Date: Mon, 25 Nov 2019 23:49:31 +0000 (UTC) From: Alan Somers <asomers@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r518435 - in head/security/gnupg: . files Message-ID: <201911252349.xAPNnVM9026371@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: asomers (src committer) Date: Mon Nov 25 23:49:31 2019 New Revision: 518435 URL: https://svnweb.freebsd.org/changeset/ports/518435 Log: security/gnupg: add the --shared-access option to scdaemon gnupg's scdaemon opens smart cards in exclusive mode, which prevents other applications (such as PKCS#11 libraries) from concurrently accessing the card). Upstream refuses to fix the problem. This commit adds a --shared-access option to scdaemon. When enabled, scdaemon will access the smart card in shared mode, playing nicely with other applications. The default behavior is unchanged. See Also: https://github.com/GPGTools/MacGPG2/commit/d6cb8039a0cdc74b9bdd89a3dfa93248aa2c4100 https://dev.gnupg.org/T3267 https://dev.gnupg.org/D320 https://github.com/OpenSC/OpenSC/issues/953 Reviewed by: adamw Approved by: adamw (maintainer) Obtained-from: GPGTools Sponsored by: Axcient Differential Revision: https://reviews.freebsd.org/D22473 Added: head/security/gnupg/files/patch-doc_scdaemon.texi (contents, props changed) head/security/gnupg/files/patch-scd_apdu.c (contents, props changed) head/security/gnupg/files/patch-scd_scdaemon.c (contents, props changed) head/security/gnupg/files/patch-scd_scdaemon.h (contents, props changed) head/security/gnupg/files/patch-tools_gpgconf-comp.c (contents, props changed) Modified: head/security/gnupg/Makefile Modified: head/security/gnupg/Makefile ============================================================================== --- head/security/gnupg/Makefile Mon Nov 25 23:25:52 2019 (r518434) +++ head/security/gnupg/Makefile Mon Nov 25 23:49:31 2019 (r518435) @@ -2,7 +2,7 @@ PORTNAME= gnupg PORTVERSION= 2.2.17 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MASTER_SITES= GNUPG Added: head/security/gnupg/files/patch-doc_scdaemon.texi ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/gnupg/files/patch-doc_scdaemon.texi Mon Nov 25 23:49:31 2019 (r518435) @@ -0,0 +1,14 @@ +--- doc/scdaemon.texi.orig 2019-11-20 21:45:47 UTC ++++ doc/scdaemon.texi +@@ -300,6 +300,11 @@ Note that with the current version of Scdaemon the car + down immediately at the next timer tick for any value of @var{n} other + than 0. + ++@item --shared-access ++@opindex shared-access ++Open the smart card in shared mode, rather than exclusive. This will allow ++other applications like PKCS#11 libraries to use the smart card concurrently. ++ + @item --enable-pinpad-varlen + @opindex enable-pinpad-varlen + Please specify this option when the card reader supports variable Added: head/security/gnupg/files/patch-scd_apdu.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/gnupg/files/patch-scd_apdu.c Mon Nov 25 23:49:31 2019 (r518435) @@ -0,0 +1,11 @@ +--- scd/apdu.c.orig 2019-07-09 09:08:45 UTC ++++ scd/apdu.c +@@ -816,7 +816,7 @@ connect_pcsc_card (int slot) + + err = pcsc_connect (reader_table[slot].pcsc.context, + reader_table[slot].rdrname, +- PCSC_SHARE_EXCLUSIVE, ++ opt.shared_access ? PCSC_SHARE_SHARED : PCSC_SHARE_EXCLUSIVE, + PCSC_PROTOCOL_T0|PCSC_PROTOCOL_T1, + &reader_table[slot].pcsc.card, + &reader_table[slot].pcsc.protocol); Added: head/security/gnupg/files/patch-scd_scdaemon.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/gnupg/files/patch-scd_scdaemon.c Mon Nov 25 23:49:31 2019 (r518435) @@ -0,0 +1,36 @@ +--- scd/scdaemon.c.orig 2019-07-09 09:08:45 UTC ++++ scd/scdaemon.c +@@ -99,6 +99,7 @@ enum cmd_and_opt_values + oDenyAdmin, + oDisableApplication, + oEnablePinpadVarlen, ++ oSharedAccess, + oListenBacklog, + + oNoop +@@ -164,6 +165,8 @@ static ARGPARSE_OPTS opts[] = { + /* Stubs for options which are implemented by 2.3 or later. */ + ARGPARSE_s_s (oNoop, "application-priority", "@"), + ++ ARGPARSE_s_n (oSharedAccess, "shared-access", N_("use PCSC_SHARE_SHARED for pcsc_connect")), ++ + ARGPARSE_end () + }; + +@@ -629,6 +632,8 @@ main (int argc, char **argv ) + + case oNoop: break; + ++ case oSharedAccess: opt.shared_access = 1; break; ++ + default: + pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR; + break; +@@ -727,6 +732,7 @@ main (int argc, char **argv ) + es_printf ("disable-pinpad:%lu:\n", GC_OPT_FLAG_NONE ); + es_printf ("card-timeout:%lu:%d:\n", GC_OPT_FLAG_DEFAULT, 0); + es_printf ("enable-pinpad-varlen:%lu:\n", GC_OPT_FLAG_NONE ); ++ es_printf ("shared-access:%lu:\n", GC_OPT_FLAG_NONE ); + + scd_exit (0); + } Added: head/security/gnupg/files/patch-scd_scdaemon.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/gnupg/files/patch-scd_scdaemon.h Mon Nov 25 23:49:31 2019 (r518435) @@ -0,0 +1,11 @@ +--- scd/scdaemon.h.orig 2019-07-09 09:08:45 UTC ++++ scd/scdaemon.h +@@ -62,6 +62,8 @@ struct + strlist_t disabled_applications; /* Card applications we do not + want to use. */ + unsigned long card_timeout; /* Disconnect after N seconds of inactivity. */ ++ ++ int shared_access; + } opt; + + Added: head/security/gnupg/files/patch-tools_gpgconf-comp.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/gnupg/files/patch-tools_gpgconf-comp.c Mon Nov 25 23:49:31 2019 (r518435) @@ -0,0 +1,12 @@ +--- tools/gpgconf-comp.c.orig 2019-07-09 09:08:45 UTC ++++ tools/gpgconf-comp.c +@@ -653,6 +653,9 @@ static gc_option_t gc_options_scdaemon[] = + { "card-timeout", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC, + "gnupg", "|N|disconnect the card after N seconds of inactivity", + GC_ARG_TYPE_UINT32, GC_BACKEND_SCDAEMON }, ++ { "shared-access", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC, ++ "gnupg", "use PCSC_SHARE_SHARED for pcsc_connect", ++ GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON }, + + { "Debug", + GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201911252349.xAPNnVM9026371>