# OpenPGP * Moritz Schulte has written a PAM module ("Poldi") that implements authentication through OpenPGP smartcards. Announcements on changes to this module are made to the GNUPG development mailing list. According to http://www.g10code.de/tasklist.html#Tgpgpam , the module is 60% ready. The proposed ebuild provides a clean install of poldi. Maybe some defaults auth file for /etc/pam.d and a more detailed poldi.conf.example can be usefull. Reproducible: Always Steps to Reproduce: 1. add the ebuild to your overlay (suggested sys-auth/poldi) 2. emerge poldi 3. info poldi Expected Results: poldi in portage tree. An ebuild and a poldi.conf.example will follow.
Created attachment 70237 [details] initial proposed ebuild for poldi-0.2 Proposed location sys-auth.
Created attachment 70239 [details] poldi.conf example Created using 'info poldi' as source of information. Put this on sys-auth/poldi/files. It will be installed by the ebuild in the correct location. Maybe a more detailed version could be provided with a default /etc/pam.d/poldi file.
Created attachment 192535 [details] Ebuild for version 0.4.1 Updated to version 0.4.1. Also fixed source location to new one and made ebuild work with newer portage.
It builds and runs (or at least seems to) without problem on PPC. I'd recommend adding the ~ppc keyword. Thanks for this Ebuild!
Created attachment 764720 [details] poldi 0.4.2_p20201120 ebuild Here's an updated ebuild for the latest snapshot from GitHub. Configuration is non-trivial though and is poorly documented. The guide from Nitrokey[1] is nice, but is missing a step that is required in the latest version: "auth-method localdb" in /etc/poldi/poldi.conf. It works as expected. However, due to scdaemon locking the card to the process card based login will fail if there is an instance already running (e.g. logging in on tty if you have scdaemon running in X11 won't work). As I understand it, it should be possible to disable this behaviour in ~/.gnupg/scdaemon.conf by enabling pcsc-shared. Overall I'm not yet convinced this package should be added to ::gentoo (mainly because after using it for a bit, I find it less useful than I thought it would be). However, it might be a good candidate for adding to the ::guru repository [2] if there are users actually wanting to use this. [1] https://www.nitrokey.com/documentation/applications#p:nitrokey-pro&os:linux&a:computer-login [2] https://wiki.gentoo.org/wiki/Project:GURU