Add ykpivmgr and libs

Closes: #10277 [via git-merge-pr]
2017-12-30 10:08:38 +11:00 · 2017-12-30 10:08:38 +11:00 · 19c799af14
parent fc86e98d98
commit 19c799af14
7 changed files with 206 additions and 0 deletions
--- a/common/shlibs
+++ b/common/shlibs
@ -3023,3 +3023,5 @@ libr_crypto.so radare2-2.2.0_1
 libr_fs.so radare2-2.2.0_1
 libr_magic.so radare2-2.2.0_1
 libr_reg.so radare2-2.2.0_1
+libykpiv.so.1 libykpiv-1.5.0_1
+libykcs11.so.1 libykcs11-1.5.0_1
--- a/srcpkgs/libykcs11
+++ b/srcpkgs/libykcs11
@ -0,0 +1 @@
+ykpivmgr
--- a/srcpkgs/libykcs11-devel
+++ b/srcpkgs/libykcs11-devel
@ -0,0 +1 @@
+ykpivmgr
--- a/srcpkgs/libykpiv
+++ b/srcpkgs/libykpiv
@ -0,0 +1 @@
+ykpivmgr
--- a/srcpkgs/libykpiv-devel
+++ b/srcpkgs/libykpiv-devel
@ -0,0 +1 @@
+ykpivmgr
--- a/srcpkgs/ykpivmgr/patches/libressl.patch
+++ b/srcpkgs/ykpivmgr/patches/libressl.patch
@ -0,0 +1,132 @@
+diff --git tool/openssl-compat.c tool/openssl-compat.c
+index a51af90..bb37dfc 100644
+--- tool/openssl-compat.c
+++ tool/openssl-compat.c
+@@ -8,7 +8,7 @@
+  */
+ 
+ #include "openssl-compat.h"
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
+ 
+ #include <string.h>
+ #include <openssl/engine.h>
+@@ -80,4 +80,4 @@ void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
+         *pdigest = sig->digest;
+ }
+ 
+-#endif /* OPENSSL_VERSION_NUMBER */
+#endif /* OPENSSL_VERSION_NUMBER || LIBRESSL_VERSION_NUMBER */
+diff --git tool/openssl-compat.h tool/openssl-compat.h
+index 3700bea..bd1967b 100644
+--- tool/openssl-compat.h
+++ tool/openssl-compat.h
+@@ -13,7 +13,7 @@
+ #ifndef _WINDOWS
+ 
+ #include <openssl/opensslv.h>
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
+ 
+ #include <openssl/rsa.h>
+ #include <openssl/dsa.h>
+@@ -33,5 +33,5 @@ void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
+                    ASN1_OCTET_STRING **pdigest);
+ 
+ #endif /* _WINDOWS */
+-#endif /* OPENSSL_VERSION_NUMBER */
+#endif /* OPENSSL_VERSION_NUMBER || LIBRESSL_VERSION_NUMBER */
+ #endif /* LIBCRYPTO_COMPAT_H */
+diff --git tool/yubico-piv-tool.c tool/yubico-piv-tool.c
+index 89daa79..c8b3b84 100644
+--- tool/yubico-piv-tool.c
+++ tool/yubico-piv-tool.c
+@@ -124,7 +124,7 @@ static bool sign_data(ykpiv_state *state, const unsigned char *in, size_t len, u
+   return false;
+ }
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if !((OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER))
+ static int ec_key_ex_data_idx = -1;
+ 
+ struct internal_key {
+@@ -688,7 +688,7 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for
+     goto request_out;
+   }
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
+   memcpy(digest, oid, oid_len);
+   /* XXX: this should probably use X509_REQ_digest() but that's buggy */
+   if(!ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ_INFO), md, req->req_info,
+@@ -751,7 +751,7 @@ request_out:
+     EVP_PKEY_free(public_key);
+   }
+   if(req) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
+     if(req->sig_alg->parameter) {
+       req->sig_alg->parameter = NULL;
+     }
+@@ -884,7 +884,7 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
+   if(nid == 0) {
+     goto selfsign_out;
+   }
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
+   if(YKPIV_IS_RSA(algorithm)) {
+     signinput = digest;
+     len = oid_len + md_len;
+@@ -941,7 +941,7 @@ selfsign_out:
+     fclose(output_file);
+   }
+   if(x509) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
+     if(x509->sig_alg->parameter) {
+       x509->sig_alg->parameter = NULL;
+       x509->cert_info->signature->parameter = NULL;
+diff --git ykcs11/openssl_utils.c ykcs11/openssl_utils.c
+index 68fb29a..5a7f85d 100644
+--- ykcs11/openssl_utils.c
+++ ykcs11/openssl_utils.c
+@@ -165,7 +165,7 @@ CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa,
+   X509_set_notBefore(cert, tm);
+   X509_set_notAfter(cert, tm);
+ 
+-#if OPENSSL_VERSION_NUMBER < 10100000L
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
+   // Manually set the signature algorithms.
+   // OpenSSL 1.0.1i complains about empty DER fields
+   // 8 => md5WithRsaEncryption
+diff --git ykcs11/tests/ykcs11_tests.c ykcs11/tests/ykcs11_tests.c
+index 9fb51da..257c938 100644
+--- ykcs11/tests/ykcs11_tests.c
+++ ykcs11/tests/ykcs11_tests.c
+@@ -274,7 +274,7 @@ static void test_login() {
+ 
+ }
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if !((OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER))
+ static int bogus_sign(int dtype, const unsigned char *m, unsigned int m_length,
+                unsigned char *sigret, unsigned int *siglen, const RSA *rsa) {
+   sigret = malloc(1);
+@@ -385,7 +385,7 @@ static void test_import_and_sign_all_10() {
+   X509_set_notBefore(cert, tm);
+   X509_set_notAfter(cert, tm);
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
+   cert->sig_alg->algorithm = OBJ_nid2obj(8);
+   cert->cert_info->signature->algorithm = OBJ_nid2obj(8);
+ 
+@@ -583,7 +583,7 @@ static void test_import_and_sign_all_10_RSA() {
+   X509_set_notBefore(cert, tm);
+   X509_set_notAfter(cert, tm);
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
+   /* putting bogus data to signature to make some checks happy */
+   cert->sig_alg->algorithm = OBJ_nid2obj(8);
+   cert->cert_info->signature->algorithm = OBJ_nid2obj(8);
--- a/srcpkgs/ykpivmgr/template
+++ b/srcpkgs/ykpivmgr/template
@ -0,0 +1,68 @@
+# Template file for 'ykpivmgr'
+_real_name="yubico-piv-tool"
+_libpiv_name="libykpiv"
+_libpiv_desc="Yubikey PIV management library"
+_libykcs_name="libykcs11"
+_libykcs_desc="Yubikey PIV pkcs11 library"
+
+pkgname=ykpivmgr
+version=1.5.0
+revision=1
+wrksrc="${_real_name}-${version}"
+build_style=gnu-configure
+configure_args="--enable-doxygen-man --program-transform-name='s/^yubico-piv-tool$/ykpivmgr/'"
+hostmakedepends="automake libtool gengetopt pkg-config doxygen perl"
+makedepends="libressl-devel check-devel pcsclite-devel"
+short_desc="Yubikey PIV management tool"
+maintainer="Aloz1 <kno0001@gmail.com>"
+license="BSD"
+homepage="https://developers.yubico.com/${_real_name}"
+distfiles="https://developers.yubico.com/${_real_name}/Releases/${_real_name}-${version}.tar.gz"
+checksum=c18375179ba25bf9d61365b3903f033f112897bbd54ca63c62fa153f2d05aaab
+
+post_extract() {
+	sed -i '/^yubico-piv-tool.1/,$d' tool/Makefile.am
+}
+
+pre_configure() {
+	autoreconf -fi
+}
+
+post_install() {
+	vlicense COPYING
+}
+
+libykpiv_package() {
+	short_desc="${_libpiv_desc}"
+	pkg_install() {
+		vmove "usr/lib/${_libpiv_name}.so.*"
+	}
+}
+
+libykpiv-devel_package() {
+	short_desc="${_libpiv_desc} - Development files"
+	depends="${_libpiv_name}>=${version}_${revision}"
+	pkg_install() {
+		vmove "usr/include"
+		vmove "usr/lib/${_libpiv_name}.so"
+		vmove "usr/lib/${_libpiv_name}.a"
+		vmove "usr/lib/pkgconfig/ykpiv.pc"
+	}
+}
+
+libykcs11_package() {
+	short_desc="${_libykcs_desc}"
+	pkg_install() {
+		vmove "usr/lib/${_libykcs_name}.so.*"
+	}
+}
+
+libykcs11-devel_package() {
+	short_desc="${_libykcs_desc} - Development files"
+	depends="${_libykcs_name}>=${version}_${revision}"
+	pkg_install() {
+		vmove "usr/lib/${_libykcs_name}.a"
+		vmove "usr/lib/${_libykcs_name}.so"
+		vmove "usr/lib/pkgconfig/ykcs11.pc"
+	}
+}