On Thu, Dec 19, 2019 at 12:18:28PM -0600, Lucas Raab wrote: > Hello, > > Updated py-fido2 below and has been tested with a Yubikey 4 and > security/yubico/yubikey-manager. Note, either chmod the USB devices or > run ykman with doas after the recent USB device permissions changes. >
py-fido2 needs to be updated to use fido(4) instead of probing uhid devices (/dev/fido/X instead of /dev/uhidX). Fido is 0666 so you don't need This: https://github.com/Yubico/python-fido2/blob/master/fido2/_pyu2f/openbsd.py Like that: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libfido2/src/hid_openbsd.c.diff?r1=1.1&r2=1.2&f=h btw. the py code suffers from a TOCTOU problem because it scans for devices, closes them again and remembers the path (for example /dev/uhid0), and opens them later by path name before use. Nobody knows if it is still the same USB device... Reyk > Index: security/py-fido2/Makefile > =================================================================== > RCS file: /cvs/ports/security/py-fido2/Makefile,v > retrieving revision 1.1.1.1 > diff -u -p -r1.1.1.1 Makefile > --- security/py-fido2/Makefile 19 Nov 2019 18:52:50 -0000 1.1.1.1 > +++ security/py-fido2/Makefile 19 Dec 2019 18:16:54 -0000 > @@ -2,8 +2,7 @@ > > COMMENT = Python module to communicate with USB FIDO devices > > -MODPY_EGG_VERSION = 0.7.3 > - > +MODPY_EGG_VERSION = 0.8.1 > DISTNAME = fido2-${MODPY_EGG_VERSION} > PKGNAME = py-${DISTNAME} > > Index: security/py-fido2/distinfo > =================================================================== > RCS file: /cvs/ports/security/py-fido2/distinfo,v > retrieving revision 1.1.1.1 > diff -u -p -r1.1.1.1 distinfo > --- security/py-fido2/distinfo 19 Nov 2019 18:52:50 -0000 1.1.1.1 > +++ security/py-fido2/distinfo 19 Dec 2019 18:16:54 -0000 > @@ -1,2 +1,2 @@ > -SHA256 (fido2-0.7.3.tar.gz) = i1kuwOUTSPKWNnBv4yZkI6DkHDXJ32OiWakUiEUMEoU= > -SIZE (fido2-0.7.3.tar.gz) = 188262 > +SHA256 (fido2-0.8.1.tar.gz) = RJBo9odvOXyLuW68anXIHCaS8EUSbT8T7OIdQJrN98M= > +SIZE (fido2-0.8.1.tar.gz) = 201198 > Index: security/py-fido2/pkg/PLIST > =================================================================== > RCS file: /cvs/ports/security/py-fido2/pkg/PLIST,v > retrieving revision 1.1.1.1 > diff -u -p -r1.1.1.1 PLIST > --- security/py-fido2/pkg/PLIST 19 Nov 2019 18:52:50 -0000 1.1.1.1 > +++ security/py-fido2/pkg/PLIST 19 Dec 2019 18:16:54 -0000 > @@ -24,6 +24,8 @@ lib/python${MODPY_VERSION}/site-packages > > lib/python${MODPY_VERSION}/site-packages/fido2/${MODPY_PYCACHE}rpid.${MODPY_PYC_MAGIC_TAG}pyc > > lib/python${MODPY_VERSION}/site-packages/fido2/${MODPY_PYCACHE}server.${MODPY_PYC_MAGIC_TAG}pyc > > lib/python${MODPY_VERSION}/site-packages/fido2/${MODPY_PYCACHE}utils.${MODPY_PYC_MAGIC_TAG}pyc > +lib/python${MODPY_VERSION}/site-packages/fido2/${MODPY_PYCACHE}webauthn.${MODPY_PYC_MAGIC_TAG}pyc > +lib/python${MODPY_VERSION}/site-packages/fido2/${MODPY_PYCACHE}win_api.${MODPY_PYC_MAGIC_TAG}pyc > lib/python${MODPY_VERSION}/site-packages/fido2/_pyu2f/ > lib/python${MODPY_VERSION}/site-packages/fido2/_pyu2f/__init__.py > > ${MODPY_COMMENT}lib/python${MODPY_VERSION}/site-packages/fido2/_pyu2f/${MODPY_PYCACHE}/ > @@ -56,6 +58,8 @@ lib/python${MODPY_VERSION}/site-packages > lib/python${MODPY_VERSION}/site-packages/fido2/rpid.py > lib/python${MODPY_VERSION}/site-packages/fido2/server.py > lib/python${MODPY_VERSION}/site-packages/fido2/utils.py > +lib/python${MODPY_VERSION}/site-packages/fido2/webauthn.py > +lib/python${MODPY_VERSION}/site-packages/fido2/win_api.py > share/examples/${MODPY_PY_PREFIX}fido2/ > share/examples/${MODPY_PY_PREFIX}fido2/acr122u.py > share/examples/${MODPY_PY_PREFIX}fido2/acr122usam.py > @@ -64,4 +68,5 @@ share/examples/${MODPY_PY_PREFIX}fido2/c > share/examples/${MODPY_PY_PREFIX}fido2/get_info.py > share/examples/${MODPY_PY_PREFIX}fido2/hmac_secret.py > share/examples/${MODPY_PY_PREFIX}fido2/multi_device.py > +share/examples/${MODPY_PY_PREFIX}fido2/resident_key.py > share/examples/${MODPY_PY_PREFIX}fido2/u2f_nfc.py > > ok? >