From debbugs-submit-bounces@debbugs.gnu.org Tue Oct 11 08:19:03 2022 Received: (at submit) by debbugs.gnu.org; 11 Oct 2022 12:19:03 +0000 Received: from localhost ([127.0.0.1]:51312 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oiEDv-0000w7-3M for submit@debbugs.gnu.org; Tue, 11 Oct 2022 08:19:03 -0400 Received: from lists.gnu.org ([209.51.188.17]:51804) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oiEDt-0000vc-Dp for submit@debbugs.gnu.org; Tue, 11 Oct 2022 08:19:02 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:35810) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oiEDt-0001C0-20 for guix-patches@gnu.org; Tue, 11 Oct 2022 08:19:01 -0400 Received: from 16.mo583.mail-out.ovh.net ([87.98.174.144]:49687) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oiEDl-0006Jg-7K for guix-patches@gnu.org; Tue, 11 Oct 2022 08:19:00 -0400 Received: from player778.ha.ovh.net (unknown [10.110.208.44]) by mo583.mail-out.ovh.net (Postfix) with ESMTP id 5F6A124F9C for ; Tue, 11 Oct 2022 12:18:41 +0000 (UTC) Received: from ngraves.fr (met42-h01-213-44-161-47.dsl.sta.abo.bbox.fr [213.44.161.47]) (Authenticated sender: ngraves@ngraves.fr) by player778.ha.ovh.net (Postfix) with ESMTPSA id 683052F81772C; Tue, 11 Oct 2022 12:18:36 +0000 (UTC) Authentication-Results: garm.ovh; auth=pass (GARM-95G00189153e19-21c0-46e0-b342-b38f27628ea8, CAD2B4A3459146A86F0B95563822EA9C8829CA61) smtp.auth=ngraves@ngraves.fr X-OVh-ClientIp: 213.44.161.47 From: Nicolas Graves To: Christopher Baines Subject: Re: [bug#58381] [PATCH 1/3] gnu: Add go-github-com-go-piv-piv-go. In-Reply-To: <87pmeyab3i.fsf@cbaines.net> References: <87r0zil1bh.fsf@ngraves.fr> <20221008163932.15808-1-ngraves@ngraves.fr> <87pmeyab3i.fsf@cbaines.net> Date: Tue, 11 Oct 2022 14:18:30 +0200 Message-ID: <878rlmwo2x.fsf@ngraves.fr> MIME-Version: 1.0 Content-Type: text/plain X-Ovh-Tracer-Id: 6854478634336772858 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 0 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedvfedrfeejiedggeeiucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucenucfjughrpefhvfevufgjfhffkfggtgesthdtredttddttdenucfhrhhomheppfhitgholhgrshcuifhrrghvvghsuceonhhgrhgrvhgvshesnhhgrhgrvhgvshdrfhhrqeenucggtffrrghtthgvrhhnpeektedtleefheekieehjeelhfejgfdvieeikeekfeejteeutdehgeffjeelvdekkeenucffohhmrghinhepghhnuhdrohhrghdprghrtghhlhhinhhugidrohhrghenucfkphepuddvjedrtddrtddruddpvddufedrgeegrdduiedurdegjeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeduvdejrddtrddtrddupdhmrghilhhfrhhomhepoehnghhrrghvvghssehnghhrrghvvghsrdhfrheqpdhnsggprhgtphhtthhopedupdhrtghpthhtohepghhuihigqdhprghttghhvghssehgnhhurdhorhhgpdfovfetjfhoshhtpehmohehkeefpdhmohguvgepshhmthhpohhuth Received-SPF: pass client-ip=87.98.174.144; envelope-from=ngraves@ngraves.fr; helo=16.mo583.mail-out.ovh.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit Cc: 58381@debbugs.gnu.org, guix-patches@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) On 2022-10-11 11:48, Christopher Baines wrote: > What relation does pcsc-lite have to this package, and why does it need > to be propagated? > > If this can be avoid, that would be good. Otherwise it would be good to > mention why the propagation is needed in a comment. For piv-go, in their README: To build on Linux, piv-go requires PCSC lite. To install on Debian-based distros, run: sudo apt-get install libpcsclite-dev ==> So probably no need to propagate here. ---- For yubikey-agent: The package relies on pcscd (daemon) to run on linux, which is already available in guix. Maybe it's better to say that in the README ? Instead of the package, what it needs is actually the service. I've also written some tested lines for a yubikey-agent configuration/feature (as done in the RDE project) shepherd service, although as it is really tiny, I didn't know if I should've contributed this. It looks like that, and did work (it also depends on the acceptance of the patch https://issues.guix.gnu.org/52900 in this case): (define* (feature-yubikey-agent #:key (yubikey-agent yubikey-agent)) "Configure Yubikey-Agent." (ensure-pred file-like? yubikey-agent) (define (get-system-services _) (list (service pcscd-service-type) (udev-rules-service 'yubikey (file->udev-rule "70-u2f.rules" (file-append libfido2 "/udev/rules.d/70-u2f.rules"))))) ;; (define (get-home-services config) ;; (list ;; ;; MAYBE: It should be installed system-wide? ;; (simple-service ;; 'yubikey-agent-add-yubikey-agent-package ;; home-profile-service-type ;; (list yubikey-agent)) ;; (simple-service ;; 'start-yubikey-agent-at-startup ;; home-shepherd-service-type ;; (list (shepherd-service ;; (documentation "Run the yubikey-agent.") ;; (provision '(yubikey-agent)) ;; (requirement '()) ;; (start #~(make-forkexec-constructor ;; (list (string-append ;; #$yubikey-agent "/bin/yubikey-agent") ;; "-l" "/tmp/yubikey-agent.sock"))) ;; (stop #~(make-kill-destructor))))))) (feature (name 'yubikey-agent) (values `((yubikey-agent . ,yubikey-agent))) (system-services-getter get-system-services) ;; (home-services-getter get-home-services) )) I'm not sure what would be the guideline here regarding doing or avoiding propagations. WDYT? (I'm sending a V2 once I have a clearer idea of what makes sense). --- From the package README: On Arch, use [the `yubikey-agent` package](https://aur.archlinux.org/packages/yubikey-agent/) from the AUR. ``` git clone https://aur.archlinux.org/yubikey-agent.git cd yubikey-agent && makepkg -si systemctl daemon-reload --user sudo systemctl enable --now pcscd.socket systemctl --user enable --now yubikey-agent export SSH_AUTH_SOCK="${XDG_RUNTIME_DIR}/yubikey-agent/yubikey-agent.sock" ``` -- Best regards, Nicolas Graves