF09H803roHuaskM2cSpY0nTJhuEJImr0egvURPBccXNenTHjjMXYnu
650MqtyzFFSzts1rS1jL6pGivtE1IEeQNKUg2hJ8vPW7sU9uBI+jiwR2yh+9qtp4
RhmGYxNia3a7k3FpuXnBZUcTLIPPK5btSvqxVqpuR2LFIF8X1oz8QgmuQAku00mL
XhXYfSm/dQaw0MEHNXksG0kMDUZ1lRaI3jGHUBKq9Ii9Q/BMvDhj5T382KELzEXy
CVcAURMOmmxie53TbQJ1BRXb6eyO7j/qM9ZsldxDp/ewLxEJfdRbtHbGi2oxkT8e
mmsUvTqA3QdWVzoA7M/zk5BQcMUfuLAqw4PfiQwutQvCnFWGiV/vf8gY2UPF/XId
vA/hwy1pI4zFH9xcabZu8OnXrn73ub1XH/FwmjFJDVmexN7gJfPpzQzjQ/hhdV2d
VTSU2oX/mLeX3PGI/5zYgw6c/ksvA9pRpXO8DiJbz5dQJDHk9HQSbBBRp3fgvZFl
DNky5FWM5fo=
=cMKP
-----END PGP SIGNATURE-----

C
C
Christopher Baines wrote on 11 Oct 2022 12:50
Re: [bug#58381] [PATCH 3/3] gnu: Add yubikey-agent.
(name . Nicolas Graves)(address . ngraves@ngraves.fr)(address . 58381@debbugs.gnu.org)
87lepmab0w.fsf@cbaines.net
Nicolas Graves via Guix-patches via <guix-patches@gnu.org> writes:

Toggle quote (8 lines)
> + (propagated-inputs
> + (list go-golang-org-x-term
> + go-golang-org-x-sys
> + go-golang-org-x-crypto
> + go-github-com-twpayne-go-pinentry-minimal
> + go-github-com-go-piv-piv-go
> + pcsc-lite))

Similar comment here regarding the propagated inputs.

This looks excessive, I'm guessing yubikey-agent includes binaries, so
why are these go things required in the profile at runtime?

Thanks,

Chris
-----BEGIN PGP SIGNATURE-----

iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmNFSq9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh
aW5lcy5uZXQACgkQXiijOwuE9XdB/g//bj0QhPg2gR/RU8hD6f6IayDMOcaMU1Kl
SLyrcpoRR3nRvSuNHvWx4JttaszoEWNBr/z6FcH0zaPxTOICOp5dZnVclSG03TSs
rSmLW1svyiyOtukHiOmHjU7VKKp8Tr7vmFzpn8BCJNOni3q/Sw1hyvDcArv1P95k
oUi4Hci3ve5vrxl3E+GsZ8yG0gXVBtrAq1uVCWfRdEcJlaYx2+aYoACI0EN92yXB
DrDWRfGS5MaUgL8Khdf8n46JZEmrZWt8uW4VG1sWi6hF7irqlwNIl1HEmxvThF+a
FPpQAlKXjfrPaIMk6De3D7rfCjXUzmNnk5ah9cr6ET7U6WVSYSNzbfxoJ4gRMNyQ
kimkdWIcRAm2xZoGtpC9pU92SXM2vNO1YvxHlJWo+lapi7XD42z71pf4J+8Tdeni
QPv/YuANq+B6lIy/sQh6NaAN5oe9gK8fMqT0SIWfZU5aNWFRjkEKQ+tSkqDLB/YL
l/NtPDhYR42x0Vt1jU9MSPXAsmsvsvLUvp0IK5YgNEp4wJZuq6zcq20pRHIrUJYM
+2gHKSTMT0cgys4+eU4H5S1RL4Bqr8qj/s3+YgKhWHtZBX/M2Yg688uRLM7JH6v4
gyEuQ+YZ4+voz3e9Cl/KbGToZj9Mt8bIlGAanqFBYtw5K+1sO4Opful3emoAXItm
0N/K/6f4GV0=
=mgeA
-----END PGP SIGNATURE-----

N
N
Nicolas Graves wrote on 11 Oct 2022 14:18
Re: [bug#58381] [PATCH 1/3] gnu: Add go-github-com-go-piv-piv-go.
(name . Christopher Baines)(address . mail@cbaines.net)
878rlmwo2x.fsf@ngraves.fr
On 2022-10-11 11:48, Christopher Baines wrote:

Toggle quote (6 lines)
> What relation does pcsc-lite have to this package, and why does it need
> to be propagated?
>
> If this can be avoid, that would be good. Otherwise it would be good to
> mention why the propagation is needed in a comment.

For piv-go, in their README:

To build on Linux, piv-go requires PCSC lite. To install on Debian-based distros, run:
sudo apt-get install libpcsclite-dev

==> So probably no need to propagate here.

----

For yubikey-agent:

The package relies on pcscd (daemon) to run on linux, which is already
available in guix. Maybe it's better to say that in the README ? Instead
of the package, what it needs is actually the service.

I've also written some tested lines for a yubikey-agent
configuration/feature (as done in the RDE project) shepherd service,
although as it is really tiny, I didn't know if I should've contributed
this.

It looks like that, and did work (it also depends on the acceptance of
the patch https://issues.guix.gnu.org/52900in this case):

(define* (feature-yubikey-agent
#:key
(yubikey-agent yubikey-agent))
"Configure Yubikey-Agent."
(ensure-pred file-like? yubikey-agent)

(define (get-system-services _)
(list
(service pcscd-service-type)
(udev-rules-service
'yubikey
(file->udev-rule
"70-u2f.rules"
(file-append libfido2 "/udev/rules.d/70-u2f.rules")))))

;; (define (get-home-services config)
;; (list
;; ;; MAYBE: It should be installed system-wide?
;; (simple-service
;; 'yubikey-agent-add-yubikey-agent-package
;; home-profile-service-type
;; (list yubikey-agent))
;; (simple-service
;; 'start-yubikey-agent-at-startup
;; home-shepherd-service-type
;; (list (shepherd-service
;; (documentation "Run the yubikey-agent.")
;; (provision '(yubikey-agent))
;; (requirement '())
;; (start #~(make-forkexec-constructor
;; (list (string-append
;; #$yubikey-agent "/bin/yubikey-agent")
;; "-l" "/tmp/yubikey-agent.sock")))
;; (stop #~(make-kill-destructor)))))))

(feature
(name 'yubikey-agent)
(values `((yubikey-agent . ,yubikey-agent)))
(system-services-getter get-system-services)
;; (home-services-getter get-home-services)
))


I'm not sure what would be the guideline here regarding doing or
avoiding propagations. WDYT? (I'm sending a V2 once I have a clearer
idea of what makes sense).

---

From the package README:

On Arch, use [the `yubikey-agent` package](https://aur.archlinux.org/packages/yubikey-agent/)from the AUR.

```
cd yubikey-agent && makepkg -si

systemctl daemon-reload --user
sudo systemctl enable --now pcscd.socket
systemctl --user enable --now yubikey-agent

export SSH_AUTH_SOCK="${XDG_RUNTIME_DIR}/yubikey-agent/yubikey-agent.sock"
```
--
Best regards,
Nicolas Graves
C
C
Christopher Baines wrote on 13 Oct 2022 12:58
(name . Nicolas Graves)(address . ngraves@ngraves.fr)(address . 58381@debbugs.gnu.org)
875ygo7zqw.fsf@cbaines.net
Nicolas Graves <ngraves@ngraves.fr> writes:

Toggle quote (78 lines)
> On 2022-10-11 11:48, Christopher Baines wrote:
>
>> What relation does pcsc-lite have to this package, and why does it need
>> to be propagated?
>>
>> If this can be avoid, that would be good. Otherwise it would be good to
>> mention why the propagation is needed in a comment.
>
> For piv-go, in their README:
>
> To build on Linux, piv-go requires PCSC lite. To install on Debian-based distros, run:
> sudo apt-get install libpcsclite-dev
>
> ==> So probably no need to propagate here.
>
> ----
>
> For yubikey-agent:
>
> The package relies on pcscd (daemon) to run on linux, which is already
> available in guix. Maybe it's better to say that in the README ? Instead
> of the package, what it needs is actually the service.
>
> I've also written some tested lines for a yubikey-agent
> configuration/feature (as done in the RDE project) shepherd service,
> although as it is really tiny, I didn't know if I should've contributed
> this.
>
> It looks like that, and did work (it also depends on the acceptance of
> the patch https://issues.guix.gnu.org/52900 in this case):
>
> (define* (feature-yubikey-agent
> #:key
> (yubikey-agent yubikey-agent))
> "Configure Yubikey-Agent."
> (ensure-pred file-like? yubikey-agent)
>
> (define (get-system-services _)
> (list
> (service pcscd-service-type)
> (udev-rules-service
> 'yubikey
> (file->udev-rule
> "70-u2f.rules"
> (file-append libfido2 "/udev/rules.d/70-u2f.rules")))))
>
> ;; (define (get-home-services config)
> ;; (list
> ;; ;; MAYBE: It should be installed system-wide?
> ;; (simple-service
> ;; 'yubikey-agent-add-yubikey-agent-package
> ;; home-profile-service-type
> ;; (list yubikey-agent))
> ;; (simple-service
> ;; 'start-yubikey-agent-at-startup
> ;; home-shepherd-service-type
> ;; (list (shepherd-service
> ;; (documentation "Run the yubikey-agent.")
> ;; (provision '(yubikey-agent))
> ;; (requirement '())
> ;; (start #~(make-forkexec-constructor
> ;; (list (string-append
> ;; #$yubikey-agent "/bin/yubikey-agent")
> ;; "-l" "/tmp/yubikey-agent.sock")))
> ;; (stop #~(make-kill-destructor)))))))
>
> (feature
> (name 'yubikey-agent)
> (values `((yubikey-agent . ,yubikey-agent)))
> (system-services-getter get-system-services)
> ;; (home-services-getter get-home-services)
> ))
>
>
> I'm not sure what would be the guideline here regarding doing or
> avoiding propagations. WDYT? (I'm sending a V2 once I have a clearer
> idea of what makes sense).

I'd try avoiding all the propagated inputs and then tackle the issue of
getting the service working separately.

Thanks,

Chris
-----BEGIN PGP SIGNATURE-----

iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmNH8EdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh
aW5lcy5uZXQACgkQXiijOwuE9Xcpvg//Tj7H9Ll1ouz0bXBAsI8mWMzXMZpZQcE4
yD+jX1EznF+nF4eDSAjyrI0Caf+L9I5WicpWERfuBTFZAQ73bUHJPxwOczf4/ULu
ycbqpE4VITap5IDqPHSf9P34qkc1GBtJTUPX3Q/z9ACbLxgzvJY3K3Eg45trXm/d
CG3KHnxM3meFWd1D4zSnisUoBk80gJnFT4iLyl5vdJ018CawzWPhPL4gOfKzPwPD
OWeLoITtfcYR7OqU2jM4wQoWaSTZp0x441Upt9jWxedtd9Yd+R40b5hMXIIv7dsp
b93ys0pW4RxpOnWtN0kHAH7ro5zJleyMGCfYpjW7bcmd0EIY+S9B6PB245sH+p/g
2ANg9i2rPM2hRHMeotYCOtw+Gg70zqRGvzHlCky2arm18UrAuH14tJmknSCCd5RH
KODVtW1Rgm0d3mdI67RNGMokhflO5Lfp/NySOCfCHrPz48d932BF0xWqmRSBnuTA
ZTAPbx6yhB8bTtXulb5fGnswGq76QzuKvEX44+m9PU1dBW128bd96lkxPVv8yXQA
na38stuFyf74emQr9NOZDdN9Clm2Tn9b+2QNHGrv2VqebcbGEWG0U+OupwfPCcCJ
FoR/MufQCht6FIGyeY7URCcT1lHh0BwFypsRzYgtnAqmX45gQSN4viPt0r+PWbz5
iRGCdm2KsYg=
=YbN1
-----END PGP SIGNATURE-----

L
L
Ludovic Courtès wrote on 18 Oct 2022 14:41
control message for bug #58381
(address . control@debbugs.gnu.org)
87lepdnw1e.fsf@gnu.org
tags 58381 + moreinfo
quit
N
N
Nicolas Graves wrote on 23 Oct 2022 11:03
[PATCH 1/3] gnu: Add go-github-com-go-piv-piv-go.
(address . 58381@debbugs.gnu.org)(address . ngraves@ngraves.fr)
20221023090333.29383-1-ngraves@ngraves.fr
* gnu/packages/security-token.scm (go-github-com-go-piv-piv-go): New variable.
---
gnu/packages/security-token.scm | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)

Toggle diff (53 lines)
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 447a7a582d..a286f7a631 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -17,6 +17,7 @@
;;; Copyright © 2022 John Kehayias <john.kehayias@protonmail.com>
;;; Copyright © 2022 Petr Hodina <phodina@protonmail.com>
;;; Copyright © 2022 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
+;;; Copyright © 2022 Nicolas Graves <ngraves@ngraves.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -44,6 +45,7 @@ (define-module (gnu packages security-token)
#:use-module (guix build-system cargo)
#:use-module (guix build-system cmake)
#:use-module (guix build-system gnu)
+ #:use-module (guix build-system go)
#:use-module (guix build-system glib-or-gtk)
#:use-module (guix build-system python)
#:use-module (gnu packages autotools)
@@ -967,3 +969,30 @@ (define-public cardpeek
It also has limited support for Mifare Classic compatible cards (Thalys card)")
(license license:gpl3+)
(home-page "http://pannetrat.com/Cardpeek")))
+
+(define-public go-github-com-go-piv-piv-go
+ (package
+ (name "go-github-com-go-piv-piv-go")
+ (version "1.10.0")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/go-piv/piv-go")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "1j2szvvwgd0ysbap42rap4f60pj4smmmrxjlx0y131l3ki6v6gdm"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/go-piv/piv-go/piv"
+ #:unpack-path "github.com/go-piv/piv-go"
+ #:tests? #f))
+ (inputs (list pcsc-lite))
+ (native-inputs (list pkg-config))
+ (home-page "https://github.com/go-piv/piv-go")
+ (synopsis "A Go YubiKey PIV implementation")
+ (description "YubiKeys implement the PIV specification for managing smart
+card certificates. This package provides a simpler alternative to GPG for
+managing asymmetric keys on a YubiKey.")
+ (license license:asl2.0)))
--
2.38.0
N
N
Nicolas Graves wrote on 23 Oct 2022 11:03
[PATCH 2/3] gnu: Add go-github-com-twpayne-go-pinentry-minimal.
(address . 58381@debbugs.gnu.org)(address . ngraves@ngraves.fr)
20221023090333.29383-2-ngraves@ngraves.fr
* gnu/packages/security-token.scm (go-github-com-twpayne-go-pinentry-minimal): New variable.
---
gnu/packages/security-token.scm | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)

Toggle diff (35 lines)
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index a286f7a631..78a6388006 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -996,3 +996,28 @@ (define-public go-github-com-go-piv-piv-go
card certificates. This package provides a simpler alternative to GPG for
managing asymmetric keys on a YubiKey.")
(license license:asl2.0)))
+
+(define-public go-github-com-twpayne-go-pinentry-minimal
+ (package
+ (name "go-github-com-twpayne-go-pinentry-minimal")
+ (version "0.0.0-20220113210447-2a5dc4396c2a")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/twpayne/go-pinentry-minimal")
+ (commit (go-version->git-ref version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "1rzy0r8bf6qhfvymsg36db07pgrv10kn0yanc12ph73mg9rw2qgz"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/twpayne/go-pinentry-minimal/pinentry"
+ #:unpack-path "github.com/twpayne/go-pinentry-minimal"))
+ (home-page "https://github.com/twpayne/go-pinentry-minimal")
+ (synopsis "Pinentry client")
+ (description
+ "This package provides a minimal client to GnuPG's pinentry,
+which only depends on Go's standard library. It is a fork of
+@url{https://github.com/twpayne/go-pinentry}.")
+ (license license:expat)))
--
2.38.0
N
N
Nicolas Graves wrote on 23 Oct 2022 11:03
[PATCH 3/3] gnu: Add yubikey-agent.
(address . 58381@debbugs.gnu.org)(address . ngraves@ngraves.fr)
20221023090333.29383-3-ngraves@ngraves.fr
* gnu/packages/security-token.scm (yubikey-agent): New variable.
---
gnu/packages/security-token.scm | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)

Toggle diff (49 lines)
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 78a6388006..a6782804fd 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -62,6 +62,7 @@ (define-module (gnu packages security-token)
#:use-module (gnu packages graphviz)
#:use-module (gnu packages gnome)
#:use-module (gnu packages gnupg)
+ #:use-module (gnu packages golang)
#:use-module (gnu packages gtk)
#:use-module (gnu packages libusb)
#:use-module (gnu packages linux)
@@ -1021,3 +1022,34 @@ (define-public go-github-com-twpayne-go-pinentry-minimal
which only depends on Go's standard library. It is a fork of
@url{https://github.com/twpayne/go-pinentry}.")
(license license:expat)))
+
+(define-public yubikey-agent
+ (let* ((commit "6d9db9c29100daacbe83e74653c79c94acc5958d")
+ (revision "1"))
+ (package
+ (name "yubikey-agent")
+ (version (git-version "0" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/FiloSottile/yubikey-agent")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "06y2qjq0m365sdl6inxzfnqyd346i5sgfis5crw2zmgsl1q5kdws"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "filippo.io/yubikey-agent"))
+ (inputs
+ (list go-golang-org-x-term
+ go-golang-org-x-sys
+ go-golang-org-x-crypto
+ go-github-com-twpayne-go-pinentry-minimal
+ go-github-com-go-piv-piv-go
+ pcsc-lite))
+ (native-inputs (list pkg-config))
+ (home-page "https://filippo.io/yubikey-agent")
+ (synopsis "yubikey-agent")
+ (description "yubikey-agent is a seamless ssh-agent for YubiKeys.")
+ (license license:bsd-3))))
--
2.38.0
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 58381@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 58381
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch