Update to 0.13.0, based on wip/opensc (which is a post 0.13.0 git

snapshot) by Richard Hansen of BBN. Mostly the update is straightforward, with a bit more effort to avoid pthreads. (Threads are not ok because pam modules dlopen opensc, and pam modules are used from nonthreaded programs.) New in 0.13.0; 2012-12-04 * New card driver ePass2003. * OpenPGP card: greatly improved card driver and PKCS#15 emulation; implemented write (pkcs15init) mode; greatly enhanced documentation and tools. * ECDSA keys supported in 'read' and 'write' modes by internal PKCS#15 library, PKCS#11 and tools. * Minidriver in 'write' mode. * SM: secure messaging in GlobalPlatform-SP01 and CW14890 specifications; supported by ePass2003, IAS/ECC and AuthentIC cards; "ACL" and "APDU" modes to trigger secure messaging session; 'local' version of the external secure messaging module. * PKCS#15: support of 'secret-key' PKCS#15 objects support of 'authentication-object' PKCS#15 objects support of 'algReference' common key PKCS#15 attribute support of 'algReference' common key PKCS#15 attribute support of 'subjectName' common public key PKCS#15 attribute * PKCS#11: removed 'onepin' version of pkcs#11 module configuration options to expose slots for PINs and present on-card applications. support GOSTR3410 generate key mechanism * Support of PACE reader. * Remove libltdl reference. * ECDSA supported by MyEID card * New card driver for the SmartCard-HSM, a light-weight hardware security module * New useful commands in 'opensc-explorer' tool: 'find', 'put-data', ... * fixed SIGV issue due to the unsupported public key format * fixes for the number of documentation issues
2014-03-14 20:49:56 +00:00 · 2014-03-14 20:49:56 +00:00 · 80bfdc7d0b
commit 80bfdc7d0b
parent ce9a0fd2b8
13 changed files with 144 additions and 69 deletions
--- a/security/opensc/Makefile
+++ b/security/opensc/Makefile
@ -1,13 +1,12 @@
-# $NetBSD: Makefile,v 1.18 2014/02/12 23:18:34 tron Exp $
+# $NetBSD: Makefile,v 1.19 2014/03/14 20:49:56 gdt Exp $

-OPENSC_PKG_VERSION=	0.12.2
+OPENSC_PKG_VERSION=	0.13.0
 DISTNAME=		opensc-${OPENSC_PKG_VERSION}
-PKGREVISION=		4
 CATEGORIES=		security
-MASTER_SITES=		http://www.opensc-project.org/files/opensc/
+MASTER_SITES=		${MASTER_SITE_SOURCEFORGE:=opensc/OpenSC/opensc-0.13.0/}

 MAINTAINER=		pkgsrc-users@NetBSD.org
-HOMEPAGE=		http://www.opensc-project.org/opensc/
+HOMEPAGE=		https://github.com/OpenSC/OpenSC/wiki
 COMMENT=		Smart Card drivers and middleware
 LICENSE=		gnu-lgpl-v2.1

@ -16,6 +15,15 @@ USE_LIBTOOL=		YES
 USE_OLD_DES_API=	YES
 USE_TOOLS+=		gmake pkg-config

+USE_TOOLS+=		autoreconf autoconf automake
+AUTOCONF_REQD=		2.60
+AUTOMAKE_REQD=		1.10
+pre-configure:
+	cd ${WRKSRC:Q} && \
+	./bootstrap \
+		-s ${OPENSC_VERSION_SUFFIX:Q} \
+		-r ${OPENSC_VERSION_REVISION:Q}
+
 .include "options.mk"

 # Previous versions needed these, but 0.12.2 configure does not
@ -43,7 +51,9 @@ post-install:
 .include "../../textproc/libxslt/buildlink3.mk"
 .include "../../textproc/docbook-xsl/buildlink3.mk"

-.include "../../devel/libltdl/buildlink3.mk"
+# We avoid pthreads intentionally; tell dlopen not drag it in.
+DLOPEN_REQUIRE_PTHREADS=	no
+.include "../../mk/dlopen.buildlink3.mk"
 .include "../../mk/readline.buildlink3.mk"
 .include "../../devel/zlib/buildlink3.mk"
 BUILDLINK_API_DEPENDS.openssl+=	openssl>=0.9.7
--- a/security/opensc/PLIST
+++ b/security/opensc/PLIST
@ -1,8 +1,10 @@
-@comment $NetBSD: PLIST,v 1.6 2012/11/30 14:44:34 gdt Exp $
+@comment $NetBSD: PLIST,v 1.7 2014/03/14 20:49:56 gdt Exp $
 bin/cardos-tool
 bin/cryptoflex-tool
 bin/eidenv
+bin/iasecc-tool
 bin/netkey-tool
+bin/openpgp-tool
 bin/opensc-explorer
 bin/opensc-tool
 bin/piv-tool
@ -10,18 +12,19 @@ bin/pkcs11-tool
 bin/pkcs15-crypt
 bin/pkcs15-init
 bin/pkcs15-tool
+bin/sc-hsm-tool
 bin/westcos-tool
 lib/libopensc.la
-lib/onepin-opensc-pkcs11.la
 lib/opensc-pkcs11.la
 lib/pkcs11-spy.la
-lib/pkcs11/onepin-opensc-pkcs11.so
 lib/pkcs11/opensc-pkcs11.so
 lib/pkcs11/pkcs11-spy.so
 man/man1/cardos-tool.1
 man/man1/cryptoflex-tool.1
 man/man1/eidenv.1
+man/man1/iasecc-tool.1
 man/man1/netkey-tool.1
+man/man1/openpgp-tool.1
 man/man1/opensc-explorer.1
 man/man1/opensc-tool.1
 man/man1/piv-tool.1
@ -29,6 +32,7 @@ man/man1/pkcs11-tool.1
 man/man1/pkcs15-crypt.1
 man/man1/pkcs15-init.1
 man/man1/pkcs15-tool.1
+man/man1/sc-hsm-tool.1
 man/man1/westcos-tool.1
 man/man5/pkcs15-profile.5
 share/doc/opensc/NEWS
@ -38,6 +42,7 @@ share/opensc/authentic.profile
 share/opensc/cardos.profile
 share/opensc/cyberflex.profile
 share/opensc/entersafe.profile
+share/opensc/epass2003.profile
 share/opensc/flex.profile
 share/opensc/gpk.profile
 share/opensc/ias_adele_admin1.profile
@ -53,9 +58,11 @@ share/opensc/miocos.profile
 share/opensc/muscle.profile
 share/opensc/myeid.profile
 share/opensc/oberthur.profile
+share/opensc/openpgp.profile
 share/opensc/pkcs15.profile
 share/opensc/rutoken.profile
 share/opensc/rutoken_ecp.profile
+share/opensc/sc-hsm.profile
 share/opensc/setcos.profile
 share/opensc/starcos.profile
 share/opensc/westcos.profile
--- a/security/opensc/distinfo
+++ b/security/opensc/distinfo
@ -1,12 +1,14 @@
-$NetBSD: distinfo,v 1.10 2012/11/30 14:44:34 gdt Exp $
+$NetBSD: distinfo,v 1.11 2014/03/14 20:49:56 gdt Exp $

-SHA1 (opensc-0.12.2.tar.gz) = 8c34be52eb94025eb181c02b466223901bef744c
-RMD160 (opensc-0.12.2.tar.gz) = 45504135db05fd404a357ebd8bea047c5c8604dc
-Size (opensc-0.12.2.tar.gz) = 1738553 bytes
-SHA1 (patch-aa) = f7993647c19d3cca3b976d66a97ee18fca12f8b2
-SHA1 (patch-ab) = 4d19b0990b227aceb3ab4bf8c1f222f337ee1ff7
-SHA1 (patch-configure) = fcd938ec3f269642fbd577868768c8ac67270be6
-SHA1 (patch-src_common_compat__getopt.c) = a1a473a6d2690dacb968be7991e6218233b20e7f
-SHA1 (patch-src_common_compat__getopt.h) = cdd04e708f249a3969a47c4ed458d6b86a11d2f1
-SHA1 (patch-src_common_compat__getopt__main.c) = 0a9a608434ec8f274627b2f65f5c53a6ceb79f2a
-SHA1 (patch-src_pkcs11_pkcs11-global.c) = 5d0d23706f932f10a63d8da82ab34d3c00e470f5
+SHA1 (opensc-0.13.0.tar.gz) = 9285ccbed7b49f63e488c8fb1b3e102994a28218
+RMD160 (opensc-0.13.0.tar.gz) = 394e46a8a538155e33d9dcf830edc5db746086b7
+Size (opensc-0.13.0.tar.gz) = 1946899 bytes
+SHA1 (patch-aa) = 4c5110104252d2ec184cfc0ae7c194b12a91e176
+SHA1 (patch-ab) = 49f3ada86b4f7485ee56162b31bd75f740c4d5cc
+SHA1 (patch-bootstrap) = 76daef144be7020591d2b2d10ee7ba48ff4fdd6d
+SHA1 (patch-configure.ac) = ac79998c543ed51a2aa411486fa23edc51b7973f
+SHA1 (patch-src_common_compat__getopt.c) = cf65417e3ee047c5891d0b23f9afc46a5c256224
+SHA1 (patch-src_common_compat__getopt.h) = e34a67b7f5cf524e16301a4b3719c3f36cf82260
+SHA1 (patch-src_common_compat__getopt__main.c) = cf077d5a0db4c738738dfe54494b3292c166adfb
+SHA1 (patch-src_libopensc_log.c) = e7fd7477907284000cda18465624df21b2545266
+SHA1 (patch-src_pkcs11_pkcs11-global.c) = 991a9b3f5389d8b7033db3be32895216315d4ef0
--- a/security/opensc/patches/patch-aa
+++ b/security/opensc/patches/patch-aa
@ -1,21 +1,19 @@
-$NetBSD: patch-aa,v 1.3 2012/11/30 14:44:34 gdt Exp $
+$NetBSD: patch-aa,v 1.4 2014/03/14 20:49:56 gdt Exp $

 Disable installation of config file, because pkgsrc installs config
 files as examples.

--- etc/Makefile.in.orig	2011-07-15 10:47:01.000000000 +0000
-+++ etc/Makefile.in
-@@ -466,12 +466,7 @@ opensc.conf: opensc.conf.in force
- 		-e 's|@pkgdatadir[@]|$(pkgdatadir)|g' \
- 		-e 's|@DEFAULT_PCSC_PROVIDER[@]|$(DEFAULT_PCSC_PROVIDER)|g' \
+--- etc/Makefile.am.orig	2012-12-04 14:43:40.000000000 +0000
+++ etc/Makefile.am
+@@ -22,11 +22,3 @@ opensc.conf: opensc.conf.in force
+ 		-e 's|@DEFAULT_SM_MODULE[@]|$(DEFAULT_SM_MODULE)|g' \
+ 		-e 's|@DEBUG_FILE[@]|$(DEBUG_FILE)|g' \
 		< $< > $@
-install-exec-hook:	install-sysconfDATA opensc.conf
+-
+-install-exec-hook: opensc.conf
+-	$(MKDIR_P) "$(DESTDIR)$(sysconfdir)"
 -	if [ -f "$(DESTDIR)$(sysconfdir)/opensc.conf" ]; then \
 -		$(INSTALL_DATA) opensc.conf "$(DESTDIR)$(sysconfdir)/opensc.conf.new"; \
 -	else \
 -		$(INSTALL_DATA) opensc.conf "$(DESTDIR)$(sysconfdir)/opensc.conf"; \
 -	fi
-+install-exec-hook:
- 
- # Tell versions [3.59,3.63) of GNU make to not export all variables.
- # Otherwise a system limit (for SysV at least) may be exceeded.
--- a/security/opensc/patches/patch-ab
+++ b/security/opensc/patches/patch-ab
@ -1,15 +1,15 @@
-$NetBSD: patch-ab,v 1.3 2012/11/30 14:44:34 gdt Exp $
+$NetBSD: patch-ab,v 1.4 2014/03/14 20:49:56 gdt Exp $

 This patch was added 2009-09-10 by hasso@, with comment:
  More userfriendly default configuration.

--- etc/opensc.conf.in.orig	2011-07-05 11:28:53.000000000 +0000
+--- etc/opensc.conf.in.orig	2012-12-04 14:43:40.000000000 +0000
 +++ etc/opensc.conf.in
-@@ -309,6 +309,7 @@ app default {
+@@ -453,6 +453,7 @@ app default {
 		#
 		# Default: no
 		# try_emulation_first = yes;
 +		try_emulation_first = yes;
- 		
+ 
 		# Enable builtin emulators.
 		# Default: yes
--- a/security/opensc/patches/patch-bootstrap
+++ b/security/opensc/patches/patch-bootstrap
@ -0,0 +1,18 @@
+$NetBSD: patch-bootstrap,v 1.1 2014/03/14 20:49:56 gdt Exp $
+
+  * fix sed regular expressions to be POSIX BREs (change '\s' to
+    '[[:space:]]', '+' to '\{1,\}') (not yet reported upstream)
+  * quote $SUFFIX and $REVISION variable expansions (not yet reported
+    upstream)
+
+--- bootstrap.orig	2012-12-04 14:43:40.000000000 +0000
+++ bootstrap
+@@ -9,7 +9,7 @@ rm -rf *~ *.cache *.m4 config.guess conf
+ 
+ if test ! -z "$1"; then
+     cp configure.ac configure.ac.orig
+-    sed 's/^define(\[PACKAGE_SUFFIX\],\s*\[\([-~]*[0-9a-zA-Z]*\)\])$/define(\[PACKAGE_SUFFIX\], \['$1'\])/g' configure.ac.orig > configure.ac
+    sed 's/^define(\[PACKAGE_SUFFIX\],[[:space:]]*\[\([-~]*[0-9a-zA-Z]*\)\])$/define(\[PACKAGE_SUFFIX\], \['"$SUFFIX"'\])/g' configure.ac.orig > configure.ac
+ fi
+ 
+ autoreconf --verbose --install --force
--- a/security/opensc/patches/patch-configure
+++ b/security/opensc/patches/patch-configure
@ -1,26 +0,0 @@
-$NetBSD: patch-configure,v 1.2 2012/11/30 14:44:35 gdt Exp $
-
-Make sure we do not link against -lpthread, as we only need mutexes
-that can be found in libc.
-
-Linking with -lpthread hurst with opensc-pkcs11.so since NetBSD-6.0
-libpthread cannot be loaded by dlopen()
-
--- configure.orig	2011-07-15 10:46:59.000000000 +0000
-+++ configure
-@@ -12903,6 +12903,15 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
- 
- acx_pthread_ok=no
- 
-+case "${host_cpu}-${host_os}" in
-+        *netbsd*)
-+		acx_pthread_ok=yes
-+		PTHREAD_CFLAGS=""
-+		PTHREAD_LIBS=""
-+		LIBS="$LIBS -lltdl"
-+	;;
-+esac
-+
- # We used to check for pthread.h first, but this fails if pthread.h
- # requires special compiler flags (e.g. on True64 or Sequent).
- # It gets checked for in the link test anyway.
--- a/security/opensc/patches/patch-configure.ac
+++ b/security/opensc/patches/patch-configure.ac
@ -0,0 +1,43 @@
+$NetBSD: patch-configure.ac,v 1.1 2014/03/14 20:49:56 gdt Exp $
+
+Patch taken from upstream post 0.13.0:
+  https://github.com/OpenSC/OpenSC/commit/11ff81367af9bc9dce2cbcb550cc463552a3b69e
+
+--- configure.ac.orig	2012-12-04 14:43:40.000000000 +0000
+++ configure.ac
+@@ -286,23 +286,19 @@ AC_CHECK_LIB(
+ 
+ if test "${WIN32}" = "no"; then
+ 	dnl dl support
+-	AC_CHECK_LIB(
+-		[dl],
+-		[dlopen],
+-		,
+-		[AC_MSG_ERROR([libdl required])]
+-	)
+	dnl https://github.com/OpenSC/OpenSC/commit/11ff81367af9bc9dce2cbcb550cc463552a3b69e
+	AC_SEARCH_LIBS([dlopen], [dl dld], [], [
+				 AC_MSG_ERROR([unable to find the dlopen() function])
+				 ])
+
+case "${host_cpu}-${host_os}" in
+        *netbsd*)
+		acx_pthread_ok=yes
+		PTHREAD_CFLAGS=""
+		PTHREAD_LIBS=""
+	;;
+esac
+ 
+-	dnl Special check for pthread support.
+-	AX_PTHREAD(
+-		[AC_DEFINE(
+-			[HAVE_PTHREAD],
+-			[1],
+-			[Define if you have POSIX threads libraries and header files.]
+-		)],
+-		[AC_MSG_ERROR([POSIX thread support required])]
+-	)
+-	CC="${PTHREAD_CC}"
+ fi
+ 
+ if test "${enable_minidriver}" = "yes"; then
--- a/security/opensc/patches/patch-src_common_compat__getopt.c
+++ b/security/opensc/patches/patch-src_common_compat__getopt.c
@ -1,8 +1,8 @@
-$NetBSD: patch-src_common_compat__getopt.c,v 1.1 2012/11/30 14:44:35 gdt Exp $
+$NetBSD: patch-src_common_compat__getopt.c,v 1.2 2014/03/14 20:49:56 gdt Exp $

 See comment in patch-src_common_compat__getopt.h.

--- src/common/compat_getopt.c.orig	2011-07-05 11:28:53.000000000 +0000
+--- src/common/compat_getopt.c.orig	2012-12-04 14:43:40.000000000 +0000
 +++ src/common/compat_getopt.c
@@ -25,7 +25,7 @@
 
--- a/security/opensc/patches/patch-src_common_compat__getopt.h
+++ b/security/opensc/patches/patch-src_common_compat__getopt.h
@ -1,4 +1,4 @@
-$NetBSD: patch-src_common_compat__getopt.h,v 1.1 2012/11/30 14:44:35 gdt Exp $
+$NetBSD: patch-src_common_compat__getopt.h,v 1.2 2014/03/14 20:49:56 gdt Exp $

 NetBSD has getopt_long but not getopt_long_only.  Replacing
 getopt_long causes a type conflict with the built-in implementation.
@ -6,9 +6,13 @@ The replacement is unnecesssary because getopt_long_only is not
 actually used.

 Reported upstream:
+http://article.gmane.org/gmane.comp.encryption.opensc.user/5931
+
+The following is the original mail archive URL, but it currently
+yields a '404 not found' error:
 https://www.opensc-project.org/pipermail/opensc-devel/2012-November/018668.html

--- src/common/compat_getopt.h.orig	2011-07-05 11:28:53.000000000 +0000
+--- src/common/compat_getopt.h.orig	2012-12-04 14:43:40.000000000 +0000
 +++ src/common/compat_getopt.h
@@ -30,7 +30,7 @@
 #include "config.h"
--- a/security/opensc/patches/patch-src_common_compatgetoptmain.c
+++ b/security/opensc/patches/patch-src_common_compatgetoptmain.c
@ -1,10 +1,10 @@
-$NetBSD: patch-src_common_compat__getopt__main.c,v 1.1 2012/11/30 14:44:35 gdt Exp $
+$NetBSD: patch-src_common_compat__getopt__main.c,v 1.2 2014/03/14 20:49:56 gdt Exp $

 See comment in patch-src_common_compat__getopt.h.  In addition, a
 kludge is added here to get the test file to build, pending a new
 release from upstream with the issue properly addressed.

--- src/common/compat_getopt_main.c.orig	2011-07-05 11:28:53.000000000 +0000
+--- src/common/compat_getopt_main.c.orig	2012-12-04 14:43:40.000000000 +0000
 +++ src/common/compat_getopt_main.c
@@ -173,6 +173,8 @@ main(int argc, char * argv[])
               progname);
--- a/security/opensc/patches/patch-src_libopensc_log.c
+++ b/security/opensc/patches/patch-src_libopensc_log.c
@ -0,0 +1,19 @@
+$NetBSD: patch-src_libopensc_log.c,v 1.1 2014/03/14 20:49:56 gdt Exp $
+
+--- src/libopensc/log.c.orig	2012-12-04 14:43:40.000000000 +0000
+++ src/libopensc/log.c
+@@ -91,7 +91,13 @@ static void sc_do_log_va(sc_context_t *c
+ 	gettimeofday (&tv, NULL);
+ 	tm = localtime (&tv.tv_sec);
+ 	strftime (time_string, sizeof(time_string), "%H:%M:%S", tm);
+-	r = snprintf(p, left, "0x%lx %s.%03ld ", (unsigned long)pthread_self(), time_string, tv.tv_usec / 1000);
+	r = snprintf(p, left, "0x%lx %s.%03ld ",
+#ifdef HAVE_PTHREAD
+		     (unsigned long)pthread_self(),
+#else
+		     (unsigned long) 0,
+#endif
+		     time_string, tv.tv_usec / 1000);
+ #endif
+ 	p += r;
+ 	left -= r;
--- a/security/opensc/patches/patch-src_pkcs11_pkcs11-global.c
+++ b/security/opensc/patches/patch-src_pkcs11_pkcs11-global.c
@ -1,10 +1,10 @@
-$NetBSD: patch-src_pkcs11_pkcs11-global.c,v 1.2 2012/11/30 14:44:35 gdt Exp $
+$NetBSD: patch-src_pkcs11_pkcs11-global.c,v 1.3 2014/03/14 20:49:56 gdt Exp $

 Use correct size for malloc.

 Not yet reported upstream.

--- src/pkcs11/pkcs11-global.c.orig	2011-07-05 11:28:53.000000000 +0000
+--- src/pkcs11/pkcs11-global.c.orig	2012-12-04 14:43:40.000000000 +0000
 +++ src/pkcs11/pkcs11-global.c
@@ -42,7 +42,7 @@ extern CK_FUNCTION_LIST pkcs11_function_
 #include <pthread.h>