From nobody Tue Jun 07 11:53:50 2022
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id C781C12D0B51;
	Tue,  7 Jun 2022 11:53:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4LHTKB50DNz3Cfw;
	Tue,  7 Jun 2022 11:53:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1654602830;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=NGYsHH8E1WxeLm3AfLeljdQDsq7DAyYkN1SF6E2kUkM=;
	b=rqnyvFDWxAjZUohCwCDN/3fH2/RW+OkNAps1hVobOE4fuBQhoWo2z7lb2Mw64GGXLwnwYu
	IaUrPhxtkGt0+GfcOynDBw8xbLjiL4pGPzgaHwuaDbljeQzNF8/erLpVaT2VVUvXMA/1Yh
	R3d6FZhYqYPWHx9Kb+WVot3WYEz06pIjj4MPd0RbDI525wy53A12k+bPhgzbgr9ei8hoXL
	PlvI+jhMNkLGjW8RqwreC1x3APPmqmpwWG9x+MfI6tyirS/D0IXm114vjMz7YLq1MSWfKP
	RR6BJAF7csvH3adxT60zI7QBmAqw63z4fko2z14kmzZjjEeBJgh4cUJrBNKK7g==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8B7A31A2D8;
	Tue,  7 Jun 2022 11:53:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 257BroBc016444;
	Tue, 7 Jun 2022 11:53:50 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 257BroYD016443;
	Tue, 7 Jun 2022 11:53:50 GMT
	(envelope-from git)
Date: Tue, 7 Jun 2022 11:53:50 GMT
Message-Id: <202206071153.257BroYD016443@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Michael Gmelin <grembo@FreeBSD.org>
Subject: git: ce57b8b96961 - main - security/py-fido2: Fix and extend FreeBSD support
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-all@freebsd.org
X-BeenThere: dev-commits-ports-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: grembo
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: ce57b8b96961901188c60319459cfb5fcea13f03
Auto-Submitted: auto-generated
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1654602830;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=NGYsHH8E1WxeLm3AfLeljdQDsq7DAyYkN1SF6E2kUkM=;
	b=Xt31pFU+Mdil6uzoimAvmE+OvtvZ7oViHepCew0MwTChdYzUPQ/p4tYyDrcY4VPwkrzmhd
	2XKFIbYDhkmyxtTBfuxgj+qQ0+b7wbbyuPgmic1uZxJRlokoUn4M0Oe4SpqcSNvHnitXP0
	jCmrW2CzFqhZYp8/V+xin5JNvkdowXobW3UHIMJjLmH46huzepD7QEC/akEM4tWSBlbRN9
	AP96B5BB9fnMonugzBvdx83JXt5eonCRs+T9SDl4iQ24KiX53/XQBENvV9oVOm/X+V7IX7
	My8aOmPfu4hX4ojU8JUIUvrn2UoTSAF65mEWUmn+tT030Wq6YYGDUgwVD493Wg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1654602830; a=rsa-sha256; cv=none;
	b=JEWh+acJlP3aGnocw4MP1dMkWKnD+ALGDXMynktr4jC5pVjR6+lFvleWoHEw3XvJ+2t/p4
	BXN20kP+VL/e4laXHWdTaDGYC6YOg1q2/VSHSMwcJ47sLtZs7h5DE1LPHgFQ/w/x7cW80p
	gc0lyXUIYPZhwKu3qjUHtA2B6x83xubF6II9jP/tgbT2J+u6ITFJmLryd9nqxqVRqpM29f
	eodCTx1z4uwJ3NOWGpUZAHZ7DH5mXreGVvx4x2pH5td7pOfs0Z9nEwNZ1N1cYt2l8dY5XT
	8O741gHSwyBL5kjgE5g9h6NEaYCqlFMdakTHJQrczU20SduW84lISB0oHa6gkg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by grembo:

URL: https://cgit.FreeBSD.org/ports/commit/?id=ce57b8b96961901188c60319459cfb5fcea13f03

commit ce57b8b96961901188c60319459cfb5fcea13f03
Author:     Michael Gmelin <grembo@FreeBSD.org>
AuthorDate: 2022-05-27 09:27:56 +0000
Commit:     Michael Gmelin <grembo@FreeBSD.org>
CommitDate: 2022-06-07 11:51:57 +0000

    security/py-fido2: Fix and extend FreeBSD support
    
    This unbreaks FreeBSD support in general and adds support
    for FreeBSD 13's optional hidraw(4) driver.
    
    See https://github.com/Yubico/python-fido2/pull/139
    
    PR:             264281
    Approved by:    koobs (python, maintainer)
---
 security/py-fido2/Makefile                         |   1 +
 security/py-fido2/files/patch-fido2_hid_freebsd.py | 222 +++++++++++++++++++++
 2 files changed, 223 insertions(+)

diff --git a/security/py-fido2/Makefile b/security/py-fido2/Makefile
index b1c88628a94d..a2176170c194 100644
--- a/security/py-fido2/Makefile
+++ b/security/py-fido2/Makefile
@@ -1,5 +1,6 @@
 PORTNAME=	fido2
 PORTVERSION=	0.9.3
+PORTREVISION=	1
 CATEGORIES=	security python
 MASTER_SITES=	CHEESESHOP
 PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
diff --git a/security/py-fido2/files/patch-fido2_hid_freebsd.py b/security/py-fido2/files/patch-fido2_hid_freebsd.py
new file mode 100644
index 000000000000..78836b3c4d06
--- /dev/null
+++ b/security/py-fido2/files/patch-fido2_hid_freebsd.py
@@ -0,0 +1,222 @@
+See https://github.com/Yubico/python-fido2/commit/2a202d0e19fdb7be
+--- fido2/hid/freebsd.py.orig	2022-05-27 09:25:33 UTC
++++ fido2/hid/freebsd.py
+@@ -15,19 +15,39 @@
+ # Modified work Copyright 2020 Yubico AB. All Rights Reserved.
+ # This file, with modifications, is licensed under the above Apache License.
+ 
++# FreeBSD HID driver.
++#
++# There are two options to access UHID on FreeBSD:
++#
++# hidraw(4) - New method, not enabled by default
++#             on FreeBSD 13.x and earlier
++# uhid(4) - Classic method, default option on
++#           FreeBSD 13.x and earlier
++#
++# uhid is available since FreeBSD 13 and can be activated by adding
++# `hw.usb.usbhid.enable="1"` to `/boot/loader.conf`. The actual kernel
++# module is loaded with `kldload hidraw`.
+ 
+-from __future__ import absolute_import
++from __future__ import annotations
+ 
+ from ctypes.util import find_library
+ import ctypes
++import fcntl
+ import glob
+ import re
++import struct
+ import os
++from array import array
+ 
+ from .base import HidDescriptor, parse_report_descriptor, FileCtapHidConnection
+ 
+ import logging
++import sys
++from typing import Dict, Optional, Set, Union
+ 
++# Don't typecheck this file on Windows
++assert sys.platform != "win32"  # nosec
++
+ logger = logging.getLogger(__name__)
+ 
+ 
+@@ -39,9 +59,17 @@ sernum_re = re.compile('sernum="([^"]+)')
+ 
+ libc = ctypes.CDLL(find_library("c"))
+ 
++# /usr/include/dev/usb/usb_ioctl.h
+ USB_GET_REPORT_DESC = 0xC0205515
+ 
++# /usr/include/dev/hid/hidraw.h>
++HIDIOCGRAWINFO = 0x40085520
++HIDIOCGRDESC = 0x2000551F
++HIDIOCGRDESCSIZE = 0x4004551E
++HIDIOCGRAWNAME_128 = 0x40805521
++HIDIOCGRAWUNIQ_64 = 0x40405525
+ 
++
+ class usb_gen_descriptor(ctypes.Structure):
+     _fields_ = [
+         (
+@@ -62,8 +90,17 @@ class usb_gen_descriptor(ctypes.Structure):
+     ]
+ 
+ 
++class HidrawCtapHidConnection(FileCtapHidConnection):
++    def write_packet(self, packet):
++        # Prepend the report ID
++        super(HidrawCtapHidConnection, self).write_packet(b"\0" + packet)
++
++
+ def open_connection(descriptor):
+-    return FileCtapHidConnection(descriptor)
++    if descriptor.path.find(devdir + "hidraw") == 0:
++        return HidrawCtapHidConnection(descriptor)
++    else:
++        return FileCtapHidConnection(descriptor)
+ 
+ 
+ def _get_report_data(fd, report_type):
+@@ -71,7 +108,7 @@ def _get_report_data(fd, report_type):
+     desc = usb_gen_descriptor(
+         ugd_data=ctypes.addressof(data),
+         ugd_maxlen=ctypes.sizeof(data),
+-        report_type=report_type,
++        ugd_report_type=report_type,
+     )
+     ret = libc.ioctl(fd, USB_GET_REPORT_DESC, ctypes.byref(desc))
+     if ret != 0:
+@@ -104,16 +141,16 @@ def _enumerate():
+         if retval != 0:
+             continue
+ 
+-        dev = {}
++        dev: Dict[str, Optional[Union[str, int]]] = {}
+         dev["name"] = uhid[len(devdir) :]
+         dev["path"] = uhid
+ 
+         value = ovalue.value[: olen.value].decode()
+         m = vendor_re.search(value)
+-        dev["vendor_id"] = m.group(1) if m else None
++        dev["vendor_id"] = int(m.group(1), 16) if m else None
+ 
+         m = product_re.search(value)
+-        dev["product_id"] = m.group(1) if m else None
++        dev["product_id"] = int(m.group(1), 16) if m else None
+ 
+         m = sernum_re.search(value)
+         dev["serial_number"] = m.group(1) if m else None
+@@ -126,7 +163,49 @@ def _enumerate():
+         yield dev
+ 
+ 
++def get_hidraw_descriptor(path):
++    with open(path, "rb") as f:
++        # Read VID, PID
++        buf = array("B", [0] * (4 + 2 + 2))
++        fcntl.ioctl(f, HIDIOCGRAWINFO, buf, True)
++        _, vid, pid = struct.unpack("<IHH", buf)
++
++        # FreeBSD's hidraw(4) does not return string length for
++        # HIDIOCGRAWNAME and HIDIOCGRAWUNIQ, see https://reviews.freebsd.org/D35233
++
++        # Read product
++        buf = array("B", [0] * 129)
++        fcntl.ioctl(f, HIDIOCGRAWNAME_128, buf, True)
++        length = buf.index(0) + 1  # emulate ioctl return value
++        name = bytearray(buf[: (length - 1)]).decode("utf-8") if length > 1 else None
++
++        # Read unique ID
++        try:
++            buf = array("B", [0] * 65)
++            fcntl.ioctl(f, HIDIOCGRAWUNIQ_64, buf, True)
++            length = buf.index(0) + 1  # emulate ioctl return value
++            serial = (
++                bytearray(buf[: (length - 1)]).decode("utf-8") if length > 1 else None
++            )
++        except OSError:
++            serial = None
++
++        # Read report descriptor
++        buf = array("B", [0] * 4)
++        fcntl.ioctl(f, HIDIOCGRDESCSIZE, buf, True)
++        size = struct.unpack("<I", buf)[0]
++        buf += array("B", [0] * size)
++        fcntl.ioctl(f, HIDIOCGRDESC, buf, True)
++
++    data = bytearray(buf[4:])
++    max_in_size, max_out_size = parse_report_descriptor(data)
++    return HidDescriptor(path, vid, pid, max_in_size, max_out_size, name, serial)
++
++
+ def get_descriptor(path):
++    if path.find(devdir + "hidraw") == 0:
++        return get_hidraw_descriptor(path)
++
+     for dev in _enumerate():
+         if dev["path"] == path:
+             vid = dev["vendor_id"]
+@@ -137,21 +216,50 @@ def get_descriptor(path):
+     raise ValueError("Device not found")
+ 
+ 
++# Cache for continuously failing devices
++_failed_cache: Set[str] = set()
++
++
+ def list_descriptors():
++    stale = set(_failed_cache)
+     descriptors = []
+-    for dev in _enumerate():
++    for hidraw in glob.glob(devdir + "hidraw?*"):
++        stale.discard(hidraw)
+         try:
+-            name = dev["product_desc"] or None
+-            serial = (dev["serial_number"] if "serial_number" in dev else None) or None
+-            descriptors.append(
+-                _read_descriptor(
+-                    dev["vendor_id"], dev["product_id"], name, serial, dev["path"],
+-                )
+-            )
+-            logger.debug("Found CTAP device: %s", dev["path"])
++            descriptors.append(get_descriptor(hidraw))
+         except ValueError:
+             pass  # Not a CTAP device, ignore
+-        except Exception as e:
+-            logger.debug("Failed opening HID device", exc_info=e)
++        except Exception:
++            if hidraw not in _failed_cache:
++                logger.debug("Failed opening device %s", hidraw, exc_info=True)
++                _failed_cache.add(hidraw)
++
++    if not descriptors:
++        for dev in _enumerate():
++            path = dev["path"]
++            stale.discard(path)
++            try:
++                name = dev["product_desc"] or None
++                serial = (
++                    dev["serial_number"] if "serial_number" in dev else None
++                ) or None
++                descriptors.append(
++                    _read_descriptor(
++                        dev["vendor_id"],
++                        dev["product_id"],
++                        name,
++                        serial,
++                        path,
++                    )
++                )
++            except ValueError:
++                pass  # Not a CTAP device, ignore
++            except Exception:
++                if path not in _failed_cache:
++                    logger.debug("Failed opening HID device %s", path, exc_info=True)
++                    _failed_cache.add(path)
++
++    # Remove entries from the cache that were not seen
++    _failed_cache.difference_update(stale)
+ 
+     return descriptors