Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 108619 - [ebuild] sys-auth/poldi-0.2 - authentication through OpenPGP smartcards
Summary: [ebuild] sys-auth/poldi-0.2 - authentication through OpenPGP smartcards
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Default Assignee for New Packages
URL: http://www.kernel.org/pub/linux/libs/...
Whiteboard:
Keywords: EBUILD
Depends on:
Blocks:
 
Reported: 2005-10-09 10:23 UTC by Sandro Bonazzola (RETIRED)
Modified: 2022-02-09 21:17 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
initial proposed ebuild for poldi-0.2 (poldi-0.2.ebuild,827 bytes, text/plain)
2005-10-09 10:25 UTC, Sandro Bonazzola (RETIRED)
Details
poldi.conf example (poldi.conf.example,179 bytes, text/plain)
2005-10-09 10:28 UTC, Sandro Bonazzola (RETIRED)
Details
Ebuild for version 0.4.1 (poldi-0.4.1.ebuild,828 bytes, text/plain)
2009-05-26 19:43 UTC, Maciej Zielenkiewicz
Details
poldi 0.4.2_p20201120 ebuild (poldi-0.4.2_p20201120.ebuild,728 bytes, text/plain)
2022-02-09 21:17 UTC, Andrew Ammerlaan
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Sandro Bonazzola (RETIRED) gentoo-dev 2005-10-09 10:23:56 UTC
# OpenPGP
* Moritz Schulte has written a PAM module ("Poldi") that implements
authentication through OpenPGP smartcards. Announcements on changes to this
module are made to the GNUPG development mailing list.

According to http://www.g10code.de/tasklist.html#Tgpgpam , the module is 60%
ready. The proposed ebuild provides a clean install of poldi. Maybe some
defaults auth file for /etc/pam.d and a more detailed poldi.conf.example can be
usefull.

Reproducible: Always
Steps to Reproduce:
1. add the ebuild to your overlay (suggested sys-auth/poldi)
2. emerge poldi
3. info poldi



Expected Results:  
poldi in portage tree.

An ebuild and a poldi.conf.example will follow.
Comment 1 Sandro Bonazzola (RETIRED) gentoo-dev 2005-10-09 10:25:59 UTC
Created attachment 70237 [details]
initial proposed ebuild for poldi-0.2

Proposed location sys-auth.
Comment 2 Sandro Bonazzola (RETIRED) gentoo-dev 2005-10-09 10:28:41 UTC
Created attachment 70239 [details]
poldi.conf example

Created using 'info poldi' as source of information.
Put this on sys-auth/poldi/files. It will be installed by the ebuild in the
correct location. Maybe a more detailed version could be provided with a
default /etc/pam.d/poldi file.
Comment 3 Maciej Zielenkiewicz 2009-05-26 19:43:48 UTC
Created attachment 192535 [details]
Ebuild for version 0.4.1

Updated to version 0.4.1.
Also fixed source location to new one and made ebuild work with newer portage.
Comment 4 Olivier Mehani 2010-11-02 11:06:31 UTC
It builds and runs (or at least seems to) without problem on PPC. I'd recommend adding the ~ppc keyword.

Thanks for this Ebuild!
Comment 5 Andrew Ammerlaan gentoo-dev 2022-02-09 21:17:07 UTC
Created attachment 764720 [details]
poldi 0.4.2_p20201120 ebuild

Here's an updated ebuild for the latest snapshot from GitHub.

Configuration is non-trivial though and is poorly documented. The guide from Nitrokey[1] is nice, but is missing a step that is required in the latest version: "auth-method localdb" in /etc/poldi/poldi.conf.

It works as expected. However, due to scdaemon locking the card to the process card based login will fail if there is an instance already running (e.g. logging in on tty if you have scdaemon running in X11 won't work). As I understand it, it should be possible to disable this behaviour in ~/.gnupg/scdaemon.conf by enabling pcsc-shared.

Overall I'm not yet convinced this package should be added to ::gentoo (mainly because after using it for a bit, I find it less useful than I thought it would be). However, it might be a good candidate for adding to the ::guru repository [2] if there are users actually wanting to use this.

[1] https://www.nitrokey.com/documentation/applications#p:nitrokey-pro&os:linux&a:computer-login
[2] https://wiki.gentoo.org/wiki/Project:GURU