Comments (8)
PIV specs also have a "pin_policy" which says if global or local pin can be be used and other things if SM is used:
line 424: unsigned int pin_policy; /* from discovery */
It is always used as priv->pin_policy
grep pin_policy src/libopensc/card-piv.c | wc
shows 21 uses of "pin_policy" in your branch.
You may want to use yk_pin_policy
to avoid confusion and point out it is only for Yubico.
from opensc.
We don't have the ressources to manage all possible sources of distribution. I don't know who pushed OpenSC to winget in the first place, but you should contact that author for an update. That should also be a good time to verify the package that's available there.
from opensc.
As discussed in #3077 (comment), @RufusJWB was the one initiating the push of the package to the winget repository, even though the adding was done by somebody else, but they do not look active anymore in the repository so short term, we should update the package there (I think anyone can do that and manual update does not look much complicated).
Regarding to the automation, again, if you are using this, you would be the best to work on that and we are happy to accept the contribution.
from opensc.
Thank you for the clarification.
Skimming through the integration part for GH actions, we could indeed submit "some" MSI from the release CI process to winget. However, that would NOT be the installer which is available through GH release downloads, because we are triggering the productive code signing of the installer manually in Signpath.io after the run is finished.
from opensc.
because we are triggering the productive code signing of the installer manually in Signpath.io after the run is finished.
If you would start the signing at Signpath.io from a manually triggered GitHub Action, the same action could later build the package and submit it to Microsoft. There is a documentation available, how to do this: https://github.com/microsoft/winget-create?tab=readme-ov-file#using-windows-package-manager-manifest-creator-in-a-cicd-pipeline
from opensc.
We trigger the signing directly in Signpath.io, download the new binary there and upload the new binary on GH releases.
FYI: microsoft/winget-pkgs#147910
from opensc.
Regarding the automation via GH releases, there is an open issue for this (microsoft/winget-pkgs#1515), which isn't officially solved. However, there is a third party GH app, which seems to implement this (https://github.com/marketplace/actions/winget-releaser) and alternatively, there are some repositories which implement this manually based on the winget tools (e.g. https://github.com/microsoft/PowerToys/blob/main/.github/workflows/package-submissions.yml).
All in all, those finding look promising, but I don't have much time for more investigation...
from opensc.
All in all, those finding look promising, but I don't have much time for more investigation...
I'd like to support, but I'm struggling to get the build actions working in my fork of this repo, and even if I'd get it working, I'd still not be able to sign and publish the release version. So I fear one of the maintainer needs to take this over. If I can anyhow support you, please let me know.
from opensc.
Related Issues (20)
- asymmetric key encryption in pkcs11 module does not work
- Use ccache to speed up CI builds
- Windows certificate caching in GIDS HOT 2
- OpenSC + Smartcard-HSM + secp521r1 + OpenSSH = signing failed for ECDSA "secp521r1": error in libcrypto HOT 12
- Unable to generate RSA key using piv-tool HOT 6
- OpenSC Minidriver with PIVApplet + ECC keys on Win11: error on slot 9c - public key does not match private key HOT 28
- MacOS S/MIME Outlook or Mail.app no certificates on Yubikey smartcard detected HOT 17
- OpenSC build for macOS M1 Pro HOT 10
- OpenSC 0.25.1 + SmartCard-HSM 3.6 + brainpoolP256t1 = `point is not on curve` HOT 3
- RSA padding in release 0.25.1 HOT 3
- French eID - reading HOT 1
- OpenSC Minidriver Does Not Display the Second Key Container of JPKI Card When certutil -scinfo Is Executed HOT 30
- Closing orphaned open sessions HOT 2
- Extend the tests with PivApplet to use piv-tool instead of yubico-piv-tool
- Understanding/Documentation of why after ssh-ing to a system the card readers dissapear. HOT 4
- Current master fails to build (problem with man pages?) HOT 10
- make compilation error: unresolved external symbol _EAC_init, _EAC_CTX_new and many other referenced in function _sc_hsm_init HOT 4
- Cannot export EC public key using pkcs11-tool HOT 6
- Gemalto IDPrime 940 no longer lists private key after renewal HOT 2
- Update SmartCardHSM Wiki Page for Pubkey Auth HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from opensc.