commit acd55c9c722ab0f7810a22e04f1ebd113bb5c39f86bb8ad4041de8e9707194fd Author: Torsten Gruner Date: Sun Jun 2 07:56:45 2024 +0000 Accepting request 1177589 from home:pperego:branches:security - enabling PC Smartcard API support OBS-URL: https://build.opensuse.org/request/show/1177589 OBS-URL: https://build.opensuse.org/package/show/security/libfido2?expand=0&rev=54 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/libfido2-1.14.0.tar.gz b/libfido2-1.14.0.tar.gz new file mode 100644 index 0000000..6dfe43d --- /dev/null +++ b/libfido2-1.14.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3601792e320032d428002c4cce8499a4c7b803319051a25a0c9f1f138ffee45a +size 660289 diff --git a/libfido2-1.14.0.tar.gz.sig b/libfido2-1.14.0.tar.gz.sig new file mode 100644 index 0000000..2f83afe Binary files /dev/null and b/libfido2-1.14.0.tar.gz.sig differ diff --git a/libfido2.changes b/libfido2.changes new file mode 100644 index 0000000..bafe883 --- /dev/null +++ b/libfido2.changes @@ -0,0 +1,383 @@ +------------------------------------------------------------------- +Wed May 29 12:53:17 UTC 2024 - Paolo Perego + +- enabling PC Smartcard API support + +------------------------------------------------------------------- +Sat Nov 18 17:13:07 UTC 2023 - Dirk Müller + +- update to 1.14.0: + * fido2-cred -M, fido2-token -G: support raw client data + via -w flag. + * New API calls: + ** fido_assert_authdata_raw_len; + ** fido_assert_authdata_raw_ptr; + ** fido_assert_set_winhello_appid. +- add keyring for gpg validation + +------------------------------------------------------------------- +Fri Feb 24 10:08:21 UTC 2023 - Martin Sirringhaus + +- Version 1.13.0 (2023-02-20) + * Support for linking against OpenSSL on Windows; gh#668. + * New API calls: + + fido_assert_empty_allow_list; + + fido_cred_empty_exclude_list. + * fido2-token: fix issue when listing large blobs. + * Improved support for different fuzzing engines. + +------------------------------------------------------------------- +Wed Oct 5 20:40:55 UTC 2022 - Torsten Gruner + +- Version 1.12.0 (2022-09-22) + * Support for COSE_ES384. + * Support for hidraw(4) on FreeBSD; gh#597. + * Improved support for FIDO 2.1 authenticators. + * New API calls: + + es384_pk_free; + + es384_pk_from_EC_KEY; + + es384_pk_from_EVP_PKEY; + + es384_pk_from_ptr; + + es384_pk_new; + + es384_pk_to_EVP_PKEY; + + fido_cbor_info_certs_len; + + fido_cbor_info_certs_name_ptr; + + fido_cbor_info_certs_value_ptr; + + fido_cbor_info_maxrpid_minpinlen; + + fido_cbor_info_minpinlen; + + fido_cbor_info_new_pin_required; + + fido_cbor_info_rk_remaining; + + fido_cbor_info_uv_attempts; + + fido_cbor_info_uv_modality. + * Documentation and reliability fixes. +- Version 1.11.0 (2022-05-03) + * Experimental PCSC support; enable with -DUSE_PCSC. + * Improved OpenSSL 3.0 compatibility. + * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. + * winhello: advertise "uv" instead of "clientPin". + * winhello: support hmac-secret in fido_dev_get_assert(). + * New API calls: + + fido_cbor_info_maxlargeblob. + * Documentation and reliability fixes. + * Separate build and regress targets. + +------------------------------------------------------------------- +Mon Mar 28 16:53:52 UTC 2022 - Torsten Gruner + +- Version 1.10.0 (2022-01-17) + * hid_osx: handle devices with paths > 511 bytes; gh#462. + * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. + * winhello: fallback to GetTopWindow() if GetForegroundWindow() fails. + * winhello: fallback to hid_win.c if webauthn.dll isn’t available. + * New API calls: + - fido_dev_info_set; + - fido_dev_io_handle; + - fido_dev_new_with_info; + - fido_dev_open_with_info. + * Cygwin and NetBSD build fixes. + * Documentation and reliability fixes. + * Support for TPM 2.0 attestation of COSE_ES256 credentials. + +------------------------------------------------------------------- +Mon Jan 10 17:22:01 UTC 2022 - Guillaume GARDET + +- Use BuildRequires: openssl-devel instead of forcing 1.1 since 3.x + is now supported. + +------------------------------------------------------------------- +Mon Nov 1 14:39:51 UTC 2021 - Torsten Gruner + +- Version 1.9.0 (2021-10-27) + * Enabled NFC support on Linux. + * Added OpenSSL 3.0 compatibility. + * Removed OpenSSL 1.0 compatibility. + * Support for FIDO 2.1 "minPinLength" extension. + * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. + * Support for TPM 2.0 attestation. + * Support for device timeouts; see fido_dev_set_timeout(). + * New API calls: + - es256_pk_from_EVP_PKEY; + - fido_cred_attstmt_len; + - fido_cred_attstmt_ptr; + - fido_cred_pin_minlen; + - fido_cred_set_attstmt; + - fido_cred_set_pin_minlen; + - fido_dev_set_pin_minlen_rpid; + - fido_dev_set_timeout; + - rs256_pk_from_EVP_PKEY. + * Reliability and portability fixes. + * Better handling of HID devices without identification strings; gh#381. + * Fixed detection of Windows’s native webauthn API; gh#382. + +------------------------------------------------------------------- +Tue Sep 21 08:33:36 UTC 2021 - Paolo Perego + +- Removed fix-cmake-linking.patch because no longer needed + +------------------------------------------------------------------- +Tue Sep 14 13:49:56 UTC 2021 - Paolo Perego + +- Update to version 1.8.0: + * Dropped 'Requires.private' entry from pkg-config file. + * Better support for FIDO 2.1 authenticators. + * Support for Windows's native webauthn API. + * Support for attestation format 'none'. + * New API calls: + - fido_assert_set_clientdata; + - fido_cbor_info_algorithm_cose; + - fido_cbor_info_algorithm_count; + - fido_cbor_info_algorithm_type; + - fido_cbor_info_transports_len; + - fido_cbor_info_transports_ptr; + - fido_cred_set_clientdata; + - fido_cred_set_id; + - fido_credman_set_dev_rk; + - fido_dev_is_winhello. + * fido2-token: new -Sc option to update a resident credential. + * Documentation and reliability fixes. + * HID access serialisation on Linux. +- disable fix-cmake-linking.patch, not needed currently + +------------------------------------------------------------------- +Sat Apr 17 01:41:49 UTC 2021 - Ferdinand Thiessen + +- Update to version 1.7.0: + * hid_win: detect devices with vendor or product IDs > 0x7fff + * Support for FIDO 2.1 authenticator configuration. + * Support for FIDO 2.1 UV token permissions. + * Support for FIDO 2.1 "credBlobs" and "largeBlobs" extensions. + * New API calls + * New fido_init flag to disable fido_dev_open’s U2F fallback + * Experimental NFC support on Linux. +- Enabled hidapi again, issues related to hidapi are fixed upstream + * Added fix-cmake-linking.patch to fix linking + +------------------------------------------------------------------- +Wed Jan 20 09:46:41 UTC 2021 - Martin Pluskal + +- Update to version 1.6.0: + * Fix OpenSSL 1.0 and Cygwin builds. + * hid_linux: fix build on 32-bit systems. + * hid_osx: allow reads from spawned threads. + * Documentation and reliability fixes. + * New API calls: + + fido_cred_authdata_raw_len; + + fido_cred_authdata_raw_ptr; + + fido_cred_sigcount; + + fido_dev_get_uv_retry_count; + + fido_dev_supports_credman. + * Hardened Windows build. + * Native FreeBSD and NetBSD support. + * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. +- Drop 7a17a4e9127fb6df6278f19396760e7d60a5862c.patch +- Do not build examples as their build fails + +------------------------------------------------------------------- +Tue Nov 17 17:59:21 UTC 2020 - Hans Petter Jansson + +- Add Conflicts: to supersede version 1.0.0. This is needed for + a clean upgrade path on SLE. + +------------------------------------------------------------------- +Wed Sep 9 13:33:47 UTC 2020 - Ismail Dönmez + +- Add 7a17a4e9127fb6df6278f19396760e7d60a5862c.patch from upstream + to fix 32bit compilation issues. + +------------------------------------------------------------------- +Tue Sep 1 11:17:49 UTC 2020 - Ismail Dönmez + +- Update to version 1.5.0 + * hid_linux: return FIDO_OK if no devices are found. + * hid_osx: + + repair communication with U2F tokens, gh#166; + + reliability fixes. + * fido2-{assert,cred}: new options to explicitly toggle UP, UV. + * Support for configurable report lengths. + * New API calls: + + fido_cbor_info_maxcredcntlst + + fido_cbor_info_maxcredidlen + + fido_cred_aaguid_len + + fido_cred_aaguid_ptr + + fido_dev_get_touch_begin + + fido_dev_get_touch_status + * Use COSE_ECDH_ES256 with CTAP_CBOR_CLIENT_PIN; gh#154. + * Allow CTAP messages up to 2048 bytes; gh#171. + * Ensure we only list USB devices by default. + +------------------------------------------------------------------- +Fri Jul 24 19:33:15 UTC 2020 - Stefan Brüns + +- Cleanup udev rules, trying to use the Debian specific plugdev + group fills up the journal. +- Make the udev rules package noarch, correct Summary + +------------------------------------------------------------------- +Fri Jul 3 09:11:31 UTC 2020 - Ismail Dönmez + +- Create a udev subpackage and ship the udev rule + +------------------------------------------------------------------- +Thu Jul 2 13:03:31 UTC 2020 - Ismail Dönmez + +- Don't build with hidapi support to fix issues with Yubikey 5Ci + https://github.com/Yubico/libfido2/issues/190 + +------------------------------------------------------------------- +Mon May 25 08:11:27 UTC 2020 - Ismail Dönmez + +- Update to version 1.4.0 + * hid_hidapi: hidapi backend; enable with -DUSE_HIDAPI=1. + * Fall back to U2F if the key claims to, but does not support FIDO2. + * FIDO2 credential protection (credprot) support. + * New API calls: + + fido_cbor_info_fwversion; + + fido_cred_prot; + + fido_cred_set_prot; + + fido_dev_set_transport_functions; + + fido_set_log_handler. + * Fixed EdDSA and RSA self-attestation. + +------------------------------------------------------------------- +Sun Mar 1 00:28:37 UTC 2020 - Marcus Rueckert + +- Version 1.3.1 + - fix zero-ing of le1 and le2 when talking to a U2F device. + - dropping sk-libfido2 middleware, please find it in the openssh + tree. + +------------------------------------------------------------------- +Sun Dec 8 23:00:20 UTC 2019 - Karol Babioch + +- Version 1.3.0 (2019-11-28) + * assert/hmac: encode public key as per spec, gh#60. + * fido2-cred: fix creation of resident keys. + * fido2-{assert,cred}: support for hmac-secret extension. + * hid_osx: detect device removal, gh#56. + * hid_osx: fix device detection in MacOS Catalina. + * New API calls: + - fido_assert_set_authdata_raw; + - fido_assert_sigcount; + - fido_cred_set_authdata_raw; + - fido_dev_cancel. + * Middleware library for use by OpenSSH. + * Support for biometric enrollment. + * Support for OpenBSD. + * Support for self-attestation. + +------------------------------------------------------------------- +Mon Sep 16 13:51:47 UTC 2019 - simmphonie@opensuse.org + +- Version 1.2.0 (released 2019-07-26) + * Credential management support. + * New API reflecting FIDO’s 3-state booleans (true, false, absent): + - fido_assert_set_up; + - fido_assert_set_uv; + - fido_cred_set_rk; + - fido_cred_set_uv. + * Command-line tools for Windows. + * Documentation and reliability fixes. + * fido_{assert,cred}_set_options() are now marked as deprecated. + +------------------------------------------------------------------- +Tue May 28 21:26:35 UTC 2019 - Karol Babioch + +- Version 1.1.0 (released 2019-05-08) + * EdDSA (Ed25519) support. + * fido_dev_make_cred: fix order of CBOR map keys. + * fido_dev_get_assert: plug memory leak when operating on U2F devices. + +------------------------------------------------------------------- +Sat Apr 20 18:50:23 UTC 2019 - Jan Engelhardt + +- Use automatic dependency discovery for + libfido2-utils -> libfido2-1_0-0. + +------------------------------------------------------------------- +Tue Apr 16 06:52:58 UTC 2019 - Karol Babioch + +- Added Conflicts to libfido2-0_4_0 to make sure upgrade goes smoothly as + outline in sr#690566 + +------------------------------------------------------------------- +Tue Apr 2 07:05:19 UTC 2019 - Karol Babioch + +- Split utilities into sub-package libfido2-utils and package man pages + correctly (bsc#1131163) + +------------------------------------------------------------------- +Thu Mar 21 09:10:24 UTC 2019 - Karol Babioch + +- Version 1.0.0 (released 2019-03-21) + * Native HID support on Linux, MacOS, and Windows. + * fido2-{assert,cred}: new -u option to force U2F on dual authenticators. + * fido2-assert: support for multiple resident keys with the same RP. + * Strict checks for CTAP2 compliance on received CBOR payloads. + * Better fuzzing harnesses. + * Documentation and reliability fixes. + +------------------------------------------------------------------- +Wed Jan 9 09:32:01 UTC 2019 - Karol Babioch + +- Version 0.4.0 (released 2019-01-07) + * fido2-assert: print the user id for resident credentials. + * Fix encoding of COSE algorithms when making a credential. + * Rework purpose of fido_cred_set_type; no ABI change. + * Minor documentation and code fixes. +- Dropped patch that is included upstream now: fix-release-build.patch + +------------------------------------------------------------------- +Mon Oct 1 16:35:14 UTC 2018 - Karol Babioch + +- Added patch: + * fix-release-build.patch: Disables regression tests as proposed by upstream + +------------------------------------------------------------------- +Mon Oct 1 06:56:58 UTC 2018 - Karol Babioch + +- Applied spec-cleaner + +------------------------------------------------------------------- +Sun Sep 30 08:41:05 UTC 2018 - t.gruner@katodev.de + +- Build package without regression tests +- Version 0.3.0 (released 2018-09-11) + - Various reliability fixes. + - Merged fuzzing instrumentation. + - Added regress tests. + - Added support for FIDO 2’s hmac-secret extension. + - New API calls: + * fido_assert_hmac_secret_len; + * fido_assert_hmac_secret_ptr; + * fido_assert_set_extensions; + * fido_assert_set_hmac_salt; + * fido_cred_set_extensions; + * fido_dev_force_fido2. + - Support for native builds with Microsoft Visual Studio 17. + +------------------------------------------------------------------- +Fri Sep 28 19:05:32 UTC 2018 - Jan Engelhardt + +- Fix RPM group. Wrap description. + +------------------------------------------------------------------- +Thu Jun 21 08:51:47 UTC 2018 - t.gruner@katodev.de + +- Version 0.2.0 (released 2018-06-20) + - Added command-line tools. + - Added a couple of missing get functions. + +- Version 0.1.1 (released 2018-06-05) + - Added documentation. + - Added OpenSSL 1.0 support. + - Minor fixes. + +------------------------------------------------------------------- +Sun May 27 20:10:41 UTC 2018 - t.gruner@katodev.de + +- update to version 0.1.0 + +------------------------------------------------------------------- +Mon Apr 30 20:03:20 UTC 2018 - t.gruner@katodev.de + +- Initial release version 0_git diff --git a/libfido2.keyring b/libfido2.keyring new file mode 100644 index 0000000..dc6d99f --- /dev/null +++ b/libfido2.keyring @@ -0,0 +1,38 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEX2GtChYJKwYBBAHaRw8BAQdAXtF26PPVnk3a2UWoHe61aN1EwpBWXbKDhel3 +QrBTSVi0MUx1ZHZpZyBNaWNoYWVsc3NvbiA8bHVkdmlnLm1pY2hhZWxzc29uQGdt +YWlsLmNvbT6IkQQTFgoAOQIbAQQLCQgHBBUKCQgFFgIDAQACHgECF4AWIQR42ZfV +PpwKKiBTku0UoZeEcjyZiAUCX2Gu5wIZAQAKCRAUoZeEcjyZiNAZAP9GQtAV2Hwo +OUFmlzIR14BYpmSeMkafm3rvBFudTgwZpgEAp7tSOkar9lglvt+JzuT3/HakxUUJ +YiwqIDey9xhiTgy0Mkx1ZHZpZyBNaWNoYWVsc3NvbiA8bHVkdmlnLm1pY2hhZWxz +c29uQHl1Ymljby5jb20+iI4EExYKADYWIQR42ZfVPpwKKiBTku0UoZeEcjyZiAUC +X2GuMQIbAQQLCQgHBBUKCQgFFgIDAQACHgECF4AACgkQFKGXhHI8mYiYRwD+OGtP +gKJYD5n1W6fDWnt+YHOVPkpqTJqVWXsYYe6SACABAP3mduQ4XB/ZmwCk67VT6b5T +lAUamAKeqSPAcjD5fwMDuDMEX2Gt0BYJKwYBBAHaRw8BAQdARvrBRyA4/r+Lz80F +c+4kRpIOTnCcGkqrzIyVbKYuNAeIfgQYFgoAJgIbIBYhBHjZl9U+nAoqIFOS7RSh +l4RyPJmIBQJhLHrtBQkDwpt2AAoJEBShl4RyPJmIS7EBAJbpbnsFuYHfwbZxA5Wp +XYAx8soXp+VLK9Rr1ysj4D4kAP4+XGsRuxHz51/ozDmLrg0N1LCJUu8kSgJvLxaF +N16lB4h+BBgWCgAmAhsgFiEEeNmX1T6cCiogU5LtFKGXhHI8mYgFAmTkTAMFCQeG +U9IACgkQFKGXhHI8mYiYFgD8CMfL31/Hsbe0ljGwzIl4q6l3pwxpRdw6AGlKOdBH +OysA/jvnvn72GObyvEbO7Cn9Bl4IWYM7r58YKZvGoGpiPPcPuDgEX2GtqBIKKwYB +BAGXVQEFAQEHQGWO4s7Lq78mRIAz37j6Xed/CGUjL+L7KbR/k2va24p+AwEIB4h+ +BBgWCgAmAhsMFiEEeNmX1T6cCiogU5LtFKGXhHI8mYgFAmEseu0FCQPCm54ACgkQ +FKGXhHI8mYjjhgEAk//4GzFq6fVCYbFMjxx0yDL4jeHv2pk0NNfG1ZC/oDYBAJ2k +OUygl4/Bj1qkJGwVXQ+rRyUzQjamTeA/zbK/D24IiH4EGBYKACYCGwwWIQR42ZfV +PpwKKiBTku0UoZeEcjyZiAUCZORMAwUJB4ZT+gAKCRAUoZeEcjyZiJRPAP9uSXQ8 +3okDTOKnW5Gc/C9LdnVoEecJLIGZ+dBG/RTVqQEA/NyEnt+Z24lpISK3GPsQA4/l +wRBoxyx0l1lvhm+TcgW4MwRfYa18FgkrBgEEAdpHDwEBB0BKG/DHdgwhKvp9LzNW +IkeQd6YsRWimcz8pMb5WzpKObYj1BBgWCgAmAhsCFiEEeNmX1T6cCiogU5LtFKGX +hHI8mYgFAmEseucFCQPCm8oAgXYgBBkWCgAdFiEEs3AD/xWgaKQT5QscPWpJ5MTg +tnMFAl9hrXwACgkQPWpJ5MTgtnMdlgD7BguE7EqfAqnoJVyrWK0SeyRiBn8wji4T +aKo0MBOkAMgBALk3dIm1zGlcVEFiRYY5CRX9shJyg6Zq76JDF5GmpKcACRAUoZeE +cjyZiPdnAQDA10QUzP3Fjs0dd6T6kyn1aIUPk8HDzDlVHAYznQzErQEA8uLC8a7V +m0IE/6ycNbeHnxeicKNQwrTxyU13FntdUQ+I9QQYFgoAJgIbAhYhBHjZl9U+nAoq +IFOS7RShl4RyPJmIBQJk5EvwBQkHhlQmAIF2IAQZFgoAHRYhBLNwA/8VoGikE+UL +HD1qSeTE4LZzBQJfYa18AAoJED1qSeTE4LZzHZYA+wYLhOxKnwKp6CVcq1itEnsk +YgZ/MI4uE2iqNDATpADIAQC5N3SJtcxpXFRBYkWGOQkV/bIScoOmau+iQxeRpqSn +AAkQFKGXhHI8mYhjHAD8Dk6wgszX3xUKWZ9e2VJG66PkMhEN5KKfhFNEPuiq2mQA +/1lHVz/OkZJFeDN9KRCb8OnL9KyIdC92taU2FRTqbhAC +=0rPN +-----END PGP PUBLIC KEY BLOCK----- diff --git a/libfido2.spec b/libfido2.spec new file mode 100644 index 0000000..b7aefb1 --- /dev/null +++ b/libfido2.spec @@ -0,0 +1,144 @@ +# +# spec file for package libfido2 +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define sover 1 +Name: libfido2 +Version: 1.14.0 +Release: 0 +Summary: FIDO U2F and FIDO 2.0 protocols +License: BSD-2-Clause +Group: Development/Libraries/C and C++ +URL: https://developers.yubico.com/ +Source0: https://developers.yubico.com/libfido2/Releases/%{name}-%{version}.tar.gz +Source1: https://developers.yubico.com/libfido2/Releases/%{name}-%{version}.tar.gz.sig +Source2: libfido2.keyring +BuildRequires: cmake +BuildRequires: gcc-c++ +%if 0%{?suse_version} >= 1540 || 0%{?sle_version} >= 150400 +BuildRequires: libopenssl-3-devel +%else +BuildRequires: pkgconfig(openssl) +%endif +BuildRequires: ninja +BuildRequires: pkgconfig +BuildRequires: pkgconfig(hidapi-hidraw) +BuildRequires: pkgconfig(libcbor) +BuildRequires: pkgconfig(libudev) +BuildRequires: pkgconfig(zlib) +# For PCSC API +BuildRequires: pcsc-lite-devel + +%description +Provides library functionality for communicating with a FIDO device +over USB as well as verifying attestation and assertion signatures. + +%package -n %{name}-%{sover} +Summary: FIDO U2F and FIDO 2.0 protocols +Group: Development/Libraries/C and C++ +Provides: %{name} = %{version} +Obsoletes: %{name} < %{version} + +%description -n %{name}-%{sover} +This library supports the FIDO U2F and FIDO 2.0 protocols for +communicating with a USB authenticator via the +Client-to-Authenticator Protocol (CTAP 1 and 2). +This library is compiled with experimental support for Smardcard API (PC/SC) + +%package -n %{name}-devel +Summary: Development files for FIDO U2F and FIDO 2.0 protocols +Group: Development/Libraries/C and C++ +Requires: %{name}-%{sover} = %{version} +Requires: openssl-devel +Conflicts: libfido2-0_4_0 +Conflicts: libfido2-1_0_0 + +%description -n %{name}-devel +This package contains the header file needed to develop applications that +use FIDO U2F and FIDO 2.0 protocols. + +%package -n %{name}-utils +Summary: Utility programs making use of libfido2, a library for FIDO U2F and FIDO 2.0 +Group: Hardware/Other +Conflicts: libfido2-0_4_0 +Conflicts: libfido2-1_0_0 + +%description -n %{name}-utils +This package contains utilities to use FIDO U2F and FIDO 2.0 protocols. + +%package -n %{name}-udev +Summary: Udev rules for libfido2 +Group: Development/Libraries/C and C++ +BuildArch: noarch + +%description -n %{name}-udev +This package contains the udev rules for FIDO2 compatible devices. + +%prep +%autosetup -p1 + +%build +%define __builder ninja +%cmake \ + -DCBOR_LIBRARY_DIRS=%{_libdir} \ + -DBUILD_EXAMPLES=OFF \ + -DUSE_HIDAPI=ON \ + -DUSE_PCSC=ON \ + -DNFC_LINUX=ON +%cmake_build + +%install +%cmake_install + +# Remove Debian specific plugdev setting from udev rules +sed -i -e 's/, GROUP="plugdev"//g ; s/, MODE="0660"//g' udev/70-u2f.rules +# u2f-host has the same udev rule, use a different name +mkdir -p %{buildroot}%{_udevrulesdir} +install -m 0644 udev/70-u2f.rules %{buildroot}%{_udevrulesdir}/70-fido2.rules + +find %{buildroot} -type f -name "*.a" -delete -print + +%post -n %{name}-%{sover} -p /sbin/ldconfig +%postun -n %{name}-%{sover} -p /sbin/ldconfig + +%post udev +%{udev_rules_update} + +%postun udev +%{udev_rules_update} + +%files -n %{name}-%{sover} +%license LICENSE +%doc README.adoc +%{_libdir}/%{name}.so.* + +%files -n %{name}-devel +%{_includedir}/*.h +%dir %{_includedir}/fido +%{_includedir}/fido/*.h +%{_libdir}/%{name}.so +%{_mandir}/man3/* +%{_libdir}/pkgconfig/* + +%files udev +%{_udevrulesdir}/70-fido2.rules + +%files -n %{name}-utils +%{_bindir}/fido2-* +%{_mandir}/man1/* + +%changelog