From nobody Thu Jun 23 15:22:09 2022 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 7E5EA87DDE7; Thu, 23 Jun 2022 15:22:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LTPB92mmtz4nn6; Thu, 23 Jun 2022 15:22:09 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1655997729; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fWncT6RHk/6zYVNgx51yyTYxFK9BQ2w5plseJ0nahAE=; b=RyM6XXqM9/H9O/d5NZ1e/8LtNMO2ThhqryH33C6IuH1qOw9uokyckrHYArBAv2od1lVeK8 IG+5UuU+0jh4TagfDbQgkgAGLYFfZ7pcAC4BJQQEnZxIxUwF6gjJDmz7phxoVcW9/+hCGo 33G4MfwXmTVXj2mJfeOeb6j9eLwQgDe/wsLs0TYpBkHhj3/R8UWFzzjdrbK8l7y5T6DuCz r8zN1CS3WmtUhkGYxpy/8JprBJotvQGYU4bHq9UEBHmaYWincSJg05AGE5LnHNx/yyNnvr fbtnNzLkPApqbVz/QNMIsxjEnv7p+DO/UUFb40TYDqGiuWlkRnMWL4Qr3fQcUg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3E74F1D676; Thu, 23 Jun 2022 15:22:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 25NFM9vW081032; Thu, 23 Jun 2022 15:22:09 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 25NFM9Qx081031; Thu, 23 Jun 2022 15:22:09 GMT (envelope-from git) Date: Thu, 23 Jun 2022 15:22:09 GMT Message-Id: <202206231522.25NFM9Qx081031@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Michael Gmelin Subject: git: 95299192d7e9 - main - security/py-yubikey-manager: Add OTP HID support for FreeBSD List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: grembo X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 95299192d7e94b6fcb1e345c36d85ad989f6c42d Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1655997729; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fWncT6RHk/6zYVNgx51yyTYxFK9BQ2w5plseJ0nahAE=; b=kZdbm3ovwzXriWaFhnNy8GVE2zIaL6K+PzLiRRGUaPYGGqbnxDxSVmwh5SBBAdD2HH59Kq y1I8GGs903Lef8agEFm4jtv5PbRxE0p+vYpOauY0COtpAdGgYPht6CiB8mlRpSD0dQWyF+ kM9Y0U//P2cmBlZKb4385r4dmbw5FmpbK0/bOwtLZULvX6lNLHCMIdWSxdqjY9tLREWdcS RfwCtjRUXZX8Lo/em2/tH2bqmf1+3ffx3w+v02LTbmihqzfkZJ2LyiPEfKMiSHcei0fLLj yHD4OGNseEAmUQvnmL6L3zDzjpK6khYS837KacILaQmU/U6bMMssRUwJ2tm33g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1655997729; a=rsa-sha256; cv=none; b=Ohxo3bVPitfb3RniAxyAnwWPypQuuGf6qd6z+FWVfsAaXRLyHFKV7xVnGLSAuDIwIbwEyc hGcs41kygRIQ1jUfe3pgA40klyGNIZ1uu7A32WAK+j27/2ofBLqQ2C6YAG1aO7rFjFCbyJ SARdPDb2okl2WrttjeEr4c5ugSGMSf0twU1VFpw0iJDDdkXsVodzKZMqg2wJ7q1yFz2Y2t c4VPlCEDTETM/KYmfxtBZnWIrB5Hidum20RbBjmEIP63UztRIA3C3cMPTCf4MxyMrmw1hX lZ4QQyMmh0PIVdTMzC19vk2klvGYP6zpYC7Z5wg+eeVimQeo53tQQBrO4WqQHw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by grembo: URL: https://cgit.FreeBSD.org/ports/commit/?id=95299192d7e94b6fcb1e345c36d85ad989f6c42d commit 95299192d7e94b6fcb1e345c36d85ad989f6c42d Author: Michael Gmelin AuthorDate: 2022-05-27 13:13:56 +0000 Commit: Michael Gmelin CommitDate: 2022-06-23 15:20:24 +0000 security/py-yubikey-manager: Add OTP HID support for FreeBSD This makes yubikey-manager usable on FreeBSD again. FreeBSD support was broken since reliance on libusb and libykpersonalize was dropped upstream in 4.0.0. This supports the classic uhid(4) driver and the more modern hidraw(4) driver. See: https://github.com/Yubico/yubikey-manager/pull/504 As I had to redo the patch after the update to 4.0.9, I took the chance to add unit test support (`make test`). A future change could remove the dependency on ykpersonalize. PR: 263916 Approved by: egypcio (maintainer timeout, about 4 weeks) --- security/py-yubikey-manager/Makefile | 9 +- .../py-yubikey-manager/files/patch-README.adoc | 47 ++++ .../files/patch-ykman_hid_____init____.py | 12 + .../files/patch-ykman_hid_freebsd.py | 301 +++++++++++++++++++++ security/py-yubikey-manager/pkg-message | 34 +++ 5 files changed, 401 insertions(+), 2 deletions(-) diff --git a/security/py-yubikey-manager/Makefile b/security/py-yubikey-manager/Makefile index 535277195cbe..af756323aab3 100644 --- a/security/py-yubikey-manager/Makefile +++ b/security/py-yubikey-manager/Makefile @@ -1,5 +1,6 @@ PORTNAME= yubikey-manager PORTVERSION= 4.0.9 +PORTREVISION= 1 CATEGORIES= security python MASTER_SITES= CHEESESHOP PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -21,9 +22,13 @@ RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}click>0:devel/py-click@${PY_FLAVOR} \ pcsc-spy:devel/pcsc-lite \ u2f-host:security/libu2f-host \ ykpersonalize:security/ykpers +TEST_DEPENDS= ${PYTHON_PKGNAMEPREFIX}makefun>0:devel/py-makefun@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}pytest>0:devel/py-pytest@${PY_FLAVOR} -USES= python:3.6+ -USE_PYTHON= autoplist concurrent distutils +USES= dos2unix python:3.6+ +USE_PYTHON= autoplist concurrent distutils unittest + +DOS2UNIX_GLOB= *.adoc *.py NO_ARCH= yes diff --git a/security/py-yubikey-manager/files/patch-README.adoc b/security/py-yubikey-manager/files/patch-README.adoc new file mode 100644 index 000000000000..2c7ab76bfda9 --- /dev/null +++ b/security/py-yubikey-manager/files/patch-README.adoc @@ -0,0 +1,47 @@ +See https://github.com/Yubico/yubikey-manager/commit/ecd7897b3f02054 +--- README.adoc.orig 2022-05-27 13:02:44 UTC ++++ README.adoc +@@ -106,8 +106,43 @@ installed on FreeBSD. It's available via its ports tre + Should you opt to install and use YubiKey Manager on this platform, please be aware + that it's **NOT** maintained by Yubico. + ++To install the binary package, use `pkg install pyXY-yubikey-manager`, with `pyXY` ++specifying the version of Python the package was built for, so in order to install ++YubiKey Manager for Python 3.8, use: ++ ++ # pkg install py38-yubikey-manager ++ + For more information about how to install packages or ports on FreeBSD, please refer + to its official documentation: https://docs.freebsd.org/en/books/handbook/ports[FreeBSD Handbook]. ++ ++In order to use `ykman otp` commands, you need to make sure the _uhid(4)_ driver ++attaches to the USB device: ++ ++ # usbconfig ugenX.Y add_quirk UQ_KBD_IGNORE ++ # usbconfig ugenX.Y reset ++ ++The correct device to operate on _(ugenX.Y)_ can be determined using ++`usbconfig list`. ++ ++When using FreeBSD 13 or higher, you can switch to the more modern _hidraw(4)_ ++driver. This allows YubiKey Manager to access OTP HID in a non-exclusive way, ++so that the key will still function as a USB keyboard: ++ ++ # sysrc kld_list+="hidraw hkbd" ++ # cat >>/boot/loader.conf<>/boot/loader.conf< ++HIDIOCGRAWINFO = 0x40085520 ++HIDIOCGRDESC = 0x2000551F ++HIDIOCGRDESCSIZE = 0x4004551E ++HIDIOCGFEATURE_9 = 0xC0095524 ++HIDIOCSFEATURE_9 = 0x80095523 ++ ++ ++class HidrawConnection(OtpConnection): ++ """ ++ hidraw(4) is FreeBSD's modern raw access driver, based on usbhid(4). ++ It is available since FreeBSD 13 and can be activated by adding ++ `hw.usb.usbhid.enable="1"` to `/boot/loader.conf`. The actual kernel ++ module is loaded with `kldload hidraw`. ++ """ ++ ++ def __init__(self, path): ++ self.fd = os.open(path, os.O_RDWR) ++ ++ def close(self): ++ os.close(self.fd) ++ ++ def receive(self): ++ buf = bytearray(1 + 8) ++ fcntl.ioctl(self.fd, HIDIOCGFEATURE_9, buf, True) ++ return buf[1:] ++ ++ def send(self, data): ++ buf = bytes([0]) + data ++ fcntl.ioctl(self.fd, HIDIOCSFEATURE_9, buf) ++ ++ @staticmethod ++ def get_info(dev): ++ buf = bytearray(4 + 2 + 2) ++ fcntl.ioctl(dev, HIDIOCGRAWINFO, buf, True) ++ return struct.unpack("B", data)[0], data[1:] ++ key, size = REPORT_DESCRIPTOR_KEY_MASK & head, SIZE_MASK & head ++ value = struct.unpack_from(">/boot/loader.conf<