From nobody Tue Jun 7 11:57:34 2022 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 728E212D1468; Tue, 7 Jun 2022 11:57:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LHTPV2J3Fz3Cxd; Tue, 7 Jun 2022 11:57:34 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1654603054; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wBpmFNoDqoXxk4sZieorhcal7stHiFcXtMOqkSnB2Zs=; b=rPIdFmtLJHJ/QTcbYLThHPSDyRqQPrVvA0mr28emsJlt0x/xJuszDmhM6f7PGcDX09E9XX PKJLNT/Xv9q65VvFwgpg392LMSxlfCo5JL8zYYdZSoCw5Lz2Df6ycD24+MEf0h0NvI5rPP +kwcGVSkGsZ3SS1lXBwPWvolXJJuf6h70qmA/tS1fwPO5ZQT5eB/j4R0pKjo+QzDY4bYun 4VYIJlM+d4bv/YwxNBzWWlHSHQGZ4Y84M+i2eGMMmI/VfV3K9+T7TPMcwZXPGJvUmKeZpD +40iRAZZC+e+c+hcI1eTK+Qr87YguIvvBlZE56iMwtY307IF0eHYHzRAxqY0Fg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2EB271A79E; Tue, 7 Jun 2022 11:57:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 257BvYBp016842; Tue, 7 Jun 2022 11:57:34 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 257BvYCX016841; Tue, 7 Jun 2022 11:57:34 GMT (envelope-from git) Date: Tue, 7 Jun 2022 11:57:34 GMT Message-Id: <202206071157.257BvYCX016841@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org From: Michael Gmelin Subject: git: afdc136ee424 - 2022Q2 - security/py-fido2: Fix and extend FreeBSD support List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: grembo X-Git-Repository: ports X-Git-Refname: refs/heads/2022Q2 X-Git-Reftype: branch X-Git-Commit: afdc136ee424cd6159b4e77d3b56d5a9f32669c9 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1654603054; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wBpmFNoDqoXxk4sZieorhcal7stHiFcXtMOqkSnB2Zs=; b=TTv+I5cleSo8KdIj/1H1Zoyeg2heZSU5/DQbrqHcoiwhJzkkZp3cykzb5oyYMRaebRRNaP v161VynEOF1YmFq7XhtF9PIT95EzQLJa/rVOrAHyIZkAeUjiK8GtxXOuFivUIJ+5CY10TT 5lQ60qu94grO/I72pvB5V3lEbqrK70+6vAD5pqns/Md5H9qa5+9QXnonazVJevkl0+xzNU LczxxS5/+/qHzOF2NVNgumY1b7suQgDv9KX0g9K7eMLzgN9seHgNFLWRAgPTYrVGRtbjxe udjEGvmkU3jWzVRyHc94rRez0l5kHxDU2vawEJn/a/NaLLMu4ack8v8pAo9YZA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1654603054; a=rsa-sha256; cv=none; b=QYsSw6vsNtrb39xLGllkgoPMRjfHSfCeeID2MfBNYhT1bdDU0flDAXH8+/KK5tpTCY5Mjg bLFL1bcT/HZQbLAyJlyC1xn74cKdie48tSLzC96IwuWTu+muqte5X8ITNp3ot+mTWZujhO CIuhXx6z1IxOMyDb48YIn5ivS9F59x7GshZGWkh4Dmzqs4mjiIP1F4vg/Dp/hgkUXRsvqu Jdw6SCmoqZqtFM4t/LMLMZkCM6+xJw49S8s+7/vfQWl7jSaNqsWtHsfuo+uO6qdwj1waCu Ng26xb/gcIBmupsGuRvfqbotGk5Cdds/MCUbS/z+L4MQDkkIIaqQsBNO+mMqFw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch 2022Q2 has been updated by grembo: URL: https://cgit.FreeBSD.org/ports/commit/?id=afdc136ee424cd6159b4e77d3b56d5a9f32669c9 commit afdc136ee424cd6159b4e77d3b56d5a9f32669c9 Author: Michael Gmelin AuthorDate: 2022-05-27 09:27:56 +0000 Commit: Michael Gmelin CommitDate: 2022-06-07 11:56:27 +0000 security/py-fido2: Fix and extend FreeBSD support This unbreaks FreeBSD support in general and adds support for FreeBSD 13's optional hidraw(4) driver. See https://github.com/Yubico/python-fido2/pull/139 PR: 264281 Approved by: koobs (python, maintainer) (cherry picked from commit ce57b8b96961901188c60319459cfb5fcea13f03) --- security/py-fido2/Makefile | 1 + security/py-fido2/files/patch-fido2_hid_freebsd.py | 222 +++++++++++++++++++++ 2 files changed, 223 insertions(+) diff --git a/security/py-fido2/Makefile b/security/py-fido2/Makefile index 9b895d8817f6..574946ed1789 100644 --- a/security/py-fido2/Makefile +++ b/security/py-fido2/Makefile @@ -1,5 +1,6 @@ PORTNAME= fido2 PORTVERSION= 0.9.3 +PORTREVISION= 1 CATEGORIES= security python MASTER_SITES= CHEESESHOP PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-fido2/files/patch-fido2_hid_freebsd.py b/security/py-fido2/files/patch-fido2_hid_freebsd.py new file mode 100644 index 000000000000..78836b3c4d06 --- /dev/null +++ b/security/py-fido2/files/patch-fido2_hid_freebsd.py @@ -0,0 +1,222 @@ +See https://github.com/Yubico/python-fido2/commit/2a202d0e19fdb7be +--- fido2/hid/freebsd.py.orig 2022-05-27 09:25:33 UTC ++++ fido2/hid/freebsd.py +@@ -15,19 +15,39 @@ + # Modified work Copyright 2020 Yubico AB. All Rights Reserved. + # This file, with modifications, is licensed under the above Apache License. + ++# FreeBSD HID driver. ++# ++# There are two options to access UHID on FreeBSD: ++# ++# hidraw(4) - New method, not enabled by default ++# on FreeBSD 13.x and earlier ++# uhid(4) - Classic method, default option on ++# FreeBSD 13.x and earlier ++# ++# uhid is available since FreeBSD 13 and can be activated by adding ++# `hw.usb.usbhid.enable="1"` to `/boot/loader.conf`. The actual kernel ++# module is loaded with `kldload hidraw`. + +-from __future__ import absolute_import ++from __future__ import annotations + + from ctypes.util import find_library + import ctypes ++import fcntl + import glob + import re ++import struct + import os ++from array import array + + from .base import HidDescriptor, parse_report_descriptor, FileCtapHidConnection + + import logging ++import sys ++from typing import Dict, Optional, Set, Union + ++# Don't typecheck this file on Windows ++assert sys.platform != "win32" # nosec ++ + logger = logging.getLogger(__name__) + + +@@ -39,9 +59,17 @@ sernum_re = re.compile('sernum="([^"]+)') + + libc = ctypes.CDLL(find_library("c")) + ++# /usr/include/dev/usb/usb_ioctl.h + USB_GET_REPORT_DESC = 0xC0205515 + ++# /usr/include/dev/hid/hidraw.h> ++HIDIOCGRAWINFO = 0x40085520 ++HIDIOCGRDESC = 0x2000551F ++HIDIOCGRDESCSIZE = 0x4004551E ++HIDIOCGRAWNAME_128 = 0x40805521 ++HIDIOCGRAWUNIQ_64 = 0x40405525 + ++ + class usb_gen_descriptor(ctypes.Structure): + _fields_ = [ + ( +@@ -62,8 +90,17 @@ class usb_gen_descriptor(ctypes.Structure): + ] + + ++class HidrawCtapHidConnection(FileCtapHidConnection): ++ def write_packet(self, packet): ++ # Prepend the report ID ++ super(HidrawCtapHidConnection, self).write_packet(b"\0" + packet) ++ ++ + def open_connection(descriptor): +- return FileCtapHidConnection(descriptor) ++ if descriptor.path.find(devdir + "hidraw") == 0: ++ return HidrawCtapHidConnection(descriptor) ++ else: ++ return FileCtapHidConnection(descriptor) + + + def _get_report_data(fd, report_type): +@@ -71,7 +108,7 @@ def _get_report_data(fd, report_type): + desc = usb_gen_descriptor( + ugd_data=ctypes.addressof(data), + ugd_maxlen=ctypes.sizeof(data), +- report_type=report_type, ++ ugd_report_type=report_type, + ) + ret = libc.ioctl(fd, USB_GET_REPORT_DESC, ctypes.byref(desc)) + if ret != 0: +@@ -104,16 +141,16 @@ def _enumerate(): + if retval != 0: + continue + +- dev = {} ++ dev: Dict[str, Optional[Union[str, int]]] = {} + dev["name"] = uhid[len(devdir) :] + dev["path"] = uhid + + value = ovalue.value[: olen.value].decode() + m = vendor_re.search(value) +- dev["vendor_id"] = m.group(1) if m else None ++ dev["vendor_id"] = int(m.group(1), 16) if m else None + + m = product_re.search(value) +- dev["product_id"] = m.group(1) if m else None ++ dev["product_id"] = int(m.group(1), 16) if m else None + + m = sernum_re.search(value) + dev["serial_number"] = m.group(1) if m else None +@@ -126,7 +163,49 @@ def _enumerate(): + yield dev + + ++def get_hidraw_descriptor(path): ++ with open(path, "rb") as f: ++ # Read VID, PID ++ buf = array("B", [0] * (4 + 2 + 2)) ++ fcntl.ioctl(f, HIDIOCGRAWINFO, buf, True) ++ _, vid, pid = struct.unpack(" 1 else None ++ ++ # Read unique ID ++ try: ++ buf = array("B", [0] * 65) ++ fcntl.ioctl(f, HIDIOCGRAWUNIQ_64, buf, True) ++ length = buf.index(0) + 1 # emulate ioctl return value ++ serial = ( ++ bytearray(buf[: (length - 1)]).decode("utf-8") if length > 1 else None ++ ) ++ except OSError: ++ serial = None ++ ++ # Read report descriptor ++ buf = array("B", [0] * 4) ++ fcntl.ioctl(f, HIDIOCGRDESCSIZE, buf, True) ++ size = struct.unpack("