Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 701058 - sys-auth/yubico-piv-tool should install a p11-kit module file
Summary: sys-auth/yubico-piv-tool should install a p11-kit module file
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Marek Szuba
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-11-24 10:15 UTC by Sebastian Hamann
Modified: 2020-09-06 20:39 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Hamann 2019-11-24 10:15:15 UTC 
This is a long-standing upstream issue: https://github.com/Yubico/yubico-piv-tool/issues/92

Instead of waiting for upstream, Gentoo could install the required module file to make YubiKeys work with OpenSSL, GnuTLS and various other applications.

The module file should be installed in /usr/share/p11-kit/modules/ykcs11.module.
The file simply needs to reference the ykcs11 library, i.e. contain a line like:

module: /usr/lib64/libykcs11.so

Note: The library could be installed into the p11-kit search path, which is /usr/lib64/pkcs11 on my system. In this case, the absolute path is not required.

Reproducible: Always

Steps to Reproduce:
One way to the this is p11tool from the gnutls package:
1. USE='pkcs11 tools' emerge net-libs/gnutls
2. Connect YubiKey 4 or 5
3. p11tool --list-tokens

Actual Results:  
Token 0:
	URL: pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=System%20Trust
	Label: System Trust
	Type: Trust module
	Flags: uPIN uninitialized
	Manufacturer: PKCS#11 Kit
	Model: p11-kit-trust
	Serial: 1
	Module: p11-kit-trust.so

Expected Results:  
Token 0:
	URL: pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=System%20Trust
	Label: System Trust
	Type: Trust module
	Flags: uPIN uninitialized
	Manufacturer: PKCS#11 Kit
	Model: p11-kit-trust
	Serial: 1
	Module: p11-kit-trust.so


Token 1:
	URL: pkcs11:model=YubiKey%20YK4;manufacturer=Yubico;serial=1234;token=YubiKey%20PIV
	Label: YubiKey PIV
	Type: Hardware token
	Flags: RNG, Requires login
	Manufacturer: Yubico
	Model: YubiKey YK4
	Serial: 1234
	Module: /usr/lib64/libykcs11.so
Comment 1 Larry the Git Cow gentoo-dev 2020-09-06 20:39:34 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e1978be7e390b24a4edbccb0db659e6ba7532f34

commit e1978be7e390b24a4edbccb0db659e6ba7532f34
Author:     Marek Szuba <marecki@gentoo.org>
AuthorDate: 2020-09-06 20:38:16 +0000
Commit:     Marek Szuba <marecki@gentoo.org>
CommitDate: 2020-09-06 20:39:26 +0000

    sys-auth/yubico-piv-tool: make p11-kit aware of libykcs11
    
    Closes: https://bugs.gentoo.org/701058
    Signed-off-by: Marek Szuba <marecki@gentoo.org>

 .../yubico-piv-tool-2.1.1-r1.ebuild                | 51 ++++++++++++++++++++++
 1 file changed, 51 insertions(+)