From: Kirill A. Korinsky <kirill@korins.ky>
Subject: Re: [NEW]: security/nitrocli
To: Rubén Llorente <porting@use.startmail.com>
Cc: ports@openbsd.org, Stuart <stu@spacehopper.org>
Date: Sat, 09 Nov 2024 13:45:40 +0100

Ruben,

I jsut had recieved my Nitrokey and tried your port. Seems that readme had
missed some pices because when I do:

        nitrocli $ dmesg | tail                                     
        uhidev0: iclass 3/0
        fido0 at uhidev0: input=64, output=64, feature=0
        ugen0 at uhub0 port 1 configuration 1 "Nitrokey Nitrokey 3" rev 2.10/1.07 addr 2
        fido0 detached
        uhidev0 detached
        ugen0 detached
        uhidev0 at uhub0 port 1 configuration 1 interface 1 "Nitrokey Nitrokey 3" rev 2.10/1.07 addr 2
        uhidev0: iclass 3/0
        fido0 at uhidev0: input=64, output=64, feature=0
        ugen0 at uhub0 port 1 configuration 1 "Nitrokey Nitrokey 3" rev 2.10/1.07 addr 2
        nitrocli $ usbdevs | grep -e /dev/usb -e Nitrokey           
        Controller /dev/usb0:
        addr 02: 20a0:42b2 Nitrokey, Nitrokey 3
        nitrocli $ doas chmod 660 /dev/usb0 /dev/ugen0.* /dev/uhid0 
        nitrocli $ ls -l /dev/usb0 /dev/ugen0.* /dev/uhid0          
        crw-rw----  1 root  wheel  63,  0 Nov  6 12:11 /dev/ugen0.00
        crw-rw----  1 root  wheel  63,  1 Nov  9 13:37 /dev/ugen0.01
        crw-rw----  1 root  wheel  63,  2 Nov  9 13:31 /dev/ugen0.02
        crw-rw----  1 root  wheel  63,  3 Nov  6 12:11 /dev/ugen0.03
        crw-rw----  1 root  wheel  63,  4 Nov  6 12:11 /dev/ugen0.04
        crw-rw----  1 root  wheel  63,  5 Nov  6 12:11 /dev/ugen0.05
        crw-rw----  1 root  wheel  63,  6 Nov  6 12:11 /dev/ugen0.06
        crw-rw----  1 root  wheel  63,  7 Nov  6 12:11 /dev/ugen0.07
        crw-rw----  1 root  wheel  63,  8 Nov  6 12:11 /dev/ugen0.08
        crw-rw----  1 root  wheel  63,  9 Nov  6 12:11 /dev/ugen0.09
        crw-rw----  1 root  wheel  63, 10 Nov  6 12:11 /dev/ugen0.10
        crw-rw----  1 root  wheel  63, 11 Nov  6 12:11 /dev/ugen0.11
        crw-rw----  1 root  wheel  63, 12 Nov  6 12:11 /dev/ugen0.12
        crw-rw----  1 root  wheel  63, 13 Nov  6 12:11 /dev/ugen0.13
        crw-rw----  1 root  wheel  63, 14 Nov  6 12:11 /dev/ugen0.14
        crw-rw----  1 root  wheel  63, 15 Nov  6 12:11 /dev/ugen0.15
        crw-rw----  1 root  wheel  62,  0 Nov  6 12:11 /dev/uhid0
        crw-rw----  1 root  wheel  61,  0 Nov  6 12:11 /dev/usb0
        nitrocli $ nitrocli list

the list is blocked. I had waited for about 20 minutes before I give up.

I run -current/amd64

On Thu, 31 Oct 2024 19:32:00 +0100,
Rubén Llorente <porting@use.startmail.com> wrote:
> 
> [1  <text/plain; UTF-8 (7bit)>]
> Stuart Henderson wrote:
> 
> > pkg-readme has some issues,
> > 
> > - (minor) ==== underlines don't match up with the lines above
> 
> Solved
> 
> > - I worry that people won't read the wall of text and just try
> > to paste the chgrp/chmod directly. Better show something of a
> > worked example of how to find the device nodes. I don't have a
> > nitrokey but this is how it could be done for yubikey so this
> > could be adapted.
> 
> Solved
> 
> > I think there were some other concerns voiced about
> > 
> > "Beware this may allow the user unintended access to other hardware
> > associated to the same usb(4) controller, so do this with extreme
> > caution."
> > 
> > ... what is the user supposed to do?
> 
> Removed
> 
> > - modules.inc is for ports with go modules. this should use crates.inc.
> 
> Solved
> 
> > - what's up with this MY_REPLACE_CMD, MY_HEADER stuff? just put the
> > command in post-patch.
> > 
> 
> Feel free to propose a way to include the whole command without making
> the line extremely large.
> [2 nitrocli.tar.gz <application/gzip (base64)>]

-- 
wbr, Kirill