From owner-svn-ports-all@freebsd.org Thu Dec 10 21:29:47 2020 Return-Path: Delivered-To: svn-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 943AC4B72A3; Thu, 10 Dec 2020 21:29:47 +0000 (UTC) (envelope-from pi@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CsRrm6VHmz3JC2; Thu, 10 Dec 2020 21:29:44 +0000 (UTC) (envelope-from pi@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3F5B41FABB; Thu, 10 Dec 2020 21:29:43 +0000 (UTC) (envelope-from pi@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0BALThPs040859; Thu, 10 Dec 2020 21:29:43 GMT (envelope-from pi@FreeBSD.org) Received: (from pi@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0BALTfMT040712; Thu, 10 Dec 2020 21:29:41 GMT (envelope-from pi@FreeBSD.org) Message-Id: <202012102129.0BALTfMT040712@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: pi set sender to pi@FreeBSD.org using -f From: Kurt Jaeger Date: Thu, 10 Dec 2020 21:29:41 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r557479 - in head/security: . py-onlykey py-onlykey/files X-SVN-Group: ports-head X-SVN-Commit-Author: pi X-SVN-Commit-Paths: in head/security: . py-onlykey py-onlykey/files X-SVN-Commit-Revision: 557479 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Dec 2020 21:29:47 -0000 Author: pi Date: Thu Dec 10 21:29:41 2020 New Revision: 557479 URL: https://svnweb.freebsd.org/changeset/ports/557479 Log: New port: security/py-onlykey: cli for the OnlyKey hardware password manager Python command line tool for configuring and using the OnlyKey hardware password manager. WWW: https://github.com/trustcrypto/python-onlykey PR: 250601 Submitted by: Dmytro Bilokha Added: head/security/py-onlykey/ head/security/py-onlykey/Makefile (contents, props changed) head/security/py-onlykey/distinfo (contents, props changed) head/security/py-onlykey/files/ head/security/py-onlykey/files/onlykey-cli.1 (contents, props changed) head/security/py-onlykey/files/onlykey.conf.sample (contents, props changed) head/security/py-onlykey/files/pkg-message.in (contents, props changed) head/security/py-onlykey/pkg-descr (contents, props changed) Modified: head/security/Makefile Modified: head/security/Makefile ============================================================================== --- head/security/Makefile Thu Dec 10 21:29:35 2020 (r557478) +++ head/security/Makefile Thu Dec 10 21:29:41 2020 (r557479) @@ -926,6 +926,7 @@ SUBDIR += py-oauth2client SUBDIR += py-oauthlib SUBDIR += py-obfsproxy-tor + SUBDIR += py-onlykey SUBDIR += py-openssl SUBDIR += py-ospd SUBDIR += py-paramiko Added: head/security/py-onlykey/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/py-onlykey/Makefile Thu Dec 10 21:29:41 2020 (r557479) @@ -0,0 +1,41 @@ +# $FreeBSD$ + +PORTNAME= onlykey +PORTVERSION= 1.2.2 +CATEGORIES= security python +MASTER_SITES= CHEESESHOP +PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} + +MAINTAINER= dmytro@posteo.net +COMMENT= Python command line tool for configuring and using OnlyKey + +LICENSE= MIT + +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}hidapi>0:comms/py-hidapi@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}aenum>0:devel/py-aenum@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}six>0:devel/py-six@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}prompt_toolkit>=2:devel/py-prompt_toolkit@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}pynacl>=1.4.0:security/py-pynacl@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}ecdsa>=0.13:security/py-ecdsa@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}cython>=0.23.4:lang/cython@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}libusb1>0:devel/py-libusb1@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}uhid-freebsd>0:devel/py-uhid-freebsd@${PY_FLAVOR} \ + u2f-host:security/libu2f-host + +USES= python:3.7+ +USE_PYTHON= autoplist distutils + +SUB_FILES= pkg-message + +PLIST_FILES= "@sample ${PREFIX}/etc/devd/onlykey.conf.sample" \ + "${PREFIX}/man/man1/onlykey-cli.1.gz" + +NO_ARCH= yes + +post-install: + @${MKDIR} ${STAGEDIR}${PREFIX}/etc/devd + ${INSTALL_DATA} ${FILESDIR}/onlykey.conf.sample \ + ${STAGEDIR}${PREFIX}/etc/devd + ${INSTALL_MAN} ${FILESDIR}/onlykey-cli.1 ${STAGEDIR}${PREFIX}/man/man1 + +.include Added: head/security/py-onlykey/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/py-onlykey/distinfo Thu Dec 10 21:29:41 2020 (r557479) @@ -0,0 +1,3 @@ +TIMESTAMP = 1603049784 +SHA256 (onlykey-1.2.2.tar.gz) = b17197715e9197885574a0806cce8af087756f99c87d27415be7d15e967a6be2 +SIZE (onlykey-1.2.2.tar.gz) = 11911 Added: head/security/py-onlykey/files/onlykey-cli.1 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/py-onlykey/files/onlykey-cli.1 Thu Dec 10 21:29:41 2020 (r557479) @@ -0,0 +1,230 @@ +.Dd October 23, 2020 +.Dt ONLYKEY-CLI 1 +.Os +.Sh NAME +.Nm onlykey-cli +.Nd Python client for interacting with the OnlyKey +.Sh SYNOPSIS +.Nm +.Op Ar command +.Sh DESCRIPTION +.Nm +is a command line interface to the OnlyKey that can be used for +configuration (similar functionality to OnlyKey App). You can either +provide a +.Ar command +to get it executed immediately or run +.Nm +without parameters to open an interactive prompt and type commands there. +.Sh COMMANDS +.Bl -tag -width 2n +.It Xo +.Cm init +.Xc +.Pp +Sets OnlyKey into initial configuration mode (setting PIN). +.It Xo +.Cm settime +.Xc +.Pp +Sets time on OnlyKey, time is needed for TOTP (Google Authenticator). +.It Xo +.Cm getlabels +.Xc +.Pp +Prints label for each slot. +.It Xo +.Cm getkeylabels +.Xc +.Pp +Prints key label for each RSA and ECC key. +.It Xo +.Cm setslot +.Ar slot_id +.Ar type +.Ar value +.Xc +.Pp +For the specified slot sets parameter of the specified +.Ar type +to the +.Ar value +provided. +.Bl -tag -width indent +.It Ar slot_id +Slot id: 1a-6b. +.It Ar type +Type of the parameter to set. Must be one of the following: +.Bl -tag -offset 4n -width 8n +.It Sy label +The slot label. +.It Sy url +URL of the login page. +.It Sy delay1 +Delay after entering URL, seconds: 0-9. +.It Sy add_char1 +Additional character before username: 1 for TAB, 0 to clear. +.It Sy username +Username to login. +.It Sy add_char2 +Additional character after username: 1 for TAB, 2 for RETURN. +.It Sy delay2 +Delay after entering username, seconds: 0-9. +.It Sy password +Password to login. +.It Sy add_char3 +Additional character after password: 1 for TAB, 2 for RETURN. +.It Sy delay3 +Delay after entering password, seconds: 0-9. +.It Sy add_char4 +Additional character before OTP: 1 for TAB, 2 for RETURN. +.It Sy 2fa +Type of two factor authentication: g for Google Authenticator, y - Yubico OTP, u - U2F. +.It Sy totpkey +Google Authenticator key. +.It Sy add_char5 +Additional character after OTP: 1 for TAB, 2 for RETURN. +.El +.It Ar value +Value to set, see accepted values in each parameter type description above. +.El +.It Xo +.Cm wipeslot +.Ar slot_id +.Xc +.Pp +Erases all the data (URL/username/password/label/etc.) of the slot with provided +.Ar slot_id +(1a-6b). +.It Xo +.Cm setkey +.Ar key_slot +.Ar key_type +.Xc +.Pp +Sets custom key of provided +.Ar key_type +to the +.Ar key_slot . +.It Xo +.Cm wipekey +.Ar key_slot +.Xc +.Pp +Wipes custom key from the provided +.Ar key_slot . +.It Xo +.Cm idletimeout +.Ar timeout +.Xc +.Pp +Sets the OnlyKey auto-lock time value to +.Ar timout +minutes: 1-255; default is 30; 0 to disable. +.It Xo +.Cm wipemode +.Ar mode_id +.Xc +.Pp +Configures how the OnlyKey responds to a factory reset. Accepted +.Ar mode_id +values are: +.Bl -tag -width indent +.It 1 +Only sensitive data will be wiped (default). +.It 2 +Entire OnlyKey device will be wiped, including firmware. Firmware must be +reloaded after factory reset. This mode is recommended for plausible +deniability users. WARNING: setting to this mode cannot be changed. +.El +.It Xo +.Cm keylayout +.Ar layout_id +.Xc +.Pp +Configures the OnlyKey keyboard layout. Accepted +.Ar layout_id +values are: +.Bl -tag -width indent +.It 1 +USA_ENGLISH (default). +.It 2 +CANADIAN_FRENCH. +.It 3 +CANADIAN_MULTILINGUAL. +.It 4 +DANISH. +.It 5 +FINNISH. +.It 6 +FRENCH. +.It 7 +FRENCH_BELGIAN. +.It 8 +FRENCH_SWISS. +.It 9 +GERMAN. +.It 10 +GERMAN_MAC. +.It 11 +GERMAN_SWISS. +.It 12 +ICELANDIC. +.It 13 +IRISH. +.It 14 +ITALIAN. +.It 15 +NORWEGIAN. +.It 16 +PORTUGUESE. +.It 17 +PORTUGUESE_BRAZILIAN. +.It 18 +SPANISH. +.It 19 +SPANISH_LATIN_AMERICA. +.It 20 +SWEDISH. +.It 21 +TURKISH. +.It 22 +UNITED_KINGDOM. +.It 23 +CZECH. +.It 24 +SERBIAN_LATIN_ONLY. +.It 25 +HUNGARIAN. +.El +.It Xo +.Cm keytypespeed +.Ar speed +.Xc +.Pp +Sets type +.Ar speed +: 1 is slowest; 10 is fastest; 4 is default. +.Sh BUGS +Sometimes the +.Nm +doesn't recognize that PIN has been entered and the OnlyKey in unlocked +successfully. +In such case any command to the OnlyKey fails with an +error 'OnlyKey is locked, enter PIN to unlock'. +The workaround for such issue is to just retry one more time. +.Sh AUTHORS +This manual page is a +.Xr mdoc 7 +reimplementation of the OnlyKey PIP module's README.md, +modified and customized for +.Fx . The +.Xr mdoc 7 +implementation of this manual page was initially written by +.An Dmytro Bilokha Aq dmytro@posteo.net . +.Sh WWW +Main OnlyKey product page: https://onlykey.io/ + +OnlyKey documentation site: https://docs.crp.to/ + +Source code: https://github.com/trustcrypto/python-onlykey Added: head/security/py-onlykey/files/onlykey.conf.sample ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/py-onlykey/files/onlykey.conf.sample Thu Dec 10 21:29:41 2020 (r557479) @@ -0,0 +1,31 @@ +# OnlyKey Security KEY +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x1d50"; + match "product" "0x60fc"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +notify 100 { + match "system" "USB"; + match "subsystem" "DEVICE"; + match "type" "ATTACH"; + match "vendor" "0x16c0"; + match "product" "0x0486"; + action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; +}; + +attach 100 { + match "vendor" "0x1d50"; + match "product" "0x60fc"; + action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name"; +}; + +attach 100 { + match "vendor" "0x16c0"; + match "product" "0x0486"; + action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name"; +}; + Added: head/security/py-onlykey/files/pkg-message.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/py-onlykey/files/pkg-message.in Thu Dec 10 21:29:41 2020 (r557479) @@ -0,0 +1,8 @@ +[ +{ type: install + message: <