Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 10 Dec 2020 21:29:41 +0000 (UTC)
From:      Kurt Jaeger <pi@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r557479 - in head/security: . py-onlykey py-onlykey/files
Message-ID:  <202012102129.0BALTfMT040712@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: pi
Date: Thu Dec 10 21:29:41 2020
New Revision: 557479
URL: https://svnweb.freebsd.org/changeset/ports/557479

Log:
  New port: security/py-onlykey: cli for the OnlyKey hardware password manager
  
  Python command line tool for configuring and using the OnlyKey
  hardware password manager.
  
  WWW: https://github.com/trustcrypto/python-onlykey
  
  PR:		250601
  Submitted by:	Dmytro Bilokha <dmytro@posteo.net>

Added:
  head/security/py-onlykey/
  head/security/py-onlykey/Makefile   (contents, props changed)
  head/security/py-onlykey/distinfo   (contents, props changed)
  head/security/py-onlykey/files/
  head/security/py-onlykey/files/onlykey-cli.1   (contents, props changed)
  head/security/py-onlykey/files/onlykey.conf.sample   (contents, props changed)
  head/security/py-onlykey/files/pkg-message.in   (contents, props changed)
  head/security/py-onlykey/pkg-descr   (contents, props changed)
Modified:
  head/security/Makefile

Modified: head/security/Makefile
==============================================================================
--- head/security/Makefile	Thu Dec 10 21:29:35 2020	(r557478)
+++ head/security/Makefile	Thu Dec 10 21:29:41 2020	(r557479)
@@ -926,6 +926,7 @@
     SUBDIR += py-oauth2client
     SUBDIR += py-oauthlib
     SUBDIR += py-obfsproxy-tor
+    SUBDIR += py-onlykey
     SUBDIR += py-openssl
     SUBDIR += py-ospd
     SUBDIR += py-paramiko

Added: head/security/py-onlykey/Makefile
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/py-onlykey/Makefile	Thu Dec 10 21:29:41 2020	(r557479)
@@ -0,0 +1,41 @@
+# $FreeBSD$
+
+PORTNAME=	onlykey
+PORTVERSION=	1.2.2
+CATEGORIES=	security python
+MASTER_SITES=	CHEESESHOP
+PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
+
+MAINTAINER=	dmytro@posteo.net
+COMMENT=	Python command line tool for configuring and using OnlyKey
+
+LICENSE=	MIT
+
+RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}hidapi>0:comms/py-hidapi@${PY_FLAVOR} \
+		${PYTHON_PKGNAMEPREFIX}aenum>0:devel/py-aenum@${PY_FLAVOR} \
+		${PYTHON_PKGNAMEPREFIX}six>0:devel/py-six@${PY_FLAVOR} \
+		${PYTHON_PKGNAMEPREFIX}prompt_toolkit>=2:devel/py-prompt_toolkit@${PY_FLAVOR} \
+		${PYTHON_PKGNAMEPREFIX}pynacl>=1.4.0:security/py-pynacl@${PY_FLAVOR} \
+		${PYTHON_PKGNAMEPREFIX}ecdsa>=0.13:security/py-ecdsa@${PY_FLAVOR} \
+		${PYTHON_PKGNAMEPREFIX}cython>=0.23.4:lang/cython@${PY_FLAVOR} \
+		${PYTHON_PKGNAMEPREFIX}libusb1>0:devel/py-libusb1@${PY_FLAVOR} \
+		${PYTHON_PKGNAMEPREFIX}uhid-freebsd>0:devel/py-uhid-freebsd@${PY_FLAVOR} \
+		u2f-host:security/libu2f-host
+
+USES=		python:3.7+
+USE_PYTHON=	autoplist distutils
+
+SUB_FILES=	pkg-message
+
+PLIST_FILES=	"@sample ${PREFIX}/etc/devd/onlykey.conf.sample" \
+		"${PREFIX}/man/man1/onlykey-cli.1.gz"
+
+NO_ARCH=	yes
+
+post-install:
+	@${MKDIR} ${STAGEDIR}${PREFIX}/etc/devd
+	${INSTALL_DATA} ${FILESDIR}/onlykey.conf.sample \
+		${STAGEDIR}${PREFIX}/etc/devd
+	${INSTALL_MAN} ${FILESDIR}/onlykey-cli.1 ${STAGEDIR}${PREFIX}/man/man1
+
+.include <bsd.port.mk>

Added: head/security/py-onlykey/distinfo
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/py-onlykey/distinfo	Thu Dec 10 21:29:41 2020	(r557479)
@@ -0,0 +1,3 @@
+TIMESTAMP = 1603049784
+SHA256 (onlykey-1.2.2.tar.gz) = b17197715e9197885574a0806cce8af087756f99c87d27415be7d15e967a6be2
+SIZE (onlykey-1.2.2.tar.gz) = 11911

Added: head/security/py-onlykey/files/onlykey-cli.1
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/py-onlykey/files/onlykey-cli.1	Thu Dec 10 21:29:41 2020	(r557479)
@@ -0,0 +1,230 @@
+.Dd October 23, 2020
+.Dt ONLYKEY-CLI 1
+.Os
+.Sh NAME
+.Nm onlykey-cli
+.Nd Python client for interacting with the OnlyKey
+.Sh SYNOPSIS
+.Nm
+.Op Ar command
+.Sh DESCRIPTION
+.Nm
+is a command line interface to the OnlyKey that can be used for
+configuration (similar functionality to OnlyKey App). You can either
+provide a
+.Ar command
+to get it executed immediately or run 
+.Nm
+without parameters to open an interactive prompt and type commands there.
+.Sh COMMANDS
+.Bl -tag -width 2n
+.It Xo
+.Cm init
+.Xc
+.Pp
+Sets OnlyKey into initial configuration mode (setting PIN).
+.It Xo
+.Cm settime
+.Xc
+.Pp
+Sets time on OnlyKey, time is needed for TOTP (Google Authenticator).
+.It Xo
+.Cm getlabels
+.Xc
+.Pp
+Prints label for each slot.
+.It Xo
+.Cm getkeylabels
+.Xc
+.Pp
+Prints key label for each RSA and ECC key.
+.It Xo
+.Cm setslot
+.Ar slot_id
+.Ar type
+.Ar value
+.Xc
+.Pp
+For the specified slot sets parameter of the specified
+.Ar type
+to the 
+.Ar value
+provided.
+.Bl -tag -width indent
+.It Ar slot_id
+Slot id: 1a-6b.
+.It Ar type
+Type of the parameter to set. Must be one of the following:
+.Bl -tag -offset 4n -width 8n
+.It Sy label
+The slot label.
+.It Sy url
+URL of the login page.
+.It Sy delay1
+Delay after entering URL, seconds: 0-9.
+.It Sy add_char1
+Additional character before username: 1 for TAB, 0 to clear.
+.It Sy username
+Username to login.
+.It Sy add_char2
+Additional character after username: 1 for TAB, 2 for RETURN.
+.It Sy delay2
+Delay after entering username, seconds: 0-9.
+.It Sy password
+Password to login.
+.It Sy add_char3
+Additional character after password: 1 for TAB, 2 for RETURN.
+.It Sy delay3
+Delay after entering password, seconds: 0-9.
+.It Sy add_char4
+Additional character before OTP: 1 for TAB, 2 for RETURN.
+.It Sy 2fa
+Type of two factor authentication: g for Google Authenticator, y - Yubico OTP, u - U2F.
+.It Sy totpkey
+Google Authenticator key.
+.It Sy add_char5
+Additional character after OTP: 1 for TAB, 2 for RETURN.
+.El
+.It Ar value
+Value to set, see accepted values in each parameter type description above.
+.El
+.It Xo
+.Cm wipeslot
+.Ar slot_id
+.Xc
+.Pp
+Erases all the data (URL/username/password/label/etc.) of the slot with provided
+.Ar slot_id
+(1a-6b).
+.It Xo
+.Cm setkey
+.Ar key_slot
+.Ar key_type
+.Xc
+.Pp
+Sets custom key of provided
+.Ar key_type
+to the 
+.Ar key_slot .
+.It Xo
+.Cm wipekey
+.Ar key_slot
+.Xc
+.Pp
+Wipes custom key from the provided
+.Ar key_slot .
+.It Xo
+.Cm idletimeout
+.Ar timeout
+.Xc
+.Pp
+Sets the OnlyKey auto-lock time value to 
+.Ar timout
+minutes: 1-255; default is 30; 0 to disable.
+.It Xo
+.Cm wipemode
+.Ar mode_id
+.Xc
+.Pp
+Configures how the OnlyKey responds to a factory reset. Accepted
+.Ar mode_id
+values are:
+.Bl -tag -width indent
+.It 1
+Only sensitive data will be wiped (default).
+.It 2
+Entire OnlyKey device will be wiped, including firmware. Firmware must be
+reloaded after factory reset. This mode is recommended for plausible
+deniability users. WARNING: setting to this mode cannot be changed.
+.El
+.It Xo
+.Cm keylayout
+.Ar layout_id
+.Xc
+.Pp
+Configures the OnlyKey keyboard layout. Accepted
+.Ar layout_id
+values are:
+.Bl -tag -width indent
+.It 1
+USA_ENGLISH (default).
+.It 2
+CANADIAN_FRENCH.
+.It 3
+CANADIAN_MULTILINGUAL.
+.It 4
+DANISH.
+.It 5
+FINNISH.
+.It 6
+FRENCH.
+.It 7
+FRENCH_BELGIAN.
+.It 8
+FRENCH_SWISS.
+.It 9
+GERMAN.
+.It 10
+GERMAN_MAC.
+.It 11
+GERMAN_SWISS.
+.It 12
+ICELANDIC.
+.It 13
+IRISH.
+.It 14
+ITALIAN.
+.It 15
+NORWEGIAN.
+.It 16
+PORTUGUESE.
+.It 17
+PORTUGUESE_BRAZILIAN.
+.It 18
+SPANISH.
+.It 19
+SPANISH_LATIN_AMERICA.
+.It 20
+SWEDISH.
+.It 21
+TURKISH.
+.It 22
+UNITED_KINGDOM.
+.It 23
+CZECH.
+.It 24
+SERBIAN_LATIN_ONLY.
+.It 25
+HUNGARIAN.
+.El
+.It Xo
+.Cm keytypespeed
+.Ar speed
+.Xc
+.Pp
+Sets type 
+.Ar speed
+: 1 is slowest; 10 is fastest; 4 is default.
+.Sh BUGS
+Sometimes the 
+.Nm
+doesn't recognize that PIN has been entered and the OnlyKey in unlocked
+successfully.
+In such case any command to the OnlyKey fails with an
+error 'OnlyKey is locked, enter PIN to unlock'.
+The workaround for such issue is to just retry one more time.
+.Sh AUTHORS
+This manual page is a
+.Xr mdoc 7
+reimplementation of the OnlyKey PIP module's README.md,
+modified and customized for
+.Fx . The
+.Xr mdoc 7
+implementation of this manual page was initially written by
+.An Dmytro Bilokha Aq dmytro@posteo.net .
+.Sh WWW
+Main OnlyKey product page: https://onlykey.io/
+
+OnlyKey documentation site: https://docs.crp.to/
+
+Source code: https://github.com/trustcrypto/python-onlykey

Added: head/security/py-onlykey/files/onlykey.conf.sample
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/py-onlykey/files/onlykey.conf.sample	Thu Dec 10 21:29:41 2020	(r557479)
@@ -0,0 +1,31 @@
+# OnlyKey Security KEY
+notify 100 {
+        match "system"          "USB";
+        match "subsystem"       "DEVICE";
+        match "type"            "ATTACH";
+        match "vendor"          "0x1d50";
+        match "product"         "0x60fc";
+        action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
+};
+
+notify 100 {
+        match "system"          "USB";
+        match "subsystem"       "DEVICE";
+        match "type"            "ATTACH";
+        match "vendor"          "0x16c0";
+        match "product"         "0x0486";
+        action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
+};
+
+attach 100 {
+        match "vendor"          "0x1d50";
+        match "product"         "0x60fc";
+        action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
+};
+
+attach 100 {
+        match "vendor"          "0x16c0";
+        match "product"         "0x0486";
+        action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
+};
+

Added: head/security/py-onlykey/files/pkg-message.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/py-onlykey/files/pkg-message.in	Thu Dec 10 21:29:41 2020	(r557479)
@@ -0,0 +1,8 @@
+[
+{ type: install
+  message: <<EOM
+By default the usage of OnlyKey will be allowed to users of the 'u2f'
+group. To override this edit %%PREFIX%%/etc/devd/onlykey.conf 
+EOM
+}
+]

Added: head/security/py-onlykey/pkg-descr
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/py-onlykey/pkg-descr	Thu Dec 10 21:29:41 2020	(r557479)
@@ -0,0 +1,4 @@
+Python command line tool for configuring and using the OnlyKey
+hardware password manager.
+
+WWW: https://github.com/trustcrypto/python-onlykey



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202012102129.0BALTfMT040712>