Package wish: Yubikey-Manager

[fridlmue]

I would love to see https://github.com/Yubico/yubikey-manager in the chum repo. But, thb, I'm not able to get it packaged myself as I'm not experienced enough and I'm really confused with what packages are already there somehow (in the right versions) and what is missing. It is a Python lib. I tried some stuff, by copying things from suse:factory, but still I'm confused with most steps. I would love to take care of the packages (and the chain) but i need some help and guidance to get "on-boarded".

[rinigus]

Have you tried to install it with

• make venv
• pip into that venv?

[fridlmue]

not until you suggested. Now i did.
I had to install python3-crypography with zypper from some SF repo (don't know where it is located) as well as gcc and swig, as pip could not build it or without it.

But still it fails:

(yubikey) [nemo@XperiaX ~]$ pip install --user yubikey-manager
Collecting yubikey-manager
  Using cached yubikey_manager-4.0.5-py3-none-any.whl (153 kB)
Collecting fido2<1.0,>=0.9
  Using cached fido2-0.9.1-py2.py3-none-any.whl
Requirement already satisfied: cryptography<4.0,>=2.1 in /usr/lib/python3.8/site-packages (from yubikey-manager) (3.3.2)
Collecting pyscard<3.0,>=1.9
  Using cached pyscard-2.0.1.tar.gz (149 kB)
Collecting click<9.0,>=6.0
  Using cached click-8.0.1-py3-none-any.whl (97 kB)
Collecting pyOpenSSL>=0.15.1
  Using cached pyOpenSSL-20.0.1-py2.py3-none-any.whl (54 kB)
Requirement already satisfied: six>=1.4.1 in ./.local/lib/python3.8/site-packages (from cryptography<4.0,>=2.1->yubikey-manager) (1.16.0)
Requirement already satisfied: cffi>=1.12 in /usr/lib/python3.8/site-packages (from cryptography<4.0,>=2.1->yubikey-manager) (1.14.5)
Requirement already satisfied: pycparser in /usr/lib/python3.8/site-packages (from cffi>=1.12->cryptography<4.0,>=2.1->yubikey-manager) (2.20)
Requirement already satisfied: ply==3.11 in /usr/lib/python3.8/site-packages (from pycparser->cffi>=1.12->cryptography<4.0,>=2.1->yubikey-manager) (3.11)
Building wheels for collected packages: pyscard
  Building wheel for pyscard (setup.py) ... error
  ERROR: Command errored out with exit status 1:
   command: /home/nemo/yubikey/bin/python -u -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-omj2frhi/pyscard_1dcf8184de864e3aa2bea7c101d062fb/setup.py'"'"'; __file__='"'"'/tmp/pip-install-omj2frhi/pyscard_1dcf8184de864e3aa2bea7c101d062fb/setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(__file__) if os.path.exists(__file__) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' bdist_wheel -d /tmp/pip-wheel-jkhr8yt0
       cwd: /tmp/pip-install-omj2frhi/pyscard_1dcf8184de864e3aa2bea7c101d062fb/
  Complete output (17 lines):
  running bdist_wheel
  running build
  running build_py
  running build_ext
  building 'smartcard.scard._scard' extension
  swigging smartcard/scard/scard.i to smartcard/scard/scard_wrap.c
  swig -python -outdir smartcard/scard -DPCSCLITE -o smartcard/scard/scard_wrap.c smartcard/scard/scard.i
  creating build
  creating build/temp.linux-aarch64-3.8
  creating build/temp.linux-aarch64-3.8/smartcard
  creating build/temp.linux-aarch64-3.8/smartcard/scard
  gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -fmessage-length=0 -march=armv7-a -mfloat-abi=hard -mfpu=neon -mthumb -Wno-psabi -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -fmessage-length=0 -march=armv7-a -mfloat-abi=hard -mfpu=neon -mthumb -Wno-psabi -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -fmessage-length=0 -march=armv7-a -mfloat-abi=hard -mfpu=neon -mthumb -Wno-psabi -fPIC -DVER_PRODUCTVERSION=2,0,1,0000 -DVER_PRODUCTVERSION_STR=2.0.1 -DPCSCLITE=1 -Ismartcard/scard/ -I/usr/include/PCSC -I/usr/local/include/PCSC -I/home/nemo/yubikey/include -I/usr/include/python3.8 -c smartcard/scard/helpers.c -o build/temp.linux-aarch64-3.8/smartcard/scard/helpers.o
  smartcard/scard/helpers.c:28:10: fatal error: winscard.h: No such file or directory
   #include <winscard.h>
            ^~~~~~~~~~~~
  compilation terminated.
  error: command 'gcc' failed with exit status 1
  ----------------------------------------
  ERROR: Failed building wheel for pyscard
  Running setup.py clean for pyscard
Failed to build pyscard
Installing collected packages: pyscard, pyOpenSSL, fido2, click, yubikey-manager
    Running setup.py install for pyscard ... error
    ERROR: Command errored out with exit status 1:
     command: /home/nemo/yubikey/bin/python -u -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-omj2frhi/pyscard_1dcf8184de864e3aa2bea7c101d062fb/setup.py'"'"'; __file__='"'"'/tmp/pip-install-omj2frhi/pyscard_1dcf8184de864e3aa2bea7c101d062fb/setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(__file__) if os.path.exists(__file__) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-67tcrzpg/install-record.txt --single-version-externally-managed --user --prefix= --compile --install-headers include/site/python3.8/pyscard
         cwd: /tmp/pip-install-omj2frhi/pyscard_1dcf8184de864e3aa2bea7c101d062fb/
    Complete output (17 lines):
    running install
    running build
    running build_py
    running build_ext
    building 'smartcard.scard._scard' extension
    swigging smartcard/scard/scard.i to smartcard/scard/scard_wrap.c
    swig -python -outdir smartcard/scard -DPCSCLITE -o smartcard/scard/scard_wrap.c smartcard/scard/scard.i
    creating build
    creating build/temp.linux-aarch64-3.8
    creating build/temp.linux-aarch64-3.8/smartcard
    creating build/temp.linux-aarch64-3.8/smartcard/scard
    gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -fmessage-length=0 -march=armv7-a -mfloat-abi=hard -mfpu=neon -mthumb -Wno-psabi -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -fmessage-length=0 -march=armv7-a -mfloat-abi=hard -mfpu=neon -mthumb -Wno-psabi -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -fmessage-length=0 -march=armv7-a -mfloat-abi=hard -mfpu=neon -mthumb -Wno-psabi -fPIC -DVER_PRODUCTVERSION=2,0,1,0000 -DVER_PRODUCTVERSION_STR=2.0.1 -DPCSCLITE=1 -Ismartcard/scard/ -I/usr/include/PCSC -I/usr/local/include/PCSC -I/home/nemo/yubikey/include -I/usr/include/python3.8 -c smartcard/scard/helpers.c -o build/temp.linux-aarch64-3.8/smartcard/scard/helpers.o
    smartcard/scard/helpers.c:28:10: fatal error: winscard.h: No such file or directory
     #include <winscard.h>
              ^~~~~~~~~~~~
    compilation terminated.
    error: command 'gcc' failed with exit status 1
    ----------------------------------------
ERROR: Command errored out with exit status 1: /home/nemo/yubikey/bin/python -u -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-omj2frhi/pyscard_1dcf8184de864e3aa2bea7c101d062fb/setup.py'"'"'; __file__='"'"'/tmp/pip-install-omj2frhi/pyscard_1dcf8184de864e3aa2bea7c101d062fb/setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(__file__) if os.path.exists(__file__) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-67tcrzpg/install-record.txt --single-version-externally-managed --user --prefix= --compile --install-headers include/site/python3.8/pyscard Check the logs for full command output.

[rinigus]

According to quick search online, libpcsclite-dev should have this file in Debian. No idea if it is packaged for SFOS

[fridlmue]

Ok, I try to build pcsclite here: https://build.sailfishos.org/package/show/home:fridlmue/pcsc-lite
Once again I try to do that by copy pasting things from suse's OBS to check out if I could get it running at all. I fiddled arround in the spec a litle, but I think polkit is not available in a recent enough version:

[   61s] checking for polkit-gobject-1 >= 0.111... no
[   61s] configure: error: 
[   61s] ***
[   61s] *** polkit >= 0.111 was not found. Access control will be disabled.
[   61s] *** You may get it from http://www.freedesktop.org/software/polkit/
[   61s] *** 
[   61s] error: Bad exit status from /var/tmp/rpm-tmp.8f3jst (%build)

In the repos I find polkit only up to 0.105.

[rinigus]

I wonder whether some older version would do... The one that can work with older polkit

[fridlmue]

Once again: Good Idea!
It is building now. I was installing the package afterwards on my devel XperiaX with zypper in pcsc-lite, which failed with:

Installation of pcsc-lite-1.8.10-1.7.1.jolla.armv7hl failed:
Error: Subprocess failed. Error: RPM failed: useradd: Warning: missing or non-executable shell '/usr/sbin/nologin'
/var/tmp/rpm-tmp.yqHi2f: line 3: %service_add_pre: not found
error: %prein(pcsc-lite-1.8.10-1.7.1.jolla.armv7hl) scriptlet failed, exit status 127
error: pcsc-lite-1.8.10-1.7.1.jolla.armv7hl: install failed

So I commented line 138 in the .spec-file. But I really don't know what it does...
To install sucessfull, i also had to comment the following lines 139 to 149 which somehow handle some (systemd?) services. For sure, they are important, but i don't know how, thb.

After that I was able to install. I installed pcsc-lite-devel and python3-devel as well, after which i really was able to pip install this in a venv. Wow. I have to check later, if i can do useful stuff with it from the CLI.

Given that: If I want to build some kind of a GUI around that, would it still make sense to package the whole python stuff together for SFOS? Because I think I can't let the app do the pip install, can I?

[fridlmue]

The complete install procedure for my reference:

devel-su pkcon install zypper
devel-su ssu ar fridlmue http://repo.merproject.org/obs/home:/fridlmue/sailfish_latest_armv7hl/
devel-su pkcon refresh
devel-su zypper in python3-pip python3-cryptography nano gcc swig pcsc-lite pcsc-lite-devel python3-devel pcsc-ccid
pip install --user virtualenv
devel-su /usr/bin/easy_install virtualenv
virtualenv yubikey
nano yubikey/pyvenv.cfg 
-> Change include-system-site-packages = false to true
source yubikey/bin/activate
pip install --user yubikey-manager

Inside the venv these Packages are installed by pip:

yubikey-manager (yubikey_manager-4.0.5-py3-none-any.whl)
click<9.0,>=6.0 (click<9.0,>=6.0)
pyscard<3.0,>=1.9 (pyscard-2.0.1.tar.gz)
pyOpenSSL>=0.15.1 (pyOpenSSL-20.0.1-py2.py3-none-any.whl)
fido2<1.0,>=0.9 (fido2-0.9.1.tar.gz)

To successful work with the Yubikey i have to
systemctl start pcscd.service.

Now .local/bin/ykman info gives me some info about the key. Good so far!

I next tried to to devel-su /usr/bin/easy_install yubikey-manager, as i had some issues with it in the venv. That worked as well. ykman is now available.

Still I have some Issues, most likely https://build.opensuse.org/package/show/openSUSE:Factory/pcsc-ccid is missing now.

[rinigus]

Good work! Don't know how to properly package it, maybe someone at the forums could help...

[fridlmue]

Ok, finally: with installing now devel-su zypper in pcsc-ccid from my repo it really works. Now I can generate the OATH-Passwords with the plugged in yubikey on the Device. Never thought this would be gonna happen!
Thanks for the help so far, @rinigus!
Yes, I'll ask in the forum for help with it!

[fridlmue]

Just to give a little update on that. I was able to package the python packages click, pyscard and fido2 in the meanwhile. (At least I think i was successfully building that, i did not yet test to much.) pyOpenSSL seems to be available as python3-openssl in sailfish.
yubikey-manager still makes some kind of trouble and headache. I hope to get that figured out as well soon.

[fridlmue]

Okay, thanks a little help of @Thaodan i got the dependency chain at least building. So after installing yubikey-manager from http://repo.merproject.org/obs/home:/fridlmue/ things install well and ykman is available from the cli. But systemctl start pcscd.service still needs to be started manually.
If i get it right, it would be better to have proper tar_git packages. If so I would like to maintain them in chum's github in the future. Therefore I would need projects for:

• pcsc-ccid
• pcsc-lite
• python3-click (EDIT: I need to check, if Jollas version is new enough.)
• python3-fido2
• python3-makefun
• python3-pyscard
• python3-setuptools_scm
• yubikey-manager

Right?

[rinigus]

That would make sense. Is any of those listed packages available in SFOS already?

[fridlmue]

I searched for them, as I started to try to package them if I would have found them. So I think no.
python3-click, however, seems to be available now from Jolla as well in an older version. So lets wait with that one.

[rinigus]

OK, I will create these projects under https://github.com/sailfishos-chum and will make you a maintainer of them. You would have to accept the invitations in timely manner as they expire after some time.

[rinigus]

Done, repos added. Good luck!

[rinigus]

Closing here