diff --git a/common/shlibs b/common/shlibs index d3eb8d5b154..f17719175ae 100644 --- a/common/shlibs +++ b/common/shlibs @@ -3023,3 +3023,5 @@ libr_crypto.so radare2-2.2.0_1 libr_fs.so radare2-2.2.0_1 libr_magic.so radare2-2.2.0_1 libr_reg.so radare2-2.2.0_1 +libykpiv.so.1 libykpiv-1.5.0_1 +libykcs11.so.1 libykcs11-1.5.0_1 diff --git a/srcpkgs/libykcs11 b/srcpkgs/libykcs11 new file mode 120000 index 00000000000..b1ee8840e41 --- /dev/null +++ b/srcpkgs/libykcs11 @@ -0,0 +1 @@ +ykpivmgr \ No newline at end of file diff --git a/srcpkgs/libykcs11-devel b/srcpkgs/libykcs11-devel new file mode 120000 index 00000000000..b1ee8840e41 --- /dev/null +++ b/srcpkgs/libykcs11-devel @@ -0,0 +1 @@ +ykpivmgr \ No newline at end of file diff --git a/srcpkgs/libykpiv b/srcpkgs/libykpiv new file mode 120000 index 00000000000..b1ee8840e41 --- /dev/null +++ b/srcpkgs/libykpiv @@ -0,0 +1 @@ +ykpivmgr \ No newline at end of file diff --git a/srcpkgs/libykpiv-devel b/srcpkgs/libykpiv-devel new file mode 120000 index 00000000000..b1ee8840e41 --- /dev/null +++ b/srcpkgs/libykpiv-devel @@ -0,0 +1 @@ +ykpivmgr \ No newline at end of file diff --git a/srcpkgs/ykpivmgr/patches/libressl.patch b/srcpkgs/ykpivmgr/patches/libressl.patch new file mode 100644 index 00000000000..bb9d3cb4352 --- /dev/null +++ b/srcpkgs/ykpivmgr/patches/libressl.patch @@ -0,0 +1,132 @@ +diff --git tool/openssl-compat.c tool/openssl-compat.c +index a51af90..bb37dfc 100644 +--- tool/openssl-compat.c ++++ tool/openssl-compat.c +@@ -8,7 +8,7 @@ + */ + + #include "openssl-compat.h" +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) + + #include + #include +@@ -80,4 +80,4 @@ void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, + *pdigest = sig->digest; + } + +-#endif /* OPENSSL_VERSION_NUMBER */ ++#endif /* OPENSSL_VERSION_NUMBER || LIBRESSL_VERSION_NUMBER */ +diff --git tool/openssl-compat.h tool/openssl-compat.h +index 3700bea..bd1967b 100644 +--- tool/openssl-compat.h ++++ tool/openssl-compat.h +@@ -13,7 +13,7 @@ + #ifndef _WINDOWS + + #include +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) + + #include + #include +@@ -33,5 +33,5 @@ void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, + ASN1_OCTET_STRING **pdigest); + + #endif /* _WINDOWS */ +-#endif /* OPENSSL_VERSION_NUMBER */ ++#endif /* OPENSSL_VERSION_NUMBER || LIBRESSL_VERSION_NUMBER */ + #endif /* LIBCRYPTO_COMPAT_H */ +diff --git tool/yubico-piv-tool.c tool/yubico-piv-tool.c +index 89daa79..c8b3b84 100644 +--- tool/yubico-piv-tool.c ++++ tool/yubico-piv-tool.c +@@ -124,7 +124,7 @@ static bool sign_data(ykpiv_state *state, const unsigned char *in, size_t len, u + return false; + } + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if !((OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)) + static int ec_key_ex_data_idx = -1; + + struct internal_key { +@@ -688,7 +688,7 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for + goto request_out; + } + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) + memcpy(digest, oid, oid_len); + /* XXX: this should probably use X509_REQ_digest() but that's buggy */ + if(!ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ_INFO), md, req->req_info, +@@ -751,7 +751,7 @@ request_out: + EVP_PKEY_free(public_key); + } + if(req) { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) + if(req->sig_alg->parameter) { + req->sig_alg->parameter = NULL; + } +@@ -884,7 +884,7 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo + if(nid == 0) { + goto selfsign_out; + } +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) + if(YKPIV_IS_RSA(algorithm)) { + signinput = digest; + len = oid_len + md_len; +@@ -941,7 +941,7 @@ selfsign_out: + fclose(output_file); + } + if(x509) { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) + if(x509->sig_alg->parameter) { + x509->sig_alg->parameter = NULL; + x509->cert_info->signature->parameter = NULL; +diff --git ykcs11/openssl_utils.c ykcs11/openssl_utils.c +index 68fb29a..5a7f85d 100644 +--- ykcs11/openssl_utils.c ++++ ykcs11/openssl_utils.c +@@ -165,7 +165,7 @@ CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa, + X509_set_notBefore(cert, tm); + X509_set_notAfter(cert, tm); + +-#if OPENSSL_VERSION_NUMBER < 10100000L ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) + // Manually set the signature algorithms. + // OpenSSL 1.0.1i complains about empty DER fields + // 8 => md5WithRsaEncryption +diff --git ykcs11/tests/ykcs11_tests.c ykcs11/tests/ykcs11_tests.c +index 9fb51da..257c938 100644 +--- ykcs11/tests/ykcs11_tests.c ++++ ykcs11/tests/ykcs11_tests.c +@@ -274,7 +274,7 @@ static void test_login() { + + } + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if !((OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)) + static int bogus_sign(int dtype, const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, const RSA *rsa) { + sigret = malloc(1); +@@ -385,7 +385,7 @@ static void test_import_and_sign_all_10() { + X509_set_notBefore(cert, tm); + X509_set_notAfter(cert, tm); + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) + cert->sig_alg->algorithm = OBJ_nid2obj(8); + cert->cert_info->signature->algorithm = OBJ_nid2obj(8); + +@@ -583,7 +583,7 @@ static void test_import_and_sign_all_10_RSA() { + X509_set_notBefore(cert, tm); + X509_set_notAfter(cert, tm); + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) + /* putting bogus data to signature to make some checks happy */ + cert->sig_alg->algorithm = OBJ_nid2obj(8); + cert->cert_info->signature->algorithm = OBJ_nid2obj(8); diff --git a/srcpkgs/ykpivmgr/template b/srcpkgs/ykpivmgr/template new file mode 100644 index 00000000000..a25bff77272 --- /dev/null +++ b/srcpkgs/ykpivmgr/template @@ -0,0 +1,68 @@ +# Template file for 'ykpivmgr' +_real_name="yubico-piv-tool" +_libpiv_name="libykpiv" +_libpiv_desc="Yubikey PIV management library" +_libykcs_name="libykcs11" +_libykcs_desc="Yubikey PIV pkcs11 library" + +pkgname=ykpivmgr +version=1.5.0 +revision=1 +wrksrc="${_real_name}-${version}" +build_style=gnu-configure +configure_args="--enable-doxygen-man --program-transform-name='s/^yubico-piv-tool$/ykpivmgr/'" +hostmakedepends="automake libtool gengetopt pkg-config doxygen perl" +makedepends="libressl-devel check-devel pcsclite-devel" +short_desc="Yubikey PIV management tool" +maintainer="Aloz1 " +license="BSD" +homepage="https://developers.yubico.com/${_real_name}" +distfiles="https://developers.yubico.com/${_real_name}/Releases/${_real_name}-${version}.tar.gz" +checksum=c18375179ba25bf9d61365b3903f033f112897bbd54ca63c62fa153f2d05aaab + +post_extract() { + sed -i '/^yubico-piv-tool.1/,$d' tool/Makefile.am +} + +pre_configure() { + autoreconf -fi +} + +post_install() { + vlicense COPYING +} + +libykpiv_package() { + short_desc="${_libpiv_desc}" + pkg_install() { + vmove "usr/lib/${_libpiv_name}.so.*" + } +} + +libykpiv-devel_package() { + short_desc="${_libpiv_desc} - Development files" + depends="${_libpiv_name}>=${version}_${revision}" + pkg_install() { + vmove "usr/include" + vmove "usr/lib/${_libpiv_name}.so" + vmove "usr/lib/${_libpiv_name}.a" + vmove "usr/lib/pkgconfig/ykpiv.pc" + } +} + +libykcs11_package() { + short_desc="${_libykcs_desc}" + pkg_install() { + vmove "usr/lib/${_libykcs_name}.so.*" + } +} + +libykcs11-devel_package() { + short_desc="${_libykcs_desc} - Development files" + depends="${_libykcs_name}>=${version}_${revision}" + pkg_install() { + vmove "usr/lib/${_libykcs_name}.a" + vmove "usr/lib/${_libykcs_name}.so" + vmove "usr/lib/pkgconfig/ykcs11.pc" + } +}