openssh: add libcbor and libfido2 to allowed openssh support Windows Hello and FIDO2 security keys

2022-02-27 20:06:59 +08:00 · 2022-02-27 20:06:59 +08:00 · a5828df3b2
commit a5828df3b2
parent 34aedc76c7
4 changed files with 131 additions and 3 deletions
--- a/libcbor/PKGBUILD
+++ b/libcbor/PKGBUILD
@ -0,0 +1,40 @@
+# Contributer: Reza Tavakoli <rta.0070@gmail.com>
+
+pkgbase=libcbor
+pkgname=("${pkgbase}" "${pkgbase}-devel")
+pkgver=0.9.0
+pkgrel=1
+pkgdesc="A C library for parsing and generating CBOR, a general-purpose schema-less binary data format"
+arch=('i686' 'x86_64')
+url="https://github.com/PJK/libcbor"
+license=('MIT')
+makedepends=("cmake" "make" "gcc")
+source=(https://github.com/PJK/libcbor/archive/v${pkgver}/${pkgname}-${pkgver}.tar.gz)
+sha256sums=('da81e4f9333e0086d4e2745183c7052f04ecc4dbcffcf910029df24f103c15d1')
+
+build() {
+  cd ${pkgname}-${pkgver}
+  cmake . \
+    -Bbuild \
+    -DCMAKE_BUILD_TYPE=Release \
+    -DCMAKE_INSTALL_PREFIX=/usr \
+    -DCBOR_CUSTOM_ALLOC=ON \
+    -DBUILD_SHARED_LIBS=ON 
+  cmake --build build
+  DESTDIR="${srcdir}/dest" cmake --install build
+}
+
+package_libcbor() {
+  groups=("libraries")
+  mkdir -p ${pkgdir}/usr/bin
+  cp -f ${srcdir}/dest/usr/bin/*.dll ${pkgdir}/usr/bin/
+}
+
+package_libcbor-devel() {
+  pkgdesc="Development headers and library for libcbor"
+  depends=("$pkgbase=$pkgver")
+  groups=("development")
+  mkdir -p ${pkgdir}/usr/lib
+  cp -rf ${srcdir}/dest/usr/include ${pkgdir}/usr
+  cp -rf ${srcdir}/dest/usr/lib ${pkgdir}/usr
+}
--- a/libfido2/PKGBUILD
+++ b/libfido2/PKGBUILD
@ -0,0 +1,74 @@
+# Contributor: Karol Babioch <karol@babioch.de>
+
+pkgbase=libfido2
+pkgname=("${pkgbase}" "fido2-tools" "${pkgbase}-devel" "${pkgbase}-docs")
+pkgver=1.10.0
+pkgrel=1
+pkgdesc="Library functionality for FIDO 2.0, including communication with a device over USB"
+arch=('i686' 'x86_64')
+url="https://developers.yubico.com/libfido2/"
+license=('BSD-2-Clause')
+depends=("libcbor" "openssl")
+makedepends=("libcbor-devel" "openssl-devel" "cmake" "make" "gcc")
+source=("https://developers.yubico.com/libfido2/Releases/libfido2-${pkgver}.tar.gz"{,.sig}
+        msys2-fix-ln.diff)
+sha256sums=('526efd3d56af706c05d09f3d21f18ee3b0b15ac0c1f5c5da1acbc27c2730b99b'
+            'SKIP'
+            '3134757a26e80eb1917036d4402551fa517e4e0e678c54dcf6c166b714de2bf2')
+validpgpkeys=(
+  'EE90AE0D19774C8386628FAAB428949EF7914718' # pedro martelletto <pedro@yubico.com>
+  '1D7308B0055F5AEF36944A8F27A9C24D9588EA0F' # Aveen Ismail <aveen.ismail@yubico.com>
+  '7FBB6186957496D58C751AC20E777DD85755AA4A' # Konstantinos Georgantas <kostas@yubico.com>
+)
+
+prepare() {
+  cd ${pkgname}-${pkgver}
+  patch -p1 -i ${srcdir}/msys2-fix-ln.diff
+}
+
+build() {
+  cd ${pkgname}-${pkgver}
+  cmake -B build \
+    -DCMAKE_BUILD_TYPE=Release \
+    -DCMAKE_INSTALL_PREFIX=/usr \
+    -DUSE_WINHELLO=ON
+  cmake --build build
+  DESTDIR="${srcdir}/dest" cmake --install build
+}
+
+package_libfido2() {
+  groups=("libraries")
+
+  mkdir -p ${pkgdir}/usr/bin
+  cp -f ${srcdir}/dest/usr/bin/*.dll ${pkgdir}/usr/bin/
+}
+
+package_fido2-tools() {
+  pkgdesc="FIDO2 command line tools to access and configure a FIDO2 compliant authentication device"
+  depends=("$pkgbase=$pkgver")
+
+  mkdir -p ${pkgdir}/usr/bin
+  cp -f ${srcdir}/dest/usr/bin/*.exe ${pkgdir}/usr/bin/
+  mkdir -p ${pkgdir}/usr/share/man
+  cp -rf ${srcdir}/dest/usr/share/man/man1 ${pkgdir}/usr/share/man
+}
+
+package_libfido2-devel() {
+  pkgdesc="Development headers and library for libfido2"
+  depends=("$pkgbase=$pkgver")
+  groups=("development")
+
+  mkdir -p ${pkgdir}/usr/lib
+  cp -rf ${srcdir}/dest/usr/include ${pkgdir}/usr/
+  cp -rf ${srcdir}/dest/usr/lib/pkgconfig ${pkgdir}/usr/lib/ 
+  cp -f ${srcdir}/dest/usr/lib/*.a ${pkgdir}/usr/lib
+}
+
+package_libfido2-docs() {
+  pkgdesc="Documentation for libfido2"
+  depends=("libfido2-devel=$pkgver")  
+
+  mkdir -p ${pkgdir}/usr/share/man
+  cp -rf ${srcdir}/dest/usr/share/man/man3 ${pkgdir}/usr/share/man
+}
+
--- a/libfido2/msys2-fix-ln.diff
+++ b/libfido2/msys2-fix-ln.diff
@ -0,0 +1,13 @@
+diff --git a/man/CMakeLists.txt b/man/CMakeLists.txt
+index 5ce2fc7..f87393a 100644
+--- a/man/CMakeLists.txt
+++ b/man/CMakeLists.txt
+@@ -309,7 +309,7 @@ macro(define_symlink_target NAME EXT)
+ 		list(GET MAN_ALIAS ${i} SRC)
+ 		list(GET MAN_ALIAS ${j} DST)
+ 		add_custom_command(OUTPUT ${DST}.${EXT}
+-			COMMAND ln -sf ${SRC}.${EXT} ${DST}.${EXT})
+			COMMAND cp -f ${SRC}.${EXT} ${DST}.${EXT})
+ 		list(APPEND ${NAME}_LINK_FILES ${DST}.${EXT})
+ 	endforeach()
+ 	add_custom_target(${NAME} DEPENDS ${${NAME}_LINK_FILES})
--- a/openssh/PKGBUILD
+++ b/openssh/PKGBUILD
@ -2,14 +2,14 @@

 pkgname=openssh
 pkgver=8.9p1
-pkgrel=1
+pkgrel=2
 pkgdesc='Free version of the SSH connectivity tools'
 url='https://www.openssh.com/portable.html'
 license=('custom:BSD')
 arch=('i686' 'x86_64')
 groups=('net-utils')
-depends=('heimdal' 'libedit' 'libcrypt' 'openssl')
-makedepends=('heimdal-devel' 'libedit-devel' 'libcrypt-devel' 'openssl-devel' 'autotools' 'gcc')
+depends=('heimdal' 'libedit' 'libcrypt' 'libfido2' 'openssl')
+makedepends=('heimdal-devel' 'libedit-devel' 'libcrypt-devel' 'libfido2-devel' 'openssl-devel' 'autotools' 'gcc')
 source=("https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${pkgver}.tar.gz"{,.asc}
        openssh-7.3p1-msys2.patch
        openssh-7.3p1-msys2-setkey.patch
@ -44,6 +44,7 @@ build() {
    --localstatedir=/var \
    --with-libedit \
    --with-kerberos5=/usr \
+    --with-security-key-builtin \
    --without-hardening \
    --disable-strip