diff options
18 files changed, 154 insertions, 113 deletions
@@ -10422,3 +10422,4 @@ devel/lldb38|devel/llvm38|2018-08-08|METAPORT removed lang/clang38|devel/llvm38|2018-08-08|METAPORT removed science/py-tensorflow||2018-08-08|Has expired: build broken devel/bazel-clang38|devel/bazel|2018-08-08|Slave port depends on obsolete LLVM version +security/libbeid|security/beid|2018-08-12|No longer just a library diff --git a/security/Makefile b/security/Makefile index 9bcd78ec1fb5..4f502273654f 100644 --- a/security/Makefile +++ b/security/Makefile @@ -44,6 +44,7 @@ SUBDIR += bdes SUBDIR += bearssl SUBDIR += beecrypt + SUBDIR += beid SUBDIR += belier SUBDIR += bfbtester SUBDIR += binwalk @@ -336,7 +337,6 @@ SUBDIR += libadacrypt SUBDIR += libargon2 SUBDIR += libassuan - SUBDIR += libbeid SUBDIR += libbf SUBDIR += libcryptui SUBDIR += libdecaf diff --git a/security/libbeid/Makefile b/security/beid/Makefile index b55cc3a8c244..87432f6fb16d 100644 --- a/security/libbeid/Makefile +++ b/security/beid/Makefile @@ -1,12 +1,12 @@ # $FreeBSD$ -PORTNAME= libbeid -PORTVERSION= 4.4.2 +PORTNAME= beid +PORTVERSION= 4.4.5 DISTVERSIONPREFIX= v CATEGORIES= security MAINTAINER= tijl@FreeBSD.org -COMMENT= Belgian eID PKCS #11 module +COMMENT= Belgian eID middleware LICENSE= LGPL3 LICENSE_FILE= ${WRKSRC}/COPYING @@ -17,11 +17,14 @@ USE_GITHUB= yes GH_ACCOUNT= Fedict GH_PROJECT= eid-mw -USES= autoreconf gettext-tools libtool pkgconfig +USES= autoreconf gettext-tools gmake libtool pkgconfig USE_GNOME= gtk30 +GLIB_SCHEMAS= eid-viewer.gschema.xml GNU_CONFIGURE= yes -CONFIGURE_ARGS= --disable-p11kit --disable-static --with-gtkvers=3 +CONFIGURE_ARGS= --disable-p11kit --disable-static --with-gtkvers=3 \ + --enable-webextension \ + --with-mozext=${PREFIX}/lib/firefox/browser/extensions INSTALL_TARGET= install-strip OPTIONS_DEFINE= NLS @@ -32,15 +35,23 @@ NLS_USES= gettext-runtime post-patch: @${ECHO_CMD} ${PORTVERSION}-release > ${WRKSRC}/.version + @${REINPLACE_CMD} -e '/^MODUTIL=/s,/usr/bin,${LOCALBASE}/bin,' \ + -e '/^CERTUTIL=/s,/usr/bin,${LOCALBASE}/bin,' \ + -e '/^LIBS=/s,=.*,=${PREFIX}/lib,' \ + ${WRKSRC}/plugins_tools/chrome_pkcs11/beid-update-nssdb + @${REINPLACE_CMD} '/^Exec=/s,/usr/bin,${PREFIX}/bin,' \ + ${WRKSRC}/plugins_tools/chrome_pkcs11/beid-update-nssdb.desktop post-install: - ${RM} -r ${STAGEDIR}${PREFIX}/lib/mozilla - ${RM} -r ${STAGEDIR}${PREFIX}/libdata/pkgconfig ${MKDIR} ${STAGEDIR}${PREFIX}/lib/pkcs11 ${LN} -s ../libbeidpkcs11.so.0 \ ${STAGEDIR}${PREFIX}/lib/pkcs11/beidpkcs11.so ${MKDIR} ${STAGEDIR}${PREFIX}/share/p11-kit/modules ${INSTALL_DATA} ${WRKSRC}/cardcomm/pkcs11/src/beid.module \ ${STAGEDIR}${PREFIX}/share/p11-kit/modules + ${RMDIR} ${STAGEDIR}${PREFIX}/share/locale/en@boldquot/LC_MESSAGES + ${RMDIR} ${STAGEDIR}${PREFIX}/share/locale/en@boldquot + ${RMDIR} ${STAGEDIR}${PREFIX}/share/locale/en@quot/LC_MESSAGES + ${RMDIR} ${STAGEDIR}${PREFIX}/share/locale/en@quot .include <bsd.port.mk> diff --git a/security/beid/distinfo b/security/beid/distinfo new file mode 100644 index 000000000000..733b71138662 --- /dev/null +++ b/security/beid/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1533912357 +SHA256 (Fedict-eid-mw-v4.4.5_GH0.tar.gz) = d2411d1534a1ee37b98cd12e17a79abe818e0a08c30c9e677af0b39a68e8396c +SIZE (Fedict-eid-mw-v4.4.5_GH0.tar.gz) = 7720366 diff --git a/security/libbeid/files/patch-common b/security/beid/files/patch-common index 4bb5ca0972c0..4bb5ca0972c0 100644 --- a/security/libbeid/files/patch-common +++ b/security/beid/files/patch-common diff --git a/security/libbeid/files/patch-dialogs b/security/beid/files/patch-dialogs index 9175b66c8185..9175b66c8185 100644 --- a/security/libbeid/files/patch-dialogs +++ b/security/beid/files/patch-dialogs diff --git a/security/beid/files/patch-plugins_tools_chrome_pkcs11_beid-update-nssdb b/security/beid/files/patch-plugins_tools_chrome_pkcs11_beid-update-nssdb new file mode 100644 index 000000000000..90e4789933ba --- /dev/null +++ b/security/beid/files/patch-plugins_tools_chrome_pkcs11_beid-update-nssdb @@ -0,0 +1,40 @@ +--- plugins_tools/chrome_pkcs11/beid-update-nssdb.orig 2018-07-20 12:53:45 UTC ++++ plugins_tools/chrome_pkcs11/beid-update-nssdb +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#! /bin/sh + # + # The MIT License (MIT) + # +@@ -26,15 +26,17 @@ + # Copyright(c) Wouter Verhelst, 2018 + + NSSDB=$HOME/.pki/nssdb +-MODUTIL="/usr/bin/modutil -force -dbdir sql:$NSSDB" +-CERTUTIL="/usr/bin/certutil -d sql:$NSSDB" ++MODUTIL="/usr/bin/modutil" ++CERTUTIL="/usr/bin/certutil" + LIBS=$(ld --verbose | grep SEARCH | awk '{ gsub(/;/,"\n"); print }' | awk -F '\"' '/SEARCH_DIR\(\"=?/ { gsub(/=/,""); print $2 }') + PKCS11=libbeidpkcs11.so.0 + ++[ -e $CERTUTIL -a -e $MODUTIL ] || exit ++ + if [ ! -f $NSSDB/cert9.db ]; then + echo "Initializing new database" + mkdir -p $NSSDB +- $CERTUTIL -N --empty-password ++ $CERTUTIL -d sql:$NSSDB -N --empty-password + fi + + for DIR in $LIBS; do +@@ -45,8 +47,8 @@ for DIR in $LIBS; do + echo "ID-card support for Google Chrome/Chromium/Opera already enabled" + else + echo "Enabling ID-card functionality in Google Chrome/Chromium/Opera via $LIB" +- $MODUTIL -delete "Belgium eID" +- $MODUTIL -add "Belgium eID" -libfile $LIB -mechanisms FRIENDLY ++ $MODUTIL -force -dbdir sql:$NSSDB -delete "Belgium eID" ++ $MODUTIL -force -dbdir sql:$NSSDB -add "Belgium eID" -libfile $LIB -mechanisms FRIENDLY + fi + exit + fi diff --git a/security/beid/files/patch-plugins_tools_eid-viewer_Makefile.am b/security/beid/files/patch-plugins_tools_eid-viewer_Makefile.am new file mode 100644 index 000000000000..65bda43d28e9 --- /dev/null +++ b/security/beid/files/patch-plugins_tools_eid-viewer_Makefile.am @@ -0,0 +1,20 @@ +--- plugins_tools/eid-viewer/Makefile.am.orig 2018-07-20 12:53:45 UTC ++++ plugins_tools/eid-viewer/Makefile.am +@@ -51,6 +51,8 @@ libeidviewer_la_SOURCES = \ + cache/cache.cpp \ + conversions/bbannumconv.h \ + conversions/bbannumconv.cpp \ ++ conversions/booldecode.h \ ++ conversions/booldecode.cpp \ + conversions/genderconv.h \ + conversions/genderconv.cpp \ + conversions/hexnumconv.cpp \ +@@ -74,6 +76,8 @@ libeidviewer_la_SOURCES = \ + conversions/specconv.cpp \ + conversions/specorgconv.h \ + conversions/specorgconv.cpp \ ++ conversions/toxmlmemberoffamilyconv.h \ ++ conversions/toxmlmemberoffamilyconv.cpp \ + conversions/valdate.h \ + conversions/valdate.cpp \ + conversions/workpermitconv.h \ diff --git a/security/libbeid/files/patch-scripts_build-aux_genver.sh b/security/beid/files/patch-scripts_build-aux_genver.sh index 9ab9c47a3469..9ab9c47a3469 100644 --- a/security/libbeid/files/patch-scripts_build-aux_genver.sh +++ b/security/beid/files/patch-scripts_build-aux_genver.sh diff --git a/security/beid/pkg-descr b/security/beid/pkg-descr new file mode 100644 index 000000000000..57e0dbe4d90a --- /dev/null +++ b/security/beid/pkg-descr @@ -0,0 +1,4 @@ +Viewer and PKCS #11 module for Belgian government-issued electronic identity +cards. + +WWW: https://github.com/Fedict/eid-mw/ diff --git a/security/beid/pkg-message b/security/beid/pkg-message new file mode 100644 index 000000000000..35a9465f4464 --- /dev/null +++ b/security/beid/pkg-message @@ -0,0 +1,16 @@ +WARNING: +The private keys on the eID cards are created by the Belgian government and +not by the citizens. You should assume that the government can forge digital +signatures and decrypt encrypted content. + +The procfs file system must be mounted on /proc for the PKCS #11 module to +work. Add the following line to /etc/fstab and run "mount procfs". + +procfs /proc procfs rw 0 0 + +Make sure you have installed a pcsc-lite driver for your card reader (such +as devel/libccid) and that pcscd is running (add pcscd_enable="YES" to +/etc/rc.conf and start the service by running "service pcscd start"). + +To use your eID in Firefox you have to enable the "eID Belgium" extension +in the Add-ons Manager. diff --git a/security/beid/pkg-plist b/security/beid/pkg-plist new file mode 100644 index 000000000000..541eb8a44320 --- /dev/null +++ b/security/beid/pkg-plist @@ -0,0 +1,51 @@ +bin/about-eid-mw +bin/beid-update-nssdb +bin/eid-viewer +etc/xdg/autostart/beid-update-nssdb.desktop +include/beid/rsaref220/pkcs11.h +include/beid/rsaref220/pkcs11f.h +include/beid/rsaref220/pkcs11t.h +include/beid/rsaref220/unix.h +include/eid-util/utftranslate.h +include/eid-viewer/certhelpers.h +include/eid-viewer/eid-viewer.h +include/eid-viewer/macros.h +include/eid-viewer/oslayer.h +include/eid-viewer/verify_cert.h +lib/libbeidpkcs11.so +lib/libbeidpkcs11.so.0 +lib/libbeidpkcs11.so.0.0.0 +lib/libeidviewer.so +lib/libeidviewer.so.0 +lib/libeidviewer.so.0.1.0 +lib/mozilla/pkcs11-modules/beidpkcs11.json +lib/pkcs11/beidpkcs11.so +lib/firefox/browser/extensions/belgiumeid@eid.belgium.be.xpi +libdata/pkgconfig/libbeidpkcs11.pc +libexec/beid-askaccess +libexec/beid-askpin +libexec/beid-badpin +libexec/beid-changepin +libexec/beid-spr-askpin +libexec/beid-spr-changepin +share/applications/eid-viewer.desktop +share/eid-mw/eidv4.xsd +share/eid-mw/trustdir/143b8e8e.0 +share/eid-mw/trustdir/9ef4b1e1.0 +share/eid-mw/trustdir/belgiumrca2.pem +share/eid-mw/trustdir/belgiumrca3.pem +share/eid-mw/trustdir/belgiumrca4.pem +share/eid-mw/trustdir/c7e71426.0 +share/icons/hicolor/128x128/apps/eid-viewer.png +share/icons/hicolor/16x16/apps/eid-viewer.png +share/icons/hicolor/256x256/apps/eid-viewer.png +share/icons/hicolor/32x32/apps/eid-viewer.png +share/icons/hicolor/48x48/apps/eid-viewer.png +share/icons/hicolor/512x512/apps/eid-viewer.png +%%NLS%%share/locale/de/LC_MESSAGES/dialogs-beid.mo +%%NLS%%share/locale/de/LC_MESSAGES/eid-viewer.mo +%%NLS%%share/locale/fr/LC_MESSAGES/dialogs-beid.mo +%%NLS%%share/locale/fr/LC_MESSAGES/eid-viewer.mo +%%NLS%%share/locale/nl/LC_MESSAGES/dialogs-beid.mo +%%NLS%%share/locale/nl/LC_MESSAGES/eid-viewer.mo +share/p11-kit/modules/beid.module diff --git a/security/libbeid/distinfo b/security/libbeid/distinfo deleted file mode 100644 index e7c5f8f0b922..000000000000 --- a/security/libbeid/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -TIMESTAMP = 1528377686 -SHA256 (Fedict-eid-mw-v4.4.2_GH0.tar.gz) = c0d9882d9445e51bc57b2f7f003ae03d7842354101c3d27d6a2a68cdb9d3a0d2 -SIZE (Fedict-eid-mw-v4.4.2_GH0.tar.gz) = 7716375 diff --git a/security/libbeid/files/patch-Makefile.am b/security/libbeid/files/patch-Makefile.am deleted file mode 100644 index 1bbf95d51ba2..000000000000 --- a/security/libbeid/files/patch-Makefile.am +++ /dev/null @@ -1,15 +0,0 @@ ---- Makefile.am.orig 2018-05-31 12:57:18 UTC -+++ Makefile.am -@@ -1,11 +1,7 @@ - ACLOCAL_AMFLAGS = -I scripts/m4 - EXTRA_DIST = scripts/build-aux/config.rpath scripts/build-aux/genver.sh .version debian rpm doc - --SUBDIRS=cardcomm/pkcs11/src doc/sdk/include/rsaref220 plugins_tools/util tests/unit plugins_tools/xpi plugins_tools/chrome_pkcs11 -- --if GTK --SUBDIRS += plugins_tools/aboutmw/gtk plugins_tools/eid-viewer --endif -+SUBDIRS=cardcomm/pkcs11/src - - xpipackage: - $(MAKE) -C plugins_tools/xpi xpipackage diff --git a/security/libbeid/files/patch-configure.ac b/security/libbeid/files/patch-configure.ac deleted file mode 100644 index 381c923de42f..000000000000 --- a/security/libbeid/files/patch-configure.ac +++ /dev/null @@ -1,49 +0,0 @@ ---- configure.ac.orig 2018-05-31 12:57:18 UTC -+++ configure.ac -@@ -70,8 +70,6 @@ fi - AM_CONDITIONAL(GTK, [test "$have_gtk" != "no"]) - if test "$have_gtk" != "no" - then -- PKG_CHECK_MODULES([XML2], [libxml-2.0]) -- PKG_CHECK_MODULES([libproxy], [libproxy-1.0]) - fi - - ########################################################################### -@@ -119,18 +117,6 @@ AC_FUNC_MALLOC - AC_FUNC_REALLOC - AC_CHECK_FUNCS([gethostbyname socket strerror ftime memchr memset mkdir select strchr strdup strerror strncasecmp strrchr strstr strtol strtoul vasprintf]) - --# we only need libjpeg for the test suite, so don't worry if it's not available... --AC_CHECK_LIB(jpeg, jpeg_mem_src, [HAVE_JPEGLIB=1; JPEG_LIBS='-ljpeg'], [HAVE_JPEGLIB=0]) --AM_CONDITIONAL([JPEG], [test x$HAVE_JPEGLIB = x1]) --AC_SUBST([JPEG_LIBS]) --AC_DEFINE_UNQUOTED([HAVE_JPEGLIB], $HAVE_JPEGLIB, [Define to 1 if you have libjpeg installed]) -- --PKG_CHECK_MODULES(SSL, "openssl", [HAVE_OPENSSL=1]) --PKG_CHECK_VAR(SSL_PREFIX, "openssl", "exec_prefix",, AC_MSG_ERROR([Could not find exec_prefix for openssl])) --AC_DEFINE_UNQUOTED([HAVE_OPENSSL], $HAVE_OPENSSL, [Define to 1 if you have OpenSSL installed]) --AC_SUBST(SSL_PREFIX) -- --PKG_CHECK_MODULES(CURL, "libcurl", [HAVE_CURL=1]) - MAINVERSION=$(echo $PACKAGE_VERSION|sed -e 's/-.*$//') - AC_DEFINE_UNQUOTED([MAINVERSION], $MAINVERSION, [do not change this]) - AC_SUBST(MAINVERSION) -@@ -174,17 +160,6 @@ AC_CONFIG_FILES([Makefile - cardcomm/pkcs11/src/libbeidpkcs11.pc - cardcomm/pkcs11/src/beidpkcs11.json - cardcomm/pkcs11/src/dialogs/dialogsgtk/po/Makefile.in -- doc/sdk/include/rsaref220/Makefile -- tests/unit/Makefile -- plugins_tools/util/Makefile -- plugins_tools/aboutmw/gtk/Makefile -- plugins_tools/aboutmw/gtk/po/Makefile.in -- plugins_tools/chrome_pkcs11/Makefile -- plugins_tools/eid-viewer/Makefile -- plugins_tools/eid-viewer/test/Makefile -- plugins_tools/eid-viewer/gtk/po/Makefile.in -- plugins_tools/eid-viewer/gtk/eid-viewer.desktop.sh -- rpm/eid-mw.spec]) --AC_CONFIG_SUBDIRS([plugins_tools/xpi]) -+ ]) - - AC_OUTPUT diff --git a/security/libbeid/pkg-descr b/security/libbeid/pkg-descr deleted file mode 100644 index b198d876ce89..000000000000 --- a/security/libbeid/pkg-descr +++ /dev/null @@ -1,3 +0,0 @@ -PKCS #11 module for Belgian government-issued electronic identity cards. - -WWW: https://github.com/Fedict/eid-mw/ diff --git a/security/libbeid/pkg-message b/security/libbeid/pkg-message deleted file mode 100644 index ea059de592db..000000000000 --- a/security/libbeid/pkg-message +++ /dev/null @@ -1,21 +0,0 @@ -WARNING: -The private keys on the eID cards are created by the Belgian government and -not by the citizens. You should assume that the government can forge digital -signatures and decrypt encrypted content. - -The procfs file system must be mounted on /proc for these libraries to work -correctly. Add the following line to /etc/fstab and run "mount procfs". - -procfs /proc procfs rw 0 0 - -To use your eID in Firefox you can add libbeidpkcs11.so as a security module: -- Make sure you have installed a pcsc-lite driver for your card reader (such - as devel/libccid) and that pcscd is running (add pcscd_enable="YES" to - /etc/rc.conf and start the service by running "service pcscd start"). -- Connect your card reader. -- In Firefox go to Edit->Preferences->Advanced->Certificates and press - "Security Devices", then "Load". -- Enter a name such as "Belgian eID" and browse for libbeidpkcs11.so. Then - close the two windows by pressing "OK" twice. -- If all went well you can now plug in your eID card and see your certificates - listed under "View Certificates->Your Certificates". diff --git a/security/libbeid/pkg-plist b/security/libbeid/pkg-plist deleted file mode 100644 index 8aaded95149a..000000000000 --- a/security/libbeid/pkg-plist +++ /dev/null @@ -1,14 +0,0 @@ -lib/libbeidpkcs11.so -lib/libbeidpkcs11.so.0 -lib/libbeidpkcs11.so.0.0.0 -lib/pkcs11/beidpkcs11.so -libexec/beid-askaccess -libexec/beid-askpin -libexec/beid-badpin -libexec/beid-changepin -libexec/beid-spr-askpin -libexec/beid-spr-changepin -%%NLS%%share/locale/de/LC_MESSAGES/dialogs-beid.mo -%%NLS%%share/locale/fr/LC_MESSAGES/dialogs-beid.mo -%%NLS%%share/locale/nl/LC_MESSAGES/dialogs-beid.mo -share/p11-kit/modules/beid.module |