Bug 1155826 - Review Request: libu2f-host - Yubico Universal 2nd Factor (U2F) Host C Library
Summary: Review Request: libu2f-host - Yubico Universal 2nd Factor (U2F) Host C Library
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody's working on this, feel free to take it
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-10-22 23:29 UTC by Andy Lutomirski
Modified: 2015-11-13 01:52 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-11-12 23:28:59 UTC


Attachments (Terms of Use)
Self-review (9.17 KB, text/plain)
2014-10-22 23:29 UTC, Andy Lutomirski
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Bugzilla 1259460 None None None Never

Internal Links: 1259460

Description Andy Lutomirski 2014-10-22 23:29:24 UTC
Spec URL: http://web.mit.edu/luto/www/fedora/libu2f_host_0.0-1/libu2f-host.spec
SRPM URL: http://web.mit.edu/luto/www/fedora/libu2f_host_0.0-1/libu2f-host-0.0-1.fc20.src.rpm
Description: libu2f-host provides a C library that implements the host-side of the U2F protocol. There are APIs to talk to a U2F device and perform the U2F Register and U2F Authenticate operations.
Fedora Account System Username: amluto
Koji scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=7932309

NB: I split the command-line tool u2f-host into a subpackage.  I can imagine plenty of uses that don't need it.

Comment 1 Andy Lutomirski 2014-10-22 23:29:53 UTC
Created attachment 949602 [details]
Self-review

Comment 2 Andy Lutomirski 2014-10-27 15:16:45 UTC
I'm going to have to send a new version with a trivial update: libu2f-host needs a udev rule to work correctly as non-root, and I didn't include it in this version.  I post an update later today.

Comment 3 Andy Lutomirski 2014-10-27 17:56:24 UTC
Spec URL: http://web.mit.edu/luto/www/fedora/libu2f_host_0.0-2/libu2f-host.spec
SRPM URL: http://web.mit.edu/luto/www/fedora/libu2f_host_0.0-2/libu2f-host-0.0-2.fc20.src.rpm
Description: libu2f-host provides a C library that implements the host-side of the U2F protocol. There are APIs to talk to a U2F device and perform the U2F Register and U2F Authenticate operations.
Fedora Account System Username: amluto
Koji scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=7949379

Comment 4 Adam Goode 2014-10-29 01:08:21 UTC
I think you want to use the _udevrulesdir macro.

Comment 5 Andy Lutomirski 2014-10-29 01:29:50 UTC
Will do for -3.  Want a new version now or later?

FWIW, I'm hoping to get rid of that udev rule entirely.  I send a patch to systemd to handle U2F devices for real instead of trying to list all vendor/product combinations:

http://lists.freedesktop.org/archives/systemd-devel/2014-October/024667.html

If that patch is rejected, then I'll have to figure out what to with it.  In the mean time, the rules in here should be more or less good enough, and I'll update then as I learn about new devices.

Comment 6 Adam Goode 2014-10-29 01:32:04 UTC
No rush. Solving it in systemd is a nice solution.

Comment 7 Andy Lutomirski 2014-10-29 01:41:34 UTC
Spec URL: http://web.mit.edu/luto/www/fedora/libu2f_host_0.0-3/libu2f-host.spec
SRPM URL: http://web.mit.edu/luto/www/fedora/libu2f_host_0.0-3/libu2f-host-0.0-3.fc20.src.rpm

The only changes are a bump to -3, using _udevrulesdir, and the addition of a comment about the systemd patch.

Comment 8 Andy Lutomirski 2014-10-29 18:29:57 UTC
Adam, Patrick, are either of you planning on reviewing this?  The bug is still unassigned.

Comment 9 Finnbarr P. Murphy 2014-10-31 03:56:06 UTC
I downloaded and build the package on F21 Alpha.  Installed Google Chrome ver 38.0.2125.111 (64-bit).   Used Yubico FIDO U2K device for 2 factor user authentication.  All worked as expected. Good work!

Comment 10 Andy Lutomirski 2014-10-31 19:16:45 UTC
Spec URL: http://web.mit.edu/luto/www/fedora/libu2f_host_0.0-4/libu2f-host.spec
SRPM URL: http://web.mit.edu/luto/www/fedora/libu2f_host_0.0-4/libu2f-host-0.0-4.fc20.src.rpm
Koji scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=7994193

Updated for the Plug-up key.  Still waiting for a response from upstream systemd :-/

Comment 11 Andy Lutomirski 2014-10-31 19:47:12 UTC
This is now getting ridiculous.  When fixing the _udevrulesdir thing, I clearly failed to redo the mock build, and I was missing BR: systemd.  Sorry!

Spec URL: http://web.mit.edu/luto/www/fedora/libu2f_host_0.0-5/libu2f-host.spec
SRPM URL: http://web.mit.edu/luto/www/fedora/libu2f_host_0.0-5/libu2f-host-0.0-5.fc20.src.rpm
Koji scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=7994304

Comment 12 Till Maas 2015-01-27 09:19:38 UTC
There were several new releases:
https://developers.yubico.com/libu2f-host/Releases/

Comment 13 Till Maas 2015-02-11 10:30:25 UTC
some further remarks:
- COPYING should probably be marked as %license
- The manpage pattern should be: %{_mandir}/man1/u2f-host.1* - so it also works when the man page is not compressed at all

Comment 14 Andy Lutomirski 2015-02-14 00:28:11 UTC
I updated to the new version, make those changes, and dropped the udev rule.  I'll make another new package with a udev rule, since I think it should be separate.

Spec URL: http://web.mit.edu/luto/www/fedora/libu2f_host_0.0.4-1/libu2f-host.spec
SPRM URL: http://web.mit.edu/luto/www/fedora/libu2f_host_0.0.4-1/libu2f-host-0.0.4-1.fc21.src.rpm
Koji scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=8927516

Could one of you review this, please?

Comment 15 Till Maas 2015-06-05 07:06:14 UTC
Sorry, I did not noctice your update until now.

There are still some issues:
- The license of the library is actually LGPLv2+ only the command line tools are GPLv3+
- There is more documentation that is not included yet:
AUTHORS ChangeLog  NEWS  THANKS  doc/Mode_switch_YubiKey_NEO.adoc
- The LGPV2 license is currently missing in the upstream release (but it is in git), I opnened an upstream ticket for this: https://github.com/Yubico/libu2f-host/issues/20 - please mention this in the spec and include it once upstream makes a new release
- Upstream provides a GPG signature, therefore it could be checked in the SPEC file, for example like here:
http://pkgs.fedoraproject.org/cgit/youtube-dl.git/tree/youtube-dl.spec

Comment 16 Seth Jennings 2015-08-05 22:12:12 UTC
Andy, are you still interested in maintaining this?  If not, I can pick it up.

Comment 17 Andy Lutomirski 2015-08-05 22:26:46 UTC
Sure!  Or we could co-maintain.

I want to remove the udev policy from here in favor of:

https://github.com/amluto/u2f-hidraw-policy

Comment 18 Seth Jennings 2015-09-01 20:33:08 UTC
Now that my first package, yubioath-desktop, is fully complete and know the process and I'm coming back to this.

Based on Andy's previous submissions + changes to address Till's feedback in comment 15:
https://www.variantweb.net/pub/review/libu2f-host.spec
https://www.variantweb.net/pub/review/libu2f-host-1.0.0-1.fc22.src.rpm
http://koji.fedoraproject.org/koji/taskinfo?taskID=10917441

Feedback welcome!

Comment 19 Andy Lutomirski 2015-10-19 20:47:07 UTC
Seth, if you want to own this, can you close this bug and open a new one?  I think that's required for the semi-automatic review magic.

Comment 20 Andy Lutomirski 2015-10-19 21:40:41 UTC
I went ahead and submitted a review request for the hidraw part: bug 1273188

Comment 21 Baptiste Mille-Mathias 2015-10-26 20:07:59 UTC
Hi gents,

As it seems there is no review done yet on this package, perhaps you should ask some on the developers mailing-list?
I've quickly look at the packages, is there any reason the *.so file is provided by the -devel package ?
Looking forward to see this package be available on the repo :)

Comment 22 Seth Jennings 2015-10-26 20:24:15 UTC
Unversioned .so files belong in the -devel package per the guidelines (rpmlint complains).

Yes, this libu2f-host review and the libu2f-server review (1259460) both need some attention.  The packages are very similar.  A single reviewer could review them both.

Comment 23 Seth Jennings 2015-10-27 03:37:48 UTC
Closing this bug so review can proceed in another bug per Andy's request in comment 19.

Comment 24 Seth Jennings 2015-10-27 03:39:07 UTC
Actually, marking as a dup of the new bug is better.

*** This bug has been marked as a duplicate of bug 1275487 ***

Comment 25 Fedora Update System 2015-11-02 16:05:10 UTC
libu2f-host-1.0.0-3.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-f51a4a41c2

Comment 26 Fedora Update System 2015-11-02 16:06:01 UTC
libu2f-host-1.0.0-3.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-3edb5a0c25

Comment 27 Fedora Update System 2015-11-02 23:21:41 UTC
libu2f-host-1.0.0-3.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update libu2f-host'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-f51a4a41c2

Comment 28 Fedora Update System 2015-11-03 00:23:51 UTC
libu2f-host-1.0.0-3.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update libu2f-host'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-3edb5a0c25

Comment 29 Upstream Release Monitoring 2015-11-12 12:38:49 UTC
jjelen's scratch build of yubico-piv-tool?#f493f908260c8e3946798b6730c4e20e37b367fa for git://pkgs.fedoraproject.org/yubico-piv-tool?#f493f908260c8e3946798b6730c4e20e37b367fa and rawhide failed http://koji.fedoraproject.org/koji/taskinfo?taskID=11804105

Comment 30 Fedora Update System 2015-11-12 23:28:54 UTC
libu2f-host-1.0.0-3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 31 Fedora Update System 2015-11-13 01:52:30 UTC
libu2f-host-1.0.0-3.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.