Date: Mon, 14 Sep 2020 20:34:26 +0000 (UTC) From: Li-Wen Hsu <lwhsu@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r548683 - in head/security: . pam_pkcs11 pam_pkcs11/files Message-ID: <202009142034.08EKYQAl016238@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: lwhsu Date: Mon Sep 14 20:34:26 2020 New Revision: 548683 URL: https://svnweb.freebsd.org/changeset/ports/548683 Log: Add security/pam_pkcs11, PAM module using crypto tokens for auth Submitted by: Ka Ho Ng <khng300@gmail.com> Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D26419 Added: head/security/pam_pkcs11/ head/security/pam_pkcs11/Makefile (contents, props changed) head/security/pam_pkcs11/distinfo (contents, props changed) head/security/pam_pkcs11/files/ head/security/pam_pkcs11/files/pkg-message.in (contents, props changed) head/security/pam_pkcs11/pkg-descr (contents, props changed) head/security/pam_pkcs11/pkg-plist (contents, props changed) Modified: head/security/Makefile Modified: head/security/Makefile ============================================================================== --- head/security/Makefile Mon Sep 14 20:34:21 2020 (r548682) +++ head/security/Makefile Mon Sep 14 20:34:26 2020 (r548683) @@ -720,6 +720,7 @@ SUBDIR += pam_mkhomedir SUBDIR += pam_ocra SUBDIR += pam_p11 + SUBDIR += pam_pkcs11 SUBDIR += pam_pwdfile SUBDIR += pam_require SUBDIR += pam_script Added: head/security/pam_pkcs11/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/pam_pkcs11/Makefile Mon Sep 14 20:34:26 2020 (r548683) @@ -0,0 +1,100 @@ +# Created by: Ka Ho Ng <khng300@gmail.com> +# $FreeBSD$ + +PORTNAME= pam_pkcs11 +PORTVERSION= 0.6.11 +CATEGORIES= security + +MAINTAINER= khng300@gmail.com +COMMENT= PAM module using crypto tokens for auth + +LICENSE= LGPL21 + +RUN_DEPENDS= bash:shells/bash + +USES= autoreconf gmake libtool pkgconfig shebangfix + +USE_GITHUB= yes +GH_ACCOUNT= OpenSC +GH_TAGNAME= ${PORTNAME}-${PORTVERSION} + +GNU_CONFIGURE= yes + +CONFIGURE_ARGS= --with-confdir=${ETCDIR} +CONFIGURE_ENV= OPENSSL_CFLAGS="-I${OPENSSLINC}" \ + OPENSSL_LIBS="-L${OPENSSLLIB} -lcrypto" + +SHEBANG_FILES= tools/pkcs11_make_hash_link + +SUB_FILES= pkg-message + +OPTIONS_DEFINE= CURL DEBUG DOCS LDAP NLS NSS PCSC SSL +OPTIONS_DEFAULT= PCSC SSL +OPTIONS_SUB= yes + +CURL_LIB_DEPENDS= libcurl.so:ftp/curl +CURL_CONFIGURE_WITH= curl + +LDAP_USE= OPENLDAP=yes +LDAP_CONFIGURE_WITH= ldap + +# Users can only choose either NSS or SSL +NSS_DESC= Enable Mozilla's NSS support +NSS_CONFIGURE_WITH= nss +NSS_LIB_DEPENDS= libnss3.so:security/nss \ + libnspr4.so:devel/nspr +NSS_PREVENTS= SSL + +PCSC_DESC= Enable PC/SC support +PCSC_LIB_DEPENDS= libpcsclite.so:devel/pcsc-lite +PCSC_CONFIGURE_WITH= pcsclite + +SSL_USES= ssl + +NLS_CONFIGURE_ENABLE= nls +NLS_USES= gettext + +DOCS_CONFIGURE_ENABLE= doc + +PORTDOCS= * + +PAM_PKCS11_EXAMPLEDOCS= \ + etc/card_eventmgr.conf.example \ + etc/digest_mapping.example \ + etc/mail_mapping.example \ + etc/pam.d_login.example.in \ + etc/pam_pkcs11.conf.example.in \ + etc/pkcs11_eventmgr.conf.example \ + etc/subject_mapping.example + +.include <bsd.port.options.mk> + +.if ! ${PORT_OPTIONS:MDEBUG} +INSTALL_TARGET= install-strip +.else +CONFIGURE_ARGS+= --with-debug=yes +.endif + +.if ${PORT_OPTIONS:MDOCS} +BUILD_DEPENDS+= xsltproc:textproc/libxslt \ + ${LOCALBASE}/share/xsl/docbook/html/docbook.xsl:textproc/docbook-xsl +CONFIGURE_ENV+= XSLTPROC="${LOCALBASE}/bin/xsltproc" +CONFIGURE_ARGS+=--with-xsl-stylesheetsdir=${LOCALBASE}/share/xsl/docbook +.else +CONFIGURE_ENV+= XSLTPROC="${FALSE}" +CONFIGURE_ARGS+=--without-xsl-stylesheetsdir +.endif + +post-patch: +.for f in ${PAM_PKCS11_EXAMPLEDOCS} + @${REINPLACE_CMD} -e 's|/etc/${PORTNAME}|${ETCDIR}|g' \ + -e 's|file:///etc/${PORTNAME}/|file://${ETCDIR}/|g' \ + -e 's|/usr/lib|${PREFIX}/lib|g' \ + -e 's|/usr/share|${PREFIX}/share|g' \ + ${WRKSRC}/${f} +.endfor + +pre-configure: + @(cd ${WRKSRC} && ./bootstrap) + +.include <bsd.port.mk> Added: head/security/pam_pkcs11/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/pam_pkcs11/distinfo Mon Sep 14 20:34:26 2020 (r548683) @@ -0,0 +1,3 @@ +TIMESTAMP = 1599929612 +SHA256 (OpenSC-pam_pkcs11-0.6.11-pam_pkcs11-0.6.11_GH0.tar.gz) = 6674ec488757ce6dc6768ebdb215d3b92897702517f182decfb222d03a98461b +SIZE (OpenSC-pam_pkcs11-0.6.11-pam_pkcs11-0.6.11_GH0.tar.gz) = 271552 Added: head/security/pam_pkcs11/files/pkg-message.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/pam_pkcs11/files/pkg-message.in Mon Sep 14 20:34:26 2020 (r548683) @@ -0,0 +1,8 @@ +[ +{ type: install + message: <<EOM +Note: base configuration directory is %%ETCDIR%% instead of +/etc/pam_pkcs11 in PAM-PKCS11 User Manual. +EOM +} +] Added: head/security/pam_pkcs11/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/pam_pkcs11/pkg-descr Mon Sep 14 20:34:26 2020 (r548683) @@ -0,0 +1,18 @@ +pam_pkcs11 is a login module allowing a X.509 certificate +based user login. The certificate and its dedicated private +key are thereby accessed by means of an appropriate PKCS#11 +module. For the verification of the users' certificates, +locally stored CA certificates as well as either online or +locally accessible CRLs are used. + +PAM-PKCS#11 package provides: + + A PAM module able to: + Use certificates to get user credentials + Deduce a login based on provided certificate + Several tools: + Standalone cert-to-login finder tool + Certificate contents viewer + Card Event status monitor, to trigger actions on card insert/removal + +WWW: https://github.com/OpenSC/pam_pkcs11 Added: head/security/pam_pkcs11/pkg-plist ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/pam_pkcs11/pkg-plist Mon Sep 14 20:34:26 2020 (r548683) @@ -0,0 +1,26 @@ +bin/card_eventmgr +bin/pkcs11_eventmgr +bin/pkcs11_inspect +bin/pkcs11_listcerts +bin/pkcs11_make_hash_link +bin/pkcs11_setup +bin/pklogin_finder +lib/pam_pkcs11/opensc_mapper.so +lib/pam_pkcs11/openssh_mapper.so +lib/security/pam_pkcs11.so +man/man1/card_eventmgr.1.gz +man/man1/pkcs11_eventmgr.1.gz +man/man1/pkcs11_inspect.1.gz +man/man1/pkcs11_listcerts.1.gz +man/man1/pkcs11_make_hash_link.1.gz +man/man1/pkcs11_setup.1.gz +man/man1/pklogin_finder.1.gz +man/man8/pam_pkcs11.8.gz +%%NLS%%share/locale/de/LC_MESSAGES/pam_pkcs11.mo +%%NLS%%share/locale/pt_BR/LC_MESSAGES/pam_pkcs11.mo +%%NLS%%share/locale/ru/LC_MESSAGES/pam_pkcs11.mo +%%NLS%%share/locale/it/LC_MESSAGES/pam_pkcs11.mo +%%NLS%%share/locale/tr/LC_MESSAGES/pam_pkcs11.mo +%%NLS%%share/locale/pl/LC_MESSAGES/pam_pkcs11.mo +%%NLS%%share/locale/fr/LC_MESSAGES/pam_pkcs11.mo +%%NLS%%share/locale/nl/LC_MESSAGES/pam_pkcs11.mo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202009142034.08EKYQAl016238>