From acf68e36e0ea66ceb4a44fd0803f8561590aa790 Mon Sep 17 00:00:00 2001
From: Mark Felder <feld@FreeBSD.org>
Date: Fri, 30 Mar 2018 14:19:23 +0000
Subject: [PATCH] kr enables SSH to authenticate with a key stored in a Krypton
 (iOS or Android) mobile app. kr runs as an SSH agent, called krd. When a
 Krypton private key operation is needed for authentication, krd routes this
 request to the paired mobile phone, where the user decides whether to allow
 the operation or not. The private key never leaves the phone.

WWW: https://krypt.co
---
 security/Makefile                      |  1 +
 security/kr/Makefile                   | 50 ++++++++++++++++++++++++++
 security/kr/distinfo                   | 13 +++++++
 security/kr/files/patch-Makefile       | 11 ++++++
 security/kr/files/patch-kr_kr__unix.go | 39 ++++++++++++++++++++
 security/kr/pkg-descr                  |  7 ++++
 6 files changed, 121 insertions(+)
 create mode 100644 security/kr/Makefile
 create mode 100644 security/kr/distinfo
 create mode 100644 security/kr/files/patch-Makefile
 create mode 100644 security/kr/files/patch-kr_kr__unix.go
 create mode 100644 security/kr/pkg-descr

diff --git a/security/Makefile b/security/Makefile
index 2ba62d210960..d1a6f48cebcd 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -310,6 +310,7 @@
     SUBDIR += knocker
     SUBDIR += kpcli
     SUBDIR += kqoauth
+    SUBDIR += kr
     SUBDIR += krb5
     SUBDIR += krb5-114
     SUBDIR += krb5-115
diff --git a/security/kr/Makefile b/security/kr/Makefile
new file mode 100644
index 000000000000..0cd142a1a239
--- /dev/null
+++ b/security/kr/Makefile
@@ -0,0 +1,50 @@
+# Created by: Mark Felder <feld@FreeBSD.org>
+# $FreeBSD$
+
+PORTNAME=	kr
+PORTVERSION=	2.3.1
+CATEGORIES=	security
+
+MAINTAINER=	feld@FreeBSD.org
+COMMENT=	SSH and Git commit/tag signing using a key stored in Krypton
+
+BUILD_DEPENDS=	rust>=1.19.0_2:lang/rust \
+		bash>0:shells/bash
+
+USES=		gmake go shebangfix
+GO_PKGNAME=	github.com/${GH_ACCOUNT}/${GH_PROJECT}
+SHEBANG_FILES=	install/os.sh
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	kryptco
+
+GH_TUPLE+=	atotto:clipboard:bb272b8:clipboard/../src/github.com/atotto/clipboard
+GH_TUPLE+=	kryptco:qr:eb334d7:qr/../src/github.com/kryptco/qr
+GH_TUPLE+=	kryptco:gf256:bbd714a:gf256/../src/github.com/kryptco/gf256
+GH_TUPLE+=	urfave:cli:b438abf:cli/../src/github.com/urfave/cli
+
+PLIST_FILES=	bin/kr \
+		bin/krd \
+		bin/krgpg \
+		bin/krssh \
+		lib/kr-pkcs11.so
+
+post-patch:
+	${CP} -r ${WRKSRC}/vendor/ ${WRKDIR}/src/
+	# Duplicate copy found in vendor dir breaks the build
+	${RM} -r ${WRKSRC}/vendor/github.com/op
+	# Hack because the build process is losing PREFIX somewhere
+	${REINPLACE_CMD} 's|const DEFAULT_PREFIX = "/usr"|const DEFAULT_PREFIX = "${PREFIX}"|' ${WRKSRC}/kr/kr_unix.go
+
+do-build:
+	(cd ${WRKSRC} && \
+	${SETENV} ${MAKE_ENV} ${GO_ENV} ${GMAKE})
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/bin/kr ${STAGEDIR}${PREFIX}/bin
+	${INSTALL_PROGRAM} ${WRKSRC}/bin/krd ${STAGEDIR}${PREFIX}/bin
+	${INSTALL_PROGRAM} ${WRKSRC}/bin/krssh ${STAGEDIR}${PREFIX}/bin
+	${INSTALL_PROGRAM} ${WRKSRC}/bin/krgpg ${STAGEDIR}${PREFIX}/bin
+	${INSTALL_LIB} ${WRKSRC}/lib/kr-pkcs11.so ${STAGEDIR}${PREFIX}/lib
+
+.include <bsd.port.mk>
diff --git a/security/kr/distinfo b/security/kr/distinfo
new file mode 100644
index 000000000000..4759a14f04db
--- /dev/null
+++ b/security/kr/distinfo
@@ -0,0 +1,13 @@
+TIMESTAMP = 1522346317
+SHA256 (kryptco-kr-2.3.1_GH0.tar.gz) = 1bc552e8acd06197499e8bc3f3a63334266eadb256bdf1abec7916ebd9295807
+SIZE (kryptco-kr-2.3.1_GH0.tar.gz) = 1878064
+SHA256 (atotto-clipboard-bb272b8_GH0.tar.gz) = 7385442ce255d762509d40ab6f2e5cb3645eebb5bc8b1c7bc25e275ec40452e3
+SIZE (atotto-clipboard-bb272b8_GH0.tar.gz) = 3729
+SHA256 (kryptco-qr-eb334d7_GH0.tar.gz) = 9e131483f12fbce2079f08ae6d47efa31335b8f8dbbcaaba97e0a600572a00ac
+SIZE (kryptco-qr-eb334d7_GH0.tar.gz) = 12224
+SHA256 (kryptco-gf256-bbd714a_GH0.tar.gz) = 0d785bbba438b099ac83368cade518695d0561539f9187bb4d00ca097532be81
+SIZE (kryptco-gf256-bbd714a_GH0.tar.gz) = 2277
+SHA256 (urfave-cli-b438abf_GH0.tar.gz) = e665f01314672565dd89d916529e39e35fee6c60738a2c537375d98c1fb80e18
+SIZE (urfave-cli-b438abf_GH0.tar.gz) = 45955
+SHA256 (op-go-logging-970db52_GH0.tar.gz) = e162503746867342a1a981ba38ca6ce214c8debede6819bbe1517f4da3bbeede
+SIZE (op-go-logging-970db52_GH0.tar.gz) = 37177
diff --git a/security/kr/files/patch-Makefile b/security/kr/files/patch-Makefile
new file mode 100644
index 000000000000..f03cd20658fb
--- /dev/null
+++ b/security/kr/files/patch-Makefile
@@ -0,0 +1,11 @@
+--- Makefile.orig	2018-01-09 20:17:55 UTC
++++ Makefile
+@@ -66,7 +66,7 @@ endif
+ endif
+ 	cd kr; go build $(GO_TAGS) -o ../bin/kr
+ 	cd krd/main; CGO_LDFLAGS="$(CGO_LDFLAGS)" go build $(GO_TAGS) -o ../../bin/krd
+-	cd pkcs11shim; make; cp target/release/kr-pkcs11.so ../lib/
++	cd pkcs11shim; gmake; cp target/release/kr-pkcs11.so ../lib/
+ 	cd krssh; CGO_LDFLAGS="$(CGO_LDFLAGS)" go build $(GO_TAGS) -o ../bin/krssh
+ 	cd krgpg; go build $(GO_TAGS) -o ../bin/krgpg
+ 
diff --git a/security/kr/files/patch-kr_kr__unix.go b/security/kr/files/patch-kr_kr__unix.go
new file mode 100644
index 000000000000..d4f79c0e3aba
--- /dev/null
+++ b/security/kr/files/patch-kr_kr__unix.go
@@ -0,0 +1,39 @@
+--- kr/kr_unix.go.orig	2018-01-09 20:17:55 UTC
++++ kr/kr_unix.go
+@@ -61,12 +61,15 @@ func hasYum() bool {
+ func hasYaourt() bool {
+ 	return exec.Command("which", "yaourt").Run() == nil
+ }
++func hasPkg() bool {
++	return exec.Command("which", "pkg").Run() == nil
++}
+ 
+ func uninstallCommand(c *cli.Context) (err error) {
+ 	go func() {
+ 		kr.Analytics{}.PostEventUsingPersistedTrackingID("kr", "uninstall", nil, nil)
+ 	}()
+-	confirmOrFatal(os.Stderr, "Uninstall Krypton from this workstation? (same as sudo apt-get/yum remove kr)")
++	confirmOrFatal(os.Stderr, "Uninstall Krypton from this workstation? (same as sudo pkg remove kr)")
+ 
+ 	exec.Command("killall", "krd").Run()
+ 
+@@ -87,6 +90,9 @@ func uninstallCommand(c *cli.Context) (e
+ 	if hasYaourt() {
+ 		runCommandWithUserInteraction("sudo", "yaourt", "-R", "kr")
+ 	}
++	if hasPkg() {
++		runCommandWithUserInteraction("sudo", "pkg", "remove", "kr")
++	}
+ 
+ 	cleanSSHConfig()
+ 	uninstallCodesigning()
+@@ -118,6 +124,9 @@ func upgradeCommand(c *cli.Context) (err
+ 	if hasYaourt() {
+ 		runCommandWithUserInteraction("sudo", "yaourt", "-Sy", "kr")
+ 	}
++	if hasPkg() {
++		runCommandWithUserInteraction("sudo", "pkg", "upgrade", "kr")
++	}
+ 
+ 	return
+ }
diff --git a/security/kr/pkg-descr b/security/kr/pkg-descr
new file mode 100644
index 000000000000..eb28c683c5e1
--- /dev/null
+++ b/security/kr/pkg-descr
@@ -0,0 +1,7 @@
+kr enables SSH to authenticate with a key stored in a Krypton (iOS or
+Android) mobile app. kr runs as an SSH agent, called krd. When a Krypton
+private key operation is needed for authentication, krd routes this
+request to the paired mobile phone, where the user decides whether to
+allow the operation or not. The private key never leaves the phone.
+
+WWW: https://krypt.co