diff options
author | Alan Somers <asomers@FreeBSD.org> | 2019-11-25 23:49:31 +0000 |
---|---|---|
committer | Alan Somers <asomers@FreeBSD.org> | 2019-11-25 23:49:31 +0000 |
commit | a6aa3c3cd749c4bb36d6545b5c215beccc71374e (patch) | |
tree | 39df0b29832471ab4f8a90fa3fcd656e6d5c0af3 /security/gnupg | |
parent | Fix build with src r354909 applied. (diff) |
security/gnupg: add the --shared-access option to scdaemon
gnupg's scdaemon opens smart cards in exclusive mode, which prevents other
applications (such as PKCS#11 libraries) from concurrently accessing the
card). Upstream refuses to fix the problem. This commit adds a
--shared-access option to scdaemon. When enabled, scdaemon will access the
smart card in shared mode, playing nicely with other applications. The
default behavior is unchanged.
See Also:
https://github.com/GPGTools/MacGPG2/commit/d6cb8039a0cdc74b9bdd89a3dfa93248aa2c4100
https://dev.gnupg.org/T3267
https://dev.gnupg.org/D320
https://github.com/OpenSC/OpenSC/issues/953
Reviewed by: adamw
Approved by: adamw (maintainer)
Obtained-from: GPGTools
Sponsored by: Axcient
Differential Revision: https://reviews.freebsd.org/D22473
Notes
Notes:
svn path=/head/; revision=518435
Diffstat (limited to 'security/gnupg')
-rw-r--r-- | security/gnupg/Makefile | 2 | ||||
-rw-r--r-- | security/gnupg/files/patch-doc_scdaemon.texi | 14 | ||||
-rw-r--r-- | security/gnupg/files/patch-scd_apdu.c | 11 | ||||
-rw-r--r-- | security/gnupg/files/patch-scd_scdaemon.c | 36 | ||||
-rw-r--r-- | security/gnupg/files/patch-scd_scdaemon.h | 11 | ||||
-rw-r--r-- | security/gnupg/files/patch-tools_gpgconf-comp.c | 12 |
6 files changed, 85 insertions, 1 deletions
diff --git a/security/gnupg/Makefile b/security/gnupg/Makefile index caaad163fd6b..caa92adf1fd4 100644 --- a/security/gnupg/Makefile +++ b/security/gnupg/Makefile @@ -2,7 +2,7 @@ PORTNAME= gnupg PORTVERSION= 2.2.17 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MASTER_SITES= GNUPG diff --git a/security/gnupg/files/patch-doc_scdaemon.texi b/security/gnupg/files/patch-doc_scdaemon.texi new file mode 100644 index 000000000000..f44dc1142da2 --- /dev/null +++ b/security/gnupg/files/patch-doc_scdaemon.texi @@ -0,0 +1,14 @@ +--- doc/scdaemon.texi.orig 2019-11-20 21:45:47 UTC ++++ doc/scdaemon.texi +@@ -300,6 +300,11 @@ Note that with the current version of Scdaemon the car + down immediately at the next timer tick for any value of @var{n} other + than 0. + ++@item --shared-access ++@opindex shared-access ++Open the smart card in shared mode, rather than exclusive. This will allow ++other applications like PKCS#11 libraries to use the smart card concurrently. ++ + @item --enable-pinpad-varlen + @opindex enable-pinpad-varlen + Please specify this option when the card reader supports variable diff --git a/security/gnupg/files/patch-scd_apdu.c b/security/gnupg/files/patch-scd_apdu.c new file mode 100644 index 000000000000..f3313b850367 --- /dev/null +++ b/security/gnupg/files/patch-scd_apdu.c @@ -0,0 +1,11 @@ +--- scd/apdu.c.orig 2019-07-09 09:08:45 UTC ++++ scd/apdu.c +@@ -816,7 +816,7 @@ connect_pcsc_card (int slot) + + err = pcsc_connect (reader_table[slot].pcsc.context, + reader_table[slot].rdrname, +- PCSC_SHARE_EXCLUSIVE, ++ opt.shared_access ? PCSC_SHARE_SHARED : PCSC_SHARE_EXCLUSIVE, + PCSC_PROTOCOL_T0|PCSC_PROTOCOL_T1, + &reader_table[slot].pcsc.card, + &reader_table[slot].pcsc.protocol); diff --git a/security/gnupg/files/patch-scd_scdaemon.c b/security/gnupg/files/patch-scd_scdaemon.c new file mode 100644 index 000000000000..4b2e62255de6 --- /dev/null +++ b/security/gnupg/files/patch-scd_scdaemon.c @@ -0,0 +1,36 @@ +--- scd/scdaemon.c.orig 2019-07-09 09:08:45 UTC ++++ scd/scdaemon.c +@@ -99,6 +99,7 @@ enum cmd_and_opt_values + oDenyAdmin, + oDisableApplication, + oEnablePinpadVarlen, ++ oSharedAccess, + oListenBacklog, + + oNoop +@@ -164,6 +165,8 @@ static ARGPARSE_OPTS opts[] = { + /* Stubs for options which are implemented by 2.3 or later. */ + ARGPARSE_s_s (oNoop, "application-priority", "@"), + ++ ARGPARSE_s_n (oSharedAccess, "shared-access", N_("use PCSC_SHARE_SHARED for pcsc_connect")), ++ + ARGPARSE_end () + }; + +@@ -629,6 +632,8 @@ main (int argc, char **argv ) + + case oNoop: break; + ++ case oSharedAccess: opt.shared_access = 1; break; ++ + default: + pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR; + break; +@@ -727,6 +732,7 @@ main (int argc, char **argv ) + es_printf ("disable-pinpad:%lu:\n", GC_OPT_FLAG_NONE ); + es_printf ("card-timeout:%lu:%d:\n", GC_OPT_FLAG_DEFAULT, 0); + es_printf ("enable-pinpad-varlen:%lu:\n", GC_OPT_FLAG_NONE ); ++ es_printf ("shared-access:%lu:\n", GC_OPT_FLAG_NONE ); + + scd_exit (0); + } diff --git a/security/gnupg/files/patch-scd_scdaemon.h b/security/gnupg/files/patch-scd_scdaemon.h new file mode 100644 index 000000000000..66748abf6bd6 --- /dev/null +++ b/security/gnupg/files/patch-scd_scdaemon.h @@ -0,0 +1,11 @@ +--- scd/scdaemon.h.orig 2019-07-09 09:08:45 UTC ++++ scd/scdaemon.h +@@ -62,6 +62,8 @@ struct + strlist_t disabled_applications; /* Card applications we do not + want to use. */ + unsigned long card_timeout; /* Disconnect after N seconds of inactivity. */ ++ ++ int shared_access; + } opt; + + diff --git a/security/gnupg/files/patch-tools_gpgconf-comp.c b/security/gnupg/files/patch-tools_gpgconf-comp.c new file mode 100644 index 000000000000..51bb3c1aca41 --- /dev/null +++ b/security/gnupg/files/patch-tools_gpgconf-comp.c @@ -0,0 +1,12 @@ +--- tools/gpgconf-comp.c.orig 2019-07-09 09:08:45 UTC ++++ tools/gpgconf-comp.c +@@ -653,6 +653,9 @@ static gc_option_t gc_options_scdaemon[] = + { "card-timeout", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC, + "gnupg", "|N|disconnect the card after N seconds of inactivity", + GC_ARG_TYPE_UINT32, GC_BACKEND_SCDAEMON }, ++ { "shared-access", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC, ++ "gnupg", "use PCSC_SHARE_SHARED for pcsc_connect", ++ GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON }, + + { "Debug", + GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED, |