Message ID | 20221008163932.15808-1-ngraves@ngraves.fr |
---|---|
State | New |
Headers | show |
Series | [bug#58381,1/3] gnu: Add go-github-com-go-piv-piv-go. | expand |
Context | Check | Description |
---|---|---|
cbaines/comparison | success | View comparision |
cbaines/git-branch | success | View Git branch |
cbaines/applying patch | success | View Laminar job |
cbaines/issue | success | View issue |
Nicolas Graves via Guix-patches via <guix-patches@gnu.org> writes: > * gnu/packages/security-token.scm (go-github-com-go-piv-piv-go): New variable. > --- > gnu/packages/security-token.scm | 29 +++++++++++++++++++++++++++++ > 1 file changed, 29 insertions(+) Hi Nicolas, These patches look pretty good to me, just some things to check with propagated-inputs though. > diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm > index 447a7a582d..3dc619ed4f 100644 > --- a/gnu/packages/security-token.scm > +++ b/gnu/packages/security-token.scm > @@ -17,6 +17,7 @@ > ;;; Copyright © 2022 John Kehayias <john.kehayias@protonmail.com> > ;;; Copyright © 2022 Petr Hodina <phodina@protonmail.com> > ;;; Copyright © 2022 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> > +;;; Copyright © 2022 Nicolas Graves <ngraves@ngraves.fr> > ;;; > ;;; This file is part of GNU Guix. > ;;; > @@ -44,6 +45,7 @@ (define-module (gnu packages security-token) > #:use-module (guix build-system cargo) > #:use-module (guix build-system cmake) > #:use-module (guix build-system gnu) > + #:use-module (guix build-system go) > #:use-module (guix build-system glib-or-gtk) > #:use-module (guix build-system python) > #:use-module (gnu packages autotools) > @@ -967,3 +969,30 @@ (define-public cardpeek > It also has limited support for Mifare Classic compatible cards (Thalys card)") > (license license:gpl3+) > (home-page "http://pannetrat.com/Cardpeek"))) > + > +(define-public go-github-com-go-piv-piv-go > + (package > + (name "go-github-com-go-piv-piv-go") > + (version "1.10.0") > + (source > + (origin > + (method git-fetch) > + (uri (git-reference > + (url "https://github.com/go-piv/piv-go") > + (commit (string-append "v" version)))) > + (file-name (git-file-name name version)) > + (sha256 > + (base32 "1j2szvvwgd0ysbap42rap4f60pj4smmmrxjlx0y131l3ki6v6gdm")))) > + (build-system go-build-system) > + (arguments > + '(#:import-path "github.com/go-piv/piv-go/piv" > + #:unpack-path "github.com/go-piv/piv-go" > + #:tests? #f)) > + (native-inputs (list pkg-config)) > + (propagated-inputs (list pcsc-lite)) What relation does pcsc-lite have to this package, and why does it need to be propagated? If this can be avoid, that would be good. Otherwise it would be good to mention why the propagation is needed in a comment.
On 2022-10-11 11:48, Christopher Baines wrote: > What relation does pcsc-lite have to this package, and why does it need > to be propagated? > > If this can be avoid, that would be good. Otherwise it would be good to > mention why the propagation is needed in a comment. For piv-go, in their README: To build on Linux, piv-go requires PCSC lite. To install on Debian-based distros, run: sudo apt-get install libpcsclite-dev ==> So probably no need to propagate here. ---- For yubikey-agent: The package relies on pcscd (daemon) to run on linux, which is already available in guix. Maybe it's better to say that in the README ? Instead of the package, what it needs is actually the service. I've also written some tested lines for a yubikey-agent configuration/feature (as done in the RDE project) shepherd service, although as it is really tiny, I didn't know if I should've contributed this. It looks like that, and did work (it also depends on the acceptance of the patch https://issues.guix.gnu.org/52900 in this case): (define* (feature-yubikey-agent #:key (yubikey-agent yubikey-agent)) "Configure Yubikey-Agent." (ensure-pred file-like? yubikey-agent) (define (get-system-services _) (list (service pcscd-service-type) (udev-rules-service 'yubikey (file->udev-rule "70-u2f.rules" (file-append libfido2 "/udev/rules.d/70-u2f.rules"))))) ;; (define (get-home-services config) ;; (list ;; ;; MAYBE: It should be installed system-wide? ;; (simple-service ;; 'yubikey-agent-add-yubikey-agent-package ;; home-profile-service-type ;; (list yubikey-agent)) ;; (simple-service ;; 'start-yubikey-agent-at-startup ;; home-shepherd-service-type ;; (list (shepherd-service ;; (documentation "Run the yubikey-agent.") ;; (provision '(yubikey-agent)) ;; (requirement '()) ;; (start #~(make-forkexec-constructor ;; (list (string-append ;; #$yubikey-agent "/bin/yubikey-agent") ;; "-l" "/tmp/yubikey-agent.sock"))) ;; (stop #~(make-kill-destructor))))))) (feature (name 'yubikey-agent) (values `((yubikey-agent . ,yubikey-agent))) (system-services-getter get-system-services) ;; (home-services-getter get-home-services) )) I'm not sure what would be the guideline here regarding doing or avoiding propagations. WDYT? (I'm sending a V2 once I have a clearer idea of what makes sense). --- From the package README: On Arch, use [the `yubikey-agent` package](https://aur.archlinux.org/packages/yubikey-agent/) from the AUR. ``` git clone https://aur.archlinux.org/yubikey-agent.git cd yubikey-agent && makepkg -si systemctl daemon-reload --user sudo systemctl enable --now pcscd.socket systemctl --user enable --now yubikey-agent export SSH_AUTH_SOCK="${XDG_RUNTIME_DIR}/yubikey-agent/yubikey-agent.sock" ```
Nicolas Graves <ngraves@ngraves.fr> writes: > On 2022-10-11 11:48, Christopher Baines wrote: > >> What relation does pcsc-lite have to this package, and why does it need >> to be propagated? >> >> If this can be avoid, that would be good. Otherwise it would be good to >> mention why the propagation is needed in a comment. > > For piv-go, in their README: > > To build on Linux, piv-go requires PCSC lite. To install on Debian-based distros, run: > sudo apt-get install libpcsclite-dev > > ==> So probably no need to propagate here. > > ---- > > For yubikey-agent: > > The package relies on pcscd (daemon) to run on linux, which is already > available in guix. Maybe it's better to say that in the README ? Instead > of the package, what it needs is actually the service. > > I've also written some tested lines for a yubikey-agent > configuration/feature (as done in the RDE project) shepherd service, > although as it is really tiny, I didn't know if I should've contributed > this. > > It looks like that, and did work (it also depends on the acceptance of > the patch https://issues.guix.gnu.org/52900 in this case): > > (define* (feature-yubikey-agent > #:key > (yubikey-agent yubikey-agent)) > "Configure Yubikey-Agent." > (ensure-pred file-like? yubikey-agent) > > (define (get-system-services _) > (list > (service pcscd-service-type) > (udev-rules-service > 'yubikey > (file->udev-rule > "70-u2f.rules" > (file-append libfido2 "/udev/rules.d/70-u2f.rules"))))) > > ;; (define (get-home-services config) > ;; (list > ;; ;; MAYBE: It should be installed system-wide? > ;; (simple-service > ;; 'yubikey-agent-add-yubikey-agent-package > ;; home-profile-service-type > ;; (list yubikey-agent)) > ;; (simple-service > ;; 'start-yubikey-agent-at-startup > ;; home-shepherd-service-type > ;; (list (shepherd-service > ;; (documentation "Run the yubikey-agent.") > ;; (provision '(yubikey-agent)) > ;; (requirement '()) > ;; (start #~(make-forkexec-constructor > ;; (list (string-append > ;; #$yubikey-agent "/bin/yubikey-agent") > ;; "-l" "/tmp/yubikey-agent.sock"))) > ;; (stop #~(make-kill-destructor))))))) > > (feature > (name 'yubikey-agent) > (values `((yubikey-agent . ,yubikey-agent))) > (system-services-getter get-system-services) > ;; (home-services-getter get-home-services) > )) > > > I'm not sure what would be the guideline here regarding doing or > avoiding propagations. WDYT? (I'm sending a V2 once I have a clearer > idea of what makes sense). I'd try avoiding all the propagated inputs and then tackle the issue of getting the service working separately. Thanks, Chris
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm index 447a7a582d..3dc619ed4f 100644 --- a/gnu/packages/security-token.scm +++ b/gnu/packages/security-token.scm @@ -17,6 +17,7 @@ ;;; Copyright © 2022 John Kehayias <john.kehayias@protonmail.com> ;;; Copyright © 2022 Petr Hodina <phodina@protonmail.com> ;;; Copyright © 2022 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> +;;; Copyright © 2022 Nicolas Graves <ngraves@ngraves.fr> ;;; ;;; This file is part of GNU Guix. ;;; @@ -44,6 +45,7 @@ (define-module (gnu packages security-token) #:use-module (guix build-system cargo) #:use-module (guix build-system cmake) #:use-module (guix build-system gnu) + #:use-module (guix build-system go) #:use-module (guix build-system glib-or-gtk) #:use-module (guix build-system python) #:use-module (gnu packages autotools) @@ -967,3 +969,30 @@ (define-public cardpeek It also has limited support for Mifare Classic compatible cards (Thalys card)") (license license:gpl3+) (home-page "http://pannetrat.com/Cardpeek"))) + +(define-public go-github-com-go-piv-piv-go + (package + (name "go-github-com-go-piv-piv-go") + (version "1.10.0") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/go-piv/piv-go") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 "1j2szvvwgd0ysbap42rap4f60pj4smmmrxjlx0y131l3ki6v6gdm")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/go-piv/piv-go/piv" + #:unpack-path "github.com/go-piv/piv-go" + #:tests? #f)) + (native-inputs (list pkg-config)) + (propagated-inputs (list pcsc-lite)) + (home-page "https://github.com/go-piv/piv-go") + (synopsis "A Go YubiKey PIV implementation") + (description "YubiKeys implement the PIV specification for managing smart +card certificates. This package provides a simpler alternative to GPG for +managing asymmetric keys on a YubiKey.") + (license license:asl2.0)))