From nobody Thu Sep 30 13:01:07 2021 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 7BF85175A75E for ; Thu, 30 Sep 2021 13:01:11 +0000 (UTC) (envelope-from manu@bidouilliste.com) Received: from mx.blih.net (mail.blih.net [212.83.155.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mx.blih.net", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HKtfG0hhfz3R0y; Thu, 30 Sep 2021 13:01:09 +0000 (UTC) (envelope-from manu@bidouilliste.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bidouilliste.com; s=mx; t=1633006868; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TpMxlKtIMQ9BJwFjCH5LjM5PwiU2KyVvD+Rw8TQ1HKQ=; b=Qnbe8vsZJ6ieh+LZjvMtM4uh9OWCBMw9qr58iBzcnTe9dXmWgNFR8S4XAHOSQQRLMF5p+B 6dMmQSniCrlIHGGIgRH8/2YZMmfkgYTP3b8dQibuI49Yn+BUCrqMVpKZ0stizeHeZzsWIA ptAsT5QtNJER6ORNeUjrp/3WRgBu82U= Received: from amy (lfbn-idf2-1-644-191.w86-247.abo.wanadoo.fr [86.247.100.191]) by mx.blih.net (OpenSMTPD) with ESMTPSA id 26090024 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Thu, 30 Sep 2021 13:01:08 +0000 (UTC) Date: Thu, 30 Sep 2021 15:01:07 +0200 From: Emmanuel Vadot To: Ed Maste Cc: FreeBSD Hackers Subject: Re: Heads-up: importing libcbor and libfido2 into the base system Message-Id: <20210930150107.fa784d3d6d465c458bdd3d0f@bidouilliste.com> In-Reply-To: References: X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd14.0) List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4HKtfG0hhfz3R0y X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=bidouilliste.com header.s=mx header.b=Qnbe8vsZ; dmarc=pass (policy=none) header.from=bidouilliste.com; spf=pass (mx1.freebsd.org: domain of manu@bidouilliste.com designates 212.83.155.74 as permitted sender) smtp.mailfrom=manu@bidouilliste.com X-Spamd-Result: default: False [-3.50 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[bidouilliste.com:s=mx]; FREEFALL_USER(0.00)[manu]; FROM_HAS_DN(0.00)[]; MV_CASE(0.50)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; R_SPF_ALLOW(-0.20)[+ip4:212.83.155.74/32]; NEURAL_HAM_LONG(-1.00)[-1.000]; MID_RHS_MATCH_FROM(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[bidouilliste.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[bidouilliste.com,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:12876, ipnet:212.83.128.0/19, country:FR]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-ThisMailContainsUnwantedMimeParts: N On Sat, 18 Sep 2021 11:59:30 -0400 Ed Maste wrote: > To enable FIDO/U2F support in OpenSSH I intend to import two > dependencies into the base system: > > Name: libcbor > URL: https://github.com/PJK/libcbor > License: MIT > > Name: libfido2 > URL: https://github.com/Yubico/libfido2 > License: BSD-2-Clause > > I currently expect to make them PRIVATELIBs. This means they will be > available for use only by the base system, and the import will have no > impact on the ports tree. Plan looks good. To have something that works out of the box we will need some devd config file like we have in the security/u2f-devd port. Then it's just a matter of adding the user to the u2f group to be able to use fido keys with ssh (or firefox). -- Emmanuel Vadot