Attachment #188644 for bug #224199

View | Details | Raw Unified | Return to bug 224199
Collapse All | Expand All

Lines 1237-1242 Link Here

(-)security/Makefile (+1 lines)
1237	SUBDIR += truecrypt	1237	SUBDIR += truecrypt
1238	SUBDIR += tsshbatch	1238	SUBDIR += tsshbatch
1239	SUBDIR += tthsum	1239	SUBDIR += tthsum
		1240	SUBDIR += u2f-devd
1240	SUBDIR += umit	1241	SUBDIR += umit
1241	SUBDIR += unhide	1242	SUBDIR += unhide
1242	SUBDIR += unicornscan	1243	SUBDIR += unicornscan




PORTNAME=	libu2f-host
PORTVERSION=	1.1.4
DISTVERSIONPREFIX=	${PORTNAME}-
PORTREVISION=	1
CATEGORIES=	security devel

MAINTAINER=	cpm@FreeBSD.org

		help2man:misc/help2man
LIB_DEPENDS=	libhidapi.so:comms/hidapi \
		libjson-c.so:devel/json-c
RUN_DEPENDS=	${LOCALBASE}/etc/devd/u2f.conf:security/u2f-devd

USES=	autoreconf pkgconfig gmake libtool
GNU_CONFIGURE=	yes

CONFIGURE_ARGS=	--disable-gtk-doc
INSTALL_TARGET=	install-strip

SUB_FILES=	pkg-message

GROUPS=	u2f

post-install:
	${INSTALL_DATA} ${WRKSRC}/u2f.conf.sample \
		${STAGEDIR}${PREFIX}/etc/devd

.include <bsd.port.mk>




======================================================================

The package requires read/write access to USB devices. To facilitate
such access it comes with a devd.conf(5) file, but you still need to
restart devd(8), add the desired users to "u2f" group and log those
out of the current session. For example:

$ pw group mod u2f -m <user>
$ shutdown -r now

For details, see %%PREFIX%%/etc/devd/u2f.conf

======================================================================

Lines 1-5 Link Here

(-)security/libu2f-host/pkg-plist (-1 lines)
1	bin/u2f-host	1	bin/u2f-host
2	@sample etc/devd/u2f.conf.sample
3	include/u2f-host/u2f-host-types.h	2	include/u2f-host/u2f-host-types.h
4	include/u2f-host/u2f-host-version.h	3	include/u2f-host/u2f-host-version.h
5	include/u2f-host/u2f-host.h	4	include/u2f-host/u2f-host.h




# $FreeBSD$

PORTNAME=	u2f-devd
PORTVERSION=	1.0.0
CATEGORIES=	security
MASTER_SITES=	#
DISTFILES=	#

MAINTAINER=	greg@unrelenting.technology
COMMENT=	Devd hotplug rules for Universal 2nd Factor (U2F) tokens

LICENSE=	BSD2CLAUSE

NO_BUILD=	yes
SUB_FILES=	pkg-message

GROUPS=		u2f

PLIST_FILES=	etc/devd/u2f.conf

do-install:
	${INSTALL_DATA} ${FILESDIR}/u2f.conf ${STAGEDIR}${PREFIX}/etc/devd

.include <bsd.port.mk>




======================================================================

U2F authentication requires read/write access to USB devices. To
facilitate such access it comes with a devd.conf(5) file, but you
still need to restart devd(8), add the desired users to "u2f" group
and log those out of the current session. For example:

# service devd restart
# pw group mod u2f -m <user>
$ exit

For details, see %%PREFIX%%/etc/devd/u2f.conf

======================================================================




# Allow members of group u2f to access U2F authentication tokens.
# 'notify' rules work on /dev/usb/* (used by libu2f-host),
# 'attach' rules work on /dev/uhid* (used by web browsers)

# Yubico Yubikey
notify 100 {
	match "system"		"USB";
	match "subsystem"	"DEVICE";
	match "type"		"ATTACH";
	match "vendor"		"0x1050";
	match "product"		"(0x0113|0x0114|0x0115|0x0116|0x0120|0x0200|0x0420|0x0403|0x0406|0x0407|0x0410)";
	action	"chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
};

attach 100 {
	match "vendor"		"0x1050";
	match "product"		"(0x0113|0x0114|0x0115|0x0116|0x0120|0x0200|0x0420|0x0403|0x0406|0x0407|0x0410)";
	action	"chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
};

# Happlink (formerly Plug-Up) Security KEY
notify 100 {
	match "system"		"USB";
	match "subsystem"	"DEVICE";
	match "type"		"ATTACH";
	match "vendor"		"0x2581";
	match "product"		"0xf1d0";
	action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
};

attach 100 {
	match "vendor"		"0x2581";
	match "product"		"0xf1d0";
	action	"chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
};

# Neowave Keydo and Keydo AES
notify 100 {
	match "system"		"USB";
	match "subsystem"	"DEVICE";
	match "type"		"ATTACH";
	match "vendor"		"0x1e0d";
	match "product"		"(0xf1d0|0xf1ae)";
	action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
};

attach 100 {
	match "vendor"		"0x1e0d";
	match "product"		"(0xf1d0|0xf1ae)";
	action	"chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
};

# HyperSecu HyperFIDO
notify 100 {
	match "system"		"USB";
	match "subsystem"	"DEVICE";
	match "type"		"ATTACH";
	match "vendor"		"(0x096e|0x2ccf)";
	match "product"		"0x0880";
	action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
};

attach 100 {
	match "vendor"		"(0x096e|0x2ccf)";
	match "product"		"0x0880";
	action	"chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
};

# Feitian ePass FIDO
notify 100 {
	match "system"		"USB";
	match "subsystem"	"DEVICE";
	match "type"		"ATTACH";
	match "vendor"		"0x096e";
	match "product"		"(0x0850|0x0852|0x0853|0x0854|0x0856|0x0858|0x085a|0x085b)";
	action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
};

attach 100 {
	match "vendor"		"0x096e";
	match "product"		"(0x0850|0x0852|0x0853|0x0854|0x0856|0x0858|0x085a|0x085b)";
	action	"chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
};

# JaCarta U2F
notify 100 {
	match "system"		"USB";
	match "subsystem"	"DEVICE";
	match "type"		"ATTACH";
	match "vendor"		"0x24dc";
	match "product"		"0x0101";
	action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
};

attach 100 {
	match "vendor"		"0x24dc";
	match "product"		"0x0101";
	action	"chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
};

# U2F Zero
notify 100 {
	match "system"		"USB";
	match "subsystem"	"DEVICE";
	match "type"		"ATTACH";
	match "vendor"		"0x10c4";
	match "product"		"0x8acf";
	action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
};

attach 100 {
	match "vendor"		"0x10c4";
	match "product"		"0x8acf";
	action	"chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
};

# VASCO SeccureClick
notify 100 {
	match "system"		"USB";
	match "subsystem"	"DEVICE";
	match "type"		"ATTACH";
	match "vendor"		"0x1a44";
	match "product"		"0x00bb";
	action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
};

attach 100 {
	match "vendor"		"0x1a44";
	match "product"		"0x00bb";
	action	"chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
};

# Bluink Key
notify 100 {
	match "system"		"USB";
	match "subsystem"	"DEVICE";
	match "type"		"ATTACH";
	match "vendor"		"0x2abe";
	match "product"		"0x1002";
	action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
};

attach 100 {
	match "vendor"		"0x2abe";
	match "product"		"0x1002";
	action	"chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
};

# Thetis Key
notify 100 {
	match "system"		"USB";
	match "subsystem"	"DEVICE";
	match "type"		"ATTACH";
	match "vendor"		"0x1ea8";
	match "product"		"0xf025";
	action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
};

attach 100 {
	match "vendor"		"0x1ea8";
	match "product"		"0xf025";
	action	"chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
};

Line 0 Link Here

(-)security/u2f-devd/pkg-descr (+2 lines)
	1	Automatic device permission handling for Universal 2nd Factor (U2F) USB
	2	authentication tokens.

Return to bug 224199

Lines 3-8 Link Here

(-)security/libu2f-host/Makefile (-8 / +2 lines)
3	PORTNAME= libu2f-host	3	PORTNAME= libu2f-host
4	PORTVERSION= 1.1.4	4	PORTVERSION= 1.1.4
5	DISTVERSIONPREFIX= ${PORTNAME}-	5	DISTVERSIONPREFIX= ${PORTNAME}-
		6	PORTREVISION= 1
6	CATEGORIES= security devel	7	CATEGORIES= security devel
7		8
8	MAINTAINER= cpm@FreeBSD.org	9	MAINTAINER= cpm@FreeBSD.org
Lines 15-20 Link Here
15	help2man:misc/help2man	16	help2man:misc/help2man
16	LIB_DEPENDS= libhidapi.so:comms/hidapi \	17	LIB_DEPENDS= libhidapi.so:comms/hidapi \
17	libjson-c.so:devel/json-c	18	libjson-c.so:devel/json-c
		19	RUN_DEPENDS= ${LOCALBASE}/etc/devd/u2f.conf:security/u2f-devd
18		20
19	USES= autoreconf pkgconfig gmake libtool	21	USES= autoreconf pkgconfig gmake libtool
20	GNU_CONFIGURE= yes	22	GNU_CONFIGURE= yes
Lines 26-37 Link Here
26	CONFIGURE_ARGS= --disable-gtk-doc	28	CONFIGURE_ARGS= --disable-gtk-doc
27	INSTALL_TARGET= install-strip	29	INSTALL_TARGET= install-strip
28		30
29	SUB_FILES= pkg-message
30
31	GROUPS= u2f
32
33	post-install:
34	${INSTALL_DATA} ${WRKSRC}/u2f.conf.sample \
35	${STAGEDIR}${PREFIX}/etc/devd
36
37	.include <bsd.port.mk>	31	.include <bsd.port.mk>

Lines 1-13 Link Here

(-)security/libu2f-host/files/pkg-message.in (-13 lines)
1	======================================================================
2
3	The package requires read/write access to USB devices. To facilitate
4	such access it comes with a devd.conf(5) file, but you still need to
5	restart devd(8), add the desired users to "u2f" group and log those
6	out of the current session. For example:
7
8	$ pw group mod u2f -m <user>
9	$ shutdown -r now
10
11	For details, see %%PREFIX%%/etc/devd/u2f.conf
12
13	======================================================================

Line 0 Link Here

(-)security/u2f-devd/Makefile (+24 lines)
	1	# $FreeBSD$
	2
	3	PORTNAME= u2f-devd
	4	PORTVERSION= 1.0.0
	5	CATEGORIES= security
	6	MASTER_SITES= #
	7	DISTFILES= #
	8
	9	MAINTAINER= greg@unrelenting.technology
	10	COMMENT= Devd hotplug rules for Universal 2nd Factor (U2F) tokens
	11
	12	LICENSE= BSD2CLAUSE
	13
	14	NO_BUILD= yes
	15	SUB_FILES= pkg-message
	16
	17	GROUPS= u2f
	18
	19	PLIST_FILES= etc/devd/u2f.conf
	20
	21	do-install:
	22	${INSTALL_DATA} ${FILESDIR}/u2f.conf ${STAGEDIR}${PREFIX}/etc/devd
	23
	24	.include <bsd.port.mk>

Line 0 Link Here

(-)security/u2f-devd/files/pkg-message.in (+14 lines)
	1	======================================================================
	2
	3	U2F authentication requires read/write access to USB devices. To
	4	facilitate such access it comes with a devd.conf(5) file, but you
	5	still need to restart devd(8), add the desired users to "u2f" group
	6	and log those out of the current session. For example:
	7
	8	# service devd restart
	9	# pw group mod u2f -m <user>
	10	$ exit
	11
	12	For details, see %%PREFIX%%/etc/devd/u2f.conf
	13
	14	======================================================================

Line 0 Link Here

(-)security/u2f-devd/files/u2f.conf (+163 lines)
		1	# Allow members of group u2f to access U2F authentication tokens.
		2	# 'notify' rules work on /dev/usb/* (used by libu2f-host),
		3	# 'attach' rules work on /dev/uhid* (used by web browsers)
		4
		5	# Yubico Yubikey
		6	notify 100 {
		7	match "system" "USB";
		8	match "subsystem" "DEVICE";
		9	match "type" "ATTACH";
		10	match "vendor" "0x1050";
		11	match "product" "(0x0113\|0x0114\|0x0115\|0x0116\|0x0120\|0x0200\|0x0420\|0x0403\|0x0406\|0x0407\|0x0410)";
		12	action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
		13	};
		14
		15	attach 100 {
		16	match "vendor" "0x1050";
		17	match "product" "(0x0113\|0x0114\|0x0115\|0x0116\|0x0120\|0x0200\|0x0420\|0x0403\|0x0406\|0x0407\|0x0410)";
		18	action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
		19	};
		20
		21	# Happlink (formerly Plug-Up) Security KEY
		22	notify 100 {
		23	match "system" "USB";
		24	match "subsystem" "DEVICE";
		25	match "type" "ATTACH";
		26	match "vendor" "0x2581";
		27	match "product" "0xf1d0";
		28	action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
		29	};
		30
		31	attach 100 {
		32	match "vendor" "0x2581";
		33	match "product" "0xf1d0";
		34	action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
		35	};
		36
		37	# Neowave Keydo and Keydo AES
		38	notify 100 {
		39	match "system" "USB";
		40	match "subsystem" "DEVICE";
		41	match "type" "ATTACH";
		42	match "vendor" "0x1e0d";
		43	match "product" "(0xf1d0\|0xf1ae)";
		44	action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
		45	};
		46
		47	attach 100 {
		48	match "vendor" "0x1e0d";
		49	match "product" "(0xf1d0\|0xf1ae)";
		50	action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
		51	};
		52
		53	# HyperSecu HyperFIDO
		54	notify 100 {
		55	match "system" "USB";
		56	match "subsystem" "DEVICE";
		57	match "type" "ATTACH";
		58	match "vendor" "(0x096e\|0x2ccf)";
		59	match "product" "0x0880";
		60	action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
		61	};
		62
		63	attach 100 {
		64	match "vendor" "(0x096e\|0x2ccf)";
65	match "product" "0x0880";
66	action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
67	};
68
69	# Feitian ePass FIDO
70	notify 100 {
71	match "system" "USB";
72	match "subsystem" "DEVICE";
73	match "type" "ATTACH";
74	match "vendor" "0x096e";
75	match "product" "(0x0850\|0x0852\|0x0853\|0x0854\|0x0856\|0x0858\|0x085a\|0x085b)";
76	action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
77	};
78
79	attach 100 {
80	match "vendor" "0x096e";
81	match "product" "(0x0850\|0x0852\|0x0853\|0x0854\|0x0856\|0x0858\|0x085a\|0x085b)";
82	action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
83	};
84
85	# JaCarta U2F
86	notify 100 {
87	match "system" "USB";
88	match "subsystem" "DEVICE";
89	match "type" "ATTACH";
90	match "vendor" "0x24dc";
91	match "product" "0x0101";
92	action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
93	};
94
95	attach 100 {
96	match "vendor" "0x24dc";
97	match "product" "0x0101";
98	action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
99	};
100
101	# U2F Zero
102	notify 100 {
103	match "system" "USB";
104	match "subsystem" "DEVICE";
105	match "type" "ATTACH";
106	match "vendor" "0x10c4";
107	match "product" "0x8acf";
108	action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
109	};
110
111	attach 100 {
112	match "vendor" "0x10c4";
113	match "product" "0x8acf";
114	action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
115	};
116
117	# VASCO SeccureClick
118	notify 100 {
119	match "system" "USB";
120	match "subsystem" "DEVICE";
121	match "type" "ATTACH";
122	match "vendor" "0x1a44";
123	match "product" "0x00bb";
124	action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
125	};
126
127	attach 100 {
128	match "vendor" "0x1a44";
129	match "product" "0x00bb";
130	action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
131	};
132
133	# Bluink Key
134	notify 100 {
135	match "system" "USB";
136	match "subsystem" "DEVICE";
137	match "type" "ATTACH";
138	match "vendor" "0x2abe";
139	match "product" "0x1002";
140	action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
141	};
142
143	attach 100 {
144	match "vendor" "0x2abe";
145	match "product" "0x1002";
146	action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
147	};
148
149	# Thetis Key
150	notify 100 {
151	match "system" "USB";
152	match "subsystem" "DEVICE";
153	match "type" "ATTACH";
154	match "vendor" "0x1ea8";
155	match "product" "0xf025";
156	action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
157	};
158
159	attach 100 {
160	match "vendor" "0x1ea8";
161	match "product" "0xf025";
162	action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
163	};