Update Belgian eID middleware to 4.4.5. Enable the viewer application

and the Firefox extension.  Rename the port from security/libbeid to
security/beid now that it's more than just a library.

10 files changed, 250 insertions, 0 deletions

diff --git a/security/beid/Makefile b/security/beid/Makefile
new file mode 100644
index 000000000000..87432f6fb16d
--- /dev/null
+++ b/security/beid/Makefile
@@ -0,0 +1,57 @@
+# $FreeBSD$
+
+PORTNAME=	beid
+PORTVERSION=	4.4.5
+DISTVERSIONPREFIX=	v
+CATEGORIES=	security
+
+MAINTAINER=	tijl@FreeBSD.org
+COMMENT=	Belgian eID middleware
+
+LICENSE=	LGPL3
+LICENSE_FILE=	${WRKSRC}/COPYING
+
+LIB_DEPENDS=	libpcsclite.so:devel/pcsc-lite
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	Fedict
+GH_PROJECT=	eid-mw
+
+USES=		autoreconf gettext-tools gmake libtool pkgconfig
+USE_GNOME=	gtk30
+GLIB_SCHEMAS=	eid-viewer.gschema.xml
+
+GNU_CONFIGURE=	yes
+CONFIGURE_ARGS=	--disable-p11kit --disable-static --with-gtkvers=3 \
+		--enable-webextension \
+		--with-mozext=${PREFIX}/lib/firefox/browser/extensions
+INSTALL_TARGET=	install-strip
+
+OPTIONS_DEFINE=	NLS
+OPTIONS_SUB=	yes
+
+NLS_CONFIGURE_ENABLE=	nls
+NLS_USES=		gettext-runtime
+
+post-patch:
+	@${ECHO_CMD} ${PORTVERSION}-release > ${WRKSRC}/.version
+	@${REINPLACE_CMD} -e '/^MODUTIL=/s,/usr/bin,${LOCALBASE}/bin,' \
+		-e '/^CERTUTIL=/s,/usr/bin,${LOCALBASE}/bin,' \
+		-e '/^LIBS=/s,=.*,=${PREFIX}/lib,' \
+		${WRKSRC}/plugins_tools/chrome_pkcs11/beid-update-nssdb
+	@${REINPLACE_CMD} '/^Exec=/s,/usr/bin,${PREFIX}/bin,' \
+		${WRKSRC}/plugins_tools/chrome_pkcs11/beid-update-nssdb.desktop
+
+post-install:
+	${MKDIR} ${STAGEDIR}${PREFIX}/lib/pkcs11
+	${LN} -s ../libbeidpkcs11.so.0 \
+		${STAGEDIR}${PREFIX}/lib/pkcs11/beidpkcs11.so
+	${MKDIR} ${STAGEDIR}${PREFIX}/share/p11-kit/modules
+	${INSTALL_DATA} ${WRKSRC}/cardcomm/pkcs11/src/beid.module \
+		${STAGEDIR}${PREFIX}/share/p11-kit/modules
+	${RMDIR} ${STAGEDIR}${PREFIX}/share/locale/en@boldquot/LC_MESSAGES
+	${RMDIR} ${STAGEDIR}${PREFIX}/share/locale/en@boldquot
+	${RMDIR} ${STAGEDIR}${PREFIX}/share/locale/en@quot/LC_MESSAGES
+	${RMDIR} ${STAGEDIR}${PREFIX}/share/locale/en@quot
+
+.include <bsd.port.mk>
diff --git a/security/beid/distinfo b/security/beid/distinfo
new file mode 100644
index 000000000000..733b71138662
--- /dev/null
+++ b/security/beid/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1533912357
+SHA256 (Fedict-eid-mw-v4.4.5_GH0.tar.gz) = d2411d1534a1ee37b98cd12e17a79abe818e0a08c30c9e677af0b39a68e8396c
+SIZE (Fedict-eid-mw-v4.4.5_GH0.tar.gz) = 7720366
diff --git a/security/beid/files/patch-common b/security/beid/files/patch-common
new file mode 100644
index 000000000000..4bb5ca0972c0
--- /dev/null
+++ b/security/beid/files/patch-common
@@ -0,0 +1,21 @@
+--- cardcomm/pkcs11/src/common/logbase.cpp.orig	2017-05-16 16:28:03 UTC
++++ cardcomm/pkcs11/src/common/logbase.cpp
+@@ -639,6 +639,7 @@ namespace eIDMW
+ 					      utilStringNarrow(filename).
+ 					      c_str(), "a");
+ #else
++			(void)bWchar;
+ 			m_f = fopen(utilStringNarrow(filename).c_str(),
+ 				    "a, ccs=UTF-8");
+ 			if (m_f == NULL)
+--- cardcomm/pkcs11/src/common/util.cpp.orig	2017-05-16 16:28:03 UTC
++++ cardcomm/pkcs11/src/common/util.cpp
+@@ -221,7 +221,7 @@ namespace eIDMW
+ 			pid = getpid();
+ 
+ 			if (snprintf
+-			    (linkname, sizeof(linkname), "/proc/%i/exe",
++			    (linkname, sizeof(linkname), "/proc/%i/file",
+ 			     pid) < 0)
+ 			{
+ 				/* This should only happen on large word systems. I'm not sure
diff --git a/security/beid/files/patch-dialogs b/security/beid/files/patch-dialogs
new file mode 100644
index 000000000000..9175b66c8185
--- /dev/null
+++ b/security/beid/files/patch-dialogs
@@ -0,0 +1,22 @@
+--- cardcomm/pkcs11/src/dialogs/dialogsgtk/beid-badpin.c.orig	2017-10-27 12:42:43 UTC
++++ cardcomm/pkcs11/src/dialogs/dialogsgtk/beid-badpin.c
+@@ -43,7 +43,7 @@ int main(int argc, char *argv[]) {
+         // create new message dialog with CANCEL button in standard places, in center of user's screen
+         ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+ 
+-	char* msg;
++        char const *msg;
+         int attempts;
+ 
+         if ((argc == 2) && (argv[1] != NULL) && (strlen(argv[1]) == 1)
+--- cardcomm/pkcs11/src/dialogs/dialogsgtk/parent.c.orig	2017-10-27 12:42:43 UTC
++++ cardcomm/pkcs11/src/dialogs/dialogsgtk/parent.c
+@@ -12,7 +12,7 @@ ssize_t get_parent_path(char *exec_path, size_t exec_p
+         ssize_t exec_path_len = -1;
+         pid_t ppid = getppid();
+ 
+-        snprintf(proc_path, sizeof(proc_path) - 1, "/proc/%d/exe", ppid);
++        snprintf(proc_path, sizeof(proc_path) - 1, "/proc/%d/file", ppid);
+         if ((exec_path_len = readlink(proc_path, exec_path, exec_path_size - 1)) != -1) {
+                 exec_path[exec_path_len] = '\0';
+         } else {
diff --git a/security/beid/files/patch-plugins_tools_chrome_pkcs11_beid-update-nssdb b/security/beid/files/patch-plugins_tools_chrome_pkcs11_beid-update-nssdb
new file mode 100644
index 000000000000..90e4789933ba
--- /dev/null
+++ b/security/beid/files/patch-plugins_tools_chrome_pkcs11_beid-update-nssdb
@@ -0,0 +1,40 @@
+--- plugins_tools/chrome_pkcs11/beid-update-nssdb.orig	2018-07-20 12:53:45 UTC
++++ plugins_tools/chrome_pkcs11/beid-update-nssdb
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#! /bin/sh
+ #
+ # The MIT License (MIT)
+ #
+@@ -26,15 +26,17 @@
+ # Copyright(c) Wouter Verhelst, 2018
+ 
+ NSSDB=$HOME/.pki/nssdb
+-MODUTIL="/usr/bin/modutil -force -dbdir sql:$NSSDB"
+-CERTUTIL="/usr/bin/certutil -d sql:$NSSDB"
++MODUTIL="/usr/bin/modutil"
++CERTUTIL="/usr/bin/certutil"
+ LIBS=$(ld --verbose | grep SEARCH | awk '{ gsub(/;/,"\n"); print }' | awk -F '\"' '/SEARCH_DIR\(\"=?/ { gsub(/=/,""); print $2 }')
+ PKCS11=libbeidpkcs11.so.0
+ 
++[ -e $CERTUTIL -a -e $MODUTIL ] || exit
++
+ if [ ! -f $NSSDB/cert9.db ]; then
+     echo "Initializing new database"
+     mkdir -p $NSSDB
+-    $CERTUTIL -N --empty-password
++    $CERTUTIL -d sql:$NSSDB -N --empty-password
+ fi
+ 
+ for DIR in $LIBS; do
+@@ -45,8 +47,8 @@ for DIR in $LIBS; do
+             echo "ID-card support for Google Chrome/Chromium/Opera already enabled"
+         else
+             echo "Enabling ID-card functionality in Google Chrome/Chromium/Opera via $LIB"
+-            $MODUTIL -delete "Belgium eID"
+-            $MODUTIL -add "Belgium eID" -libfile $LIB -mechanisms FRIENDLY
++            $MODUTIL -force -dbdir sql:$NSSDB -delete "Belgium eID"
++            $MODUTIL -force -dbdir sql:$NSSDB -add "Belgium eID" -libfile $LIB -mechanisms FRIENDLY
+         fi
+         exit
+     fi
diff --git a/security/beid/files/patch-plugins_tools_eid-viewer_Makefile.am b/security/beid/files/patch-plugins_tools_eid-viewer_Makefile.am
new file mode 100644
index 000000000000..65bda43d28e9
--- /dev/null
+++ b/security/beid/files/patch-plugins_tools_eid-viewer_Makefile.am
@@ -0,0 +1,20 @@
+--- plugins_tools/eid-viewer/Makefile.am.orig	2018-07-20 12:53:45 UTC
++++ plugins_tools/eid-viewer/Makefile.am
+@@ -51,6 +51,8 @@ libeidviewer_la_SOURCES = \
+ 	cache/cache.cpp \
+ 	conversions/bbannumconv.h \
+ 	conversions/bbannumconv.cpp \
++	conversions/booldecode.h \
++	conversions/booldecode.cpp \
+ 	conversions/genderconv.h \
+ 	conversions/genderconv.cpp \
+ 	conversions/hexnumconv.cpp \
+@@ -74,6 +76,8 @@ libeidviewer_la_SOURCES = \
+ 	conversions/specconv.cpp \
+ 	conversions/specorgconv.h \
+ 	conversions/specorgconv.cpp \
++	conversions/toxmlmemberoffamilyconv.h \
++	conversions/toxmlmemberoffamilyconv.cpp \
+ 	conversions/valdate.h \
+ 	conversions/valdate.cpp \
+ 	conversions/workpermitconv.h \
diff --git a/security/beid/files/patch-scripts_build-aux_genver.sh b/security/beid/files/patch-scripts_build-aux_genver.sh
new file mode 100644
index 000000000000..9ab9c47a3469
--- /dev/null
+++ b/security/beid/files/patch-scripts_build-aux_genver.sh
@@ -0,0 +1,16 @@
+--- scripts/build-aux/genver.sh.orig	2017-10-27 12:42:43 UTC
++++ scripts/build-aux/genver.sh
+@@ -1,11 +1,11 @@
+ #!/bin/sh
+ 
+-GITDESC=$(git describe --dirty|sed -e 's/-/./g' 2>/dev/null)
++GITDESC=$(git describe --dirty 2>/dev/null | sed -e 's/-/./g')
+ VERCLEAN=$(echo $GITDESC|sed -Ee 's/^.*v([0-9]+\.[0-9]+(\.[0-9]+|bp)).*$/\1/')
+ 
+ GITDESC="$VERCLEAN-$GITDESC"
+ 
+-if [ -z "$GITDESC" ]; then
++if [ "$GITDESC" = "-" ]; then
+ 	if [ -f ".version" ]; then
+ 		GITDESC=$(cat .version)
+ 	else
diff --git a/security/beid/pkg-descr b/security/beid/pkg-descr
new file mode 100644
index 000000000000..57e0dbe4d90a
--- /dev/null
+++ b/security/beid/pkg-descr
@@ -0,0 +1,4 @@
+Viewer and PKCS #11 module for Belgian government-issued electronic identity
+cards.
+
+WWW: https://github.com/Fedict/eid-mw/
diff --git a/security/beid/pkg-message b/security/beid/pkg-message
new file mode 100644
index 000000000000..35a9465f4464
--- /dev/null
+++ b/security/beid/pkg-message
@@ -0,0 +1,16 @@
+WARNING:
+The private keys on the eID cards are created by the Belgian government and
+not by the citizens.  You should assume that the government can forge digital
+signatures and decrypt encrypted content.
+
+The procfs file system must be mounted on /proc for the PKCS #11 module to
+work.  Add the following line to /etc/fstab and run "mount procfs".
+
+procfs		/proc		procfs	rw		0	0
+
+Make sure you have installed a pcsc-lite driver for your card reader (such
+as devel/libccid) and that pcscd is running (add pcscd_enable="YES" to
+/etc/rc.conf and start the service by running "service pcscd start").
+
+To use your eID in Firefox you have to enable the "eID Belgium" extension
+in the Add-ons Manager.
diff --git a/security/beid/pkg-plist b/security/beid/pkg-plist
new file mode 100644
index 000000000000..541eb8a44320
--- /dev/null
+++ b/security/beid/pkg-plist
@@ -0,0 +1,51 @@
+bin/about-eid-mw
+bin/beid-update-nssdb
+bin/eid-viewer
+etc/xdg/autostart/beid-update-nssdb.desktop
+include/beid/rsaref220/pkcs11.h
+include/beid/rsaref220/pkcs11f.h
+include/beid/rsaref220/pkcs11t.h
+include/beid/rsaref220/unix.h
+include/eid-util/utftranslate.h
+include/eid-viewer/certhelpers.h
+include/eid-viewer/eid-viewer.h
+include/eid-viewer/macros.h
+include/eid-viewer/oslayer.h
+include/eid-viewer/verify_cert.h
+lib/libbeidpkcs11.so
+lib/libbeidpkcs11.so.0
+lib/libbeidpkcs11.so.0.0.0
+lib/libeidviewer.so
+lib/libeidviewer.so.0
+lib/libeidviewer.so.0.1.0
+lib/mozilla/pkcs11-modules/beidpkcs11.json
+lib/pkcs11/beidpkcs11.so
+lib/firefox/browser/extensions/belgiumeid@eid.belgium.be.xpi
+libdata/pkgconfig/libbeidpkcs11.pc
+libexec/beid-askaccess
+libexec/beid-askpin
+libexec/beid-badpin
+libexec/beid-changepin
+libexec/beid-spr-askpin
+libexec/beid-spr-changepin
+share/applications/eid-viewer.desktop
+share/eid-mw/eidv4.xsd
+share/eid-mw/trustdir/143b8e8e.0
+share/eid-mw/trustdir/9ef4b1e1.0
+share/eid-mw/trustdir/belgiumrca2.pem
+share/eid-mw/trustdir/belgiumrca3.pem
+share/eid-mw/trustdir/belgiumrca4.pem
+share/eid-mw/trustdir/c7e71426.0
+share/icons/hicolor/128x128/apps/eid-viewer.png
+share/icons/hicolor/16x16/apps/eid-viewer.png
+share/icons/hicolor/256x256/apps/eid-viewer.png
+share/icons/hicolor/32x32/apps/eid-viewer.png
+share/icons/hicolor/48x48/apps/eid-viewer.png
+share/icons/hicolor/512x512/apps/eid-viewer.png
+%%NLS%%share/locale/de/LC_MESSAGES/dialogs-beid.mo
+%%NLS%%share/locale/de/LC_MESSAGES/eid-viewer.mo
+%%NLS%%share/locale/fr/LC_MESSAGES/dialogs-beid.mo
+%%NLS%%share/locale/fr/LC_MESSAGES/eid-viewer.mo
+%%NLS%%share/locale/nl/LC_MESSAGES/dialogs-beid.mo
+%%NLS%%share/locale/nl/LC_MESSAGES/eid-viewer.mo
+share/p11-kit/modules/beid.module