Re: NEW: security/pivy

Stuart Henderson Wed, 03 Jun 2020 07:52:02 -0700

On 2020/06/03 11:47, Jonathan Matthew wrote:
> ping?
> 
> On Mon, May 25, 2020 at 08:01:58PM +1000, Jonathan Matthew wrote:
> > Hi,
> > 
> > Here's a new port, security/pivy, a set of tools for using PIV tokens (like
> > Yubikeys) as an SSH agent, for encrypting data at rest, and more.
> > 
> > pkg/DESCR:
> > Pivy is an implementation of a simple PIV client with minimal dependencies.
> > It contains a pivy-tool binary which can conduct basic operations using
> > PIV cards, and the pivy-agent, which implements the SSH agent protocol as
> > a drop-in replacement for the OpenSSH ssh-agent command (except that the
> > keys it contains are always on a PIV card).
> > 
> > "PIV cards" notably includes Yubico Yubikey devices such as the NEO and
> > Yubikey4, which can store up to 24 keys by using the "retired key" slots
> > (which this agent supports).
> > 
> > 
> > I've built and used this on amd64 and armv7, and built it on sparc64.
> > 
> > ok to import?
> 
>


Tweaked version attached, this one is OK with me.

commentary:

|  V =          0.6.0
|  COMMENT =    tools for using PIV tokens as an SSH agent, encryption, etc.
| -GH_ACCOUNT = arekinath
| -GH_PROJECT = pivy
| -GH_TAGNAME = v${V}
| -MASTER_SITES =       
https://github.com/arekinath/pivy/releases/download/${GH_TAGNAME}/

GH_* are for use with the automatic setting of MASTER_SITES etc.
Files on github /releases/ URLs are just normal distfiles.

| +DISTNAME =   pivy-$V
|  
| +HOMEPAGE =   https://github.com/arekinath/pivy
| +
| +MASTER_SITES =       https://github.com/arekinath/pivy/releases/download/v$V/
| +
|  CATEGORIES = security
|  
|  MAINTAINER = Jonathan Matthew <jmatt...@openbsd.org>
| @@ -14,7 +15,7 @@ MAINTAINER =        Jonathan Matthew <jmatt...@openbsd.org>
|  # MPLv2
|  PERMIT_PACKAGE =     Yes
|  
| -WANTLIB =            c z crypto pcsclite pthread
| +WANTLIB =            c edit crypto pcsclite z

it links -ledit on OpenBSD, and doesn't link with pthread

| -CONFIGURE_STYLE =      none

CONFIGURE_STYLE=none is a hack for ports using python.port.mk and
shouldn't normally be used

|  NO_TEST =            Yes
|  
| -MAKE_ENV =           prefix=${PREFIX}
| +MAKE_FLAGS =         CC="${CC}" \
| +                     COPTFLAGS="${CFLAGS}" \
| +                     prefix=${PREFIX}

setting CC/CFLAGS through ports should work (including e.g. make CC=gcc,
make DEBUG=-g, etc).

.. plus add patch-Makefile which does

-                       -O2 -g -D_GNU_SOURCE
+                       $(COPTFLAGS) -D_GNU_SOURCE

pivy.tgz
Description: application/tar-gz

Re: NEW: security/pivy

Reply via email to