Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-pynitrokey for openSUSE:Factory checked in at 2025-05-08 18:21:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-pynitrokey (Old) and /work/SRC/openSUSE:Factory/.python-pynitrokey.new.30101 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-pynitrokey" Thu May 8 18:21:44 2025 rev:16 rq:1275318 version:0.8.3 Changes: -------- --- /work/SRC/openSUSE:Factory/python-pynitrokey/python-pynitrokey.changes 2025-03-31 11:41:15.259372618 +0200 +++ /work/SRC/openSUSE:Factory/.python-pynitrokey.new.30101/python-pynitrokey.changes 2025-05-08 18:22:15.485712705 +0200 @@ -1,0 +2,28 @@ +Wed May 7 15:42:38 UTC 2025 - Johannes Kastl <[email protected]> + +- update to 0.8.3: + This release changes the piv command to ignore unsupported + smartcards and fixes the build of the release binaries for Linux + and Windows. + Changelog + * Filter cards for NK3 ATR in PIV app by @mmerklinger in #642 + * Fix CI and release v0.8.3 by @robin-nitrokey in #646 + +------------------------------------------------------------------- +Wed May 7 05:04:22 UTC 2025 - Johannes Kastl <[email protected]> + +- update to 0.8.2: + This release improves handling of base32 strings in the nk3 + secrets subcommand, improves the PIV subcommand and adds support + for custom CAs to the nethsm subcommand. + Changelog + * Fix typo in delete_credential documentation string. by @uzb-dev + in #622 + * Piv cli improvements by @mmerklinger in #630 + * fix: append required base32 padding when handling unpadded otp + secrets by @deheisenbug in #639 + * fix: allow lowercase base32 secrets input by @deheisenbug in + #641 + * nethsm: Add --ca-certs option by @robin-nitrokey in #637 + +------------------------------------------------------------------- Old: ---- pynitrokey-0.8.1.tar.gz New: ---- pynitrokey-0.8.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-pynitrokey.spec ++++++ --- /var/tmp/diff_new_pack.IxCxIE/_old 2025-05-08 18:22:16.009733931 +0200 +++ /var/tmp/diff_new_pack.IxCxIE/_new 2025-05-08 18:22:16.013734093 +0200 @@ -18,7 +18,7 @@ %{?sle15_python_module_pythons} Name: python-pynitrokey -Version: 0.8.1 +Version: 0.8.3 Release: 0 Summary: Python Library for Nitrokey devices License: Apache-2.0 OR MIT @@ -37,7 +37,7 @@ BuildRequires: %{python_module fido2 >= 1.2.0 with %python-fido2 < 2} # https://github.com/Nitrokey/pynitrokey/issues/601 BuildRequires: %{python_module hidapi >= 0.14.0.post1 with %python-hidapi < 0.14.0.post4} -BuildRequires: %{python_module nethsm >= 1.3.0 with %python-nethsm < 2} +BuildRequires: %{python_module nethsm >= 1.4.0 with %python-nethsm < 2} BuildRequires: %{python_module nitrokey >= 0.3.1 with %python-nitrokey < 0.4} BuildRequires: %{python_module nkdfu} BuildRequires: %{python_module protobuf >= 3.17.3} @@ -67,7 +67,7 @@ Requires: (python-cryptography >= 41.0.4 with python-cryptography < 45) Requires: (python-fido2 >= 1.2.0 with python-fido2 < 2) Requires: (python-hidapi >= 0.14.0.post1 with python-hidapi < 0.14.0.post4) -Requires: (python-nethsm >= 1.3.0 with python-nethsm < 2) +Requires: (python-nethsm >= 1.4.0 with python-nethsm < 2) Requires: (python-nitrokey >= 0.3.1 with python-nitrokey < 0.4) Requires: (python-spsdk >= 2.0 with python-spsdk < 2.2) Requires(post): update-alternatives ++++++ pynitrokey-0.8.1.tar.gz -> pynitrokey-0.8.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/LICENSE-APACHE new/pynitrokey-0.8.3/LICENSE-APACHE --- old/pynitrokey-0.8.1/LICENSE-APACHE 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/LICENSE-APACHE 1970-01-01 01:00:00.000000000 +0100 @@ -1,201 +0,0 @@ -Apache License -Version 2.0, January 2004 -http://www.apache.org/licenses/ - -TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - -1. Definitions. - -"License" shall mean the terms and conditions for use, reproduction, -and distribution as defined by Sections 1 through 9 of this document. - -"Licensor" shall mean the copyright owner or entity authorized by -the copyright owner that is granting the License. - -"Legal Entity" shall mean the union of the acting entity and all -other entities that control, are controlled by, or are under common -control with that entity. For the purposes of this definition, -"control" means (i) the power, direct or indirect, to cause the -direction or management of such entity, whether by contract or -otherwise, or (ii) ownership of fifty percent (50%) or more of the -outstanding shares, or (iii) beneficial ownership of such entity. - -"You" (or "Your") shall mean an individual or Legal Entity -exercising permissions granted by this License. - -"Source" form shall mean the preferred form for making modifications, -including but not limited to software source code, documentation -source, and configuration files. - -"Object" form shall mean any form resulting from mechanical -transformation or translation of a Source form, including but -not limited to compiled object code, generated documentation, -and conversions to other media types. - -"Work" shall mean the work of authorship, whether in Source or -Object form, made available under the License, as indicated by a -copyright notice that is included in or attached to the work -(an example is provided in the Appendix below). - -"Derivative Works" shall mean any work, whether in Source or Object -form, that is based on (or derived from) the Work and for which the -editorial revisions, annotations, elaborations, or other modifications -represent, as a whole, an original work of authorship. For the purposes -of this License, Derivative Works shall not include works that remain -separable from, or merely link (or bind by name) to the interfaces of, -the Work and Derivative Works thereof. - -"Contribution" shall mean any work of authorship, including -the original version of the Work and any modifications or additions -to that Work or Derivative Works thereof, that is intentionally -submitted to Licensor for inclusion in the Work by the copyright owner -or by an individual or Legal Entity authorized to submit on behalf of -the copyright owner. For the purposes of this definition, "submitted" -means any form of electronic, verbal, or written communication sent -to the Licensor or its representatives, including but not limited to -communication on electronic mailing lists, source code control systems, -and issue tracking systems that are managed by, or on behalf of, the -Licensor for the purpose of discussing and improving the Work, but -excluding communication that is conspicuously marked or otherwise -designated in writing by the copyright owner as "Not a Contribution." - -"Contributor" shall mean Licensor and any individual or Legal Entity -on behalf of whom a Contribution has been received by Licensor and -subsequently incorporated within the Work. - -2. Grant of Copyright License. Subject to the terms and conditions of -this License, each Contributor hereby grants to You a perpetual, -worldwide, non-exclusive, no-charge, royalty-free, irrevocable -copyright license to reproduce, prepare Derivative Works of, -publicly display, publicly perform, sublicense, and distribute the -Work and such Derivative Works in Source or Object form. - -3. Grant of Patent License. Subject to the terms and conditions of -this License, each Contributor hereby grants to You a perpetual, -worldwide, non-exclusive, no-charge, royalty-free, irrevocable -(except as stated in this section) patent license to make, have made, -use, offer to sell, sell, import, and otherwise transfer the Work, -where such license applies only to those patent claims licensable -by such Contributor that are necessarily infringed by their -Contribution(s) alone or by combination of their Contribution(s) -with the Work to which such Contribution(s) was submitted. If You -institute patent litigation against any entity (including a -cross-claim or counterclaim in a lawsuit) alleging that the Work -or a Contribution incorporated within the Work constitutes direct -or contributory patent infringement, then any patent licenses -granted to You under this License for that Work shall terminate -as of the date such litigation is filed. - -4. Redistribution. You may reproduce and distribute copies of the -Work or Derivative Works thereof in any medium, with or without -modifications, and in Source or Object form, provided that You -meet the following conditions: - -(a) You must give any other recipients of the Work or -Derivative Works a copy of this License; and - -(b) You must cause any modified files to carry prominent notices -stating that You changed the files; and - -(c) You must retain, in the Source form of any Derivative Works -that You distribute, all copyright, patent, trademark, and -attribution notices from the Source form of the Work, -excluding those notices that do not pertain to any part of -the Derivative Works; and - -(d) If the Work includes a "NOTICE" text file as part of its -distribution, then any Derivative Works that You distribute must -include a readable copy of the attribution notices contained -within such NOTICE file, excluding those notices that do not -pertain to any part of the Derivative Works, in at least one -of the following places: within a NOTICE text file distributed -as part of the Derivative Works; within the Source form or -documentation, if provided along with the Derivative Works; or, -within a display generated by the Derivative Works, if and -wherever such third-party notices normally appear. The contents -of the NOTICE file are for informational purposes only and -do not modify the License. You may add Your own attribution -notices within Derivative Works that You distribute, alongside -or as an addendum to the NOTICE text from the Work, provided -that such additional attribution notices cannot be construed -as modifying the License. - -You may add Your own copyright statement to Your modifications and -may provide additional or different license terms and conditions -for use, reproduction, or distribution of Your modifications, or -for any such Derivative Works as a whole, provided Your use, -reproduction, and distribution of the Work otherwise complies with -the conditions stated in this License. - -5. Submission of Contributions. Unless You explicitly state otherwise, -any Contribution intentionally submitted for inclusion in the Work -by You to the Licensor shall be under the terms and conditions of -this License, without any additional terms or conditions. -Notwithstanding the above, nothing herein shall supersede or modify -the terms of any separate license agreement you may have executed -with Licensor regarding such Contributions. - -6. Trademarks. This License does not grant permission to use the trade -names, trademarks, service marks, or product names of the Licensor, -except as required for reasonable and customary use in describing the -origin of the Work and reproducing the content of the NOTICE file. - -7. Disclaimer of Warranty. Unless required by applicable law or -agreed to in writing, Licensor provides the Work (and each -Contributor provides its Contributions) on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -implied, including, without limitation, any warranties or conditions -of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A -PARTICULAR PURPOSE. You are solely responsible for determining the -appropriateness of using or redistributing the Work and assume any -risks associated with Your exercise of permissions under this License. - -8. Limitation of Liability. In no event and under no legal theory, -whether in tort (including negligence), contract, or otherwise, -unless required by applicable law (such as deliberate and grossly -negligent acts) or agreed to in writing, shall any Contributor be -liable to You for damages, including any direct, indirect, special, -incidental, or consequential damages of any character arising as a -result of this License or out of the use or inability to use the -Work (including but not limited to damages for loss of goodwill, -work stoppage, computer failure or malfunction, or any and all -other commercial damages or losses), even if such Contributor -has been advised of the possibility of such damages. - -9. Accepting Warranty or Additional Liability. While redistributing -the Work or Derivative Works thereof, You may choose to offer, -and charge a fee for, acceptance of support, warranty, indemnity, -or other liability obligations and/or rights consistent with this -License. However, in accepting such obligations, You may act only -on Your own behalf and on Your sole responsibility, not on behalf -of any other Contributor, and only if You agree to indemnify, -defend, and hold each Contributor harmless for any liability -incurred by, or claims asserted against, such Contributor by reason -of your accepting any such warranty or additional liability. - -END OF TERMS AND CONDITIONS - -APPENDIX: How to apply the Apache License to your work. - -To apply the Apache License to your work, attach the following -boilerplate notice, with the fields enclosed by brackets "[]" -replaced with your own identifying information. (Don't include -the brackets!) The text should be enclosed in the appropriate -comment syntax for the file format. We also recommend that a -file or class name and description of purpose be included on the -same "printed page" as the copyright notice for easier -identification within third-party archives. - -Copyright [yyyy] [name of copyright owner] - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/LICENSE-MIT new/pynitrokey-0.8.3/LICENSE-MIT --- old/pynitrokey-0.8.1/LICENSE-MIT 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/LICENSE-MIT 1970-01-01 01:00:00.000000000 +0100 @@ -1,23 +0,0 @@ -Permission is hereby granted, free of charge, to any -person obtaining a copy of this software and associated -documentation files (the "Software"), to deal in the -Software without restriction, including without -limitation the rights to use, copy, modify, merge, -publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software -is furnished to do so, subject to the following -conditions: - -The above copyright notice and this permission notice -shall be included in all copies or substantial portions -of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF -ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED -TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A -PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT -SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR -IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER -DEALINGS IN THE SOFTWARE. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/PKG-INFO new/pynitrokey-0.8.3/PKG-INFO --- old/pynitrokey-0.8.1/PKG-INFO 1970-01-01 01:00:00.000000000 +0100 +++ new/pynitrokey-0.8.3/PKG-INFO 1970-01-01 01:00:00.000000000 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 2.4 Name: pynitrokey -Version: 0.8.1 +Version: 0.8.3 Summary: Python Library for Nitrokey devices. Author-email: Nitrokey <[email protected]> Requires-Python: >=3.9 @@ -15,8 +15,6 @@ Classifier: Programming Language :: Python :: 3.11 Classifier: Programming Language :: Python :: 3.12 Classifier: Programming Language :: Python :: 3.13 -License-File: LICENSE-APACHE -License-File: LICENSE-MIT Requires-Dist: cffi Requires-Dist: click >=8.1.6, <9 Requires-Dist: cryptography >=43,<45 @@ -33,7 +31,7 @@ Requires-Dist: tlv8 Requires-Dist: click-aliases >=1.0.5, <2 Requires-Dist: semver -Requires-Dist: nethsm >=1.3.0, <2 +Requires-Dist: nethsm >=1.4.0, <2 Requires-Dist: black >=22.1.0,<23 ; extra == "dev" Requires-Dist: flake8 ; extra == "dev" Requires-Dist: flit >=3.2,<4 ; extra == "dev" @@ -53,6 +51,11 @@ Provides-Extra: dev Provides-Extra: pcsc +<!-- +Copyright Nitrokey GmbH +SPDX-License-Identifier: Apache-2.0 OR MIT +--> + # pynitrokey A command line interface for the Nitrokey FIDO2, Nitrokey Start, Nitrokey 3 and NetHSM. @@ -121,11 +124,18 @@ ## License -Licensed similarly to upstream, under either of +pynitrokey is licensed under either of -- Apache License, Version 2.0 ([LICENSE-APACHE](LICENSE-APACHE) or +- Apache License, Version 2.0 ([LICENSE-APACHE](./LICENSES/Apache-2.0.txt) or http://www.apache.org/licenses/LICENSE-2.0) -- MIT license ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT) +- MIT license ([LICENSE-MIT](./LICENSES/MIT.txt) or http://opensource.org/licenses/MIT) at your option. +pynitrokey also contains code originating from these projects: +- [gnuk](https://salsa.debian.org/gnuk-team/gnuk/gnuk) by NIIBE Yutaka, [GPL-3.0-or-later](./LICENSES/GPL-3.0-or-later.txt) +- [libnitrokey](https://github.com/Nitrokey/libnitrokey) by Nitrokey GmbH, [LGPL-3.0-only](./LICENSES/LGPL-3.0-only.txt) +- [solo1-cli](https://github.com/solokeys/solo1-cli) by SoloKeys Developers, [Apache-2.0](./LICENSES/Apache-2.0.txt) or [MIT](./LICENSES/MIT) + +For more information, see the SDPX license headers in each file. + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/README.md new/pynitrokey-0.8.3/README.md --- old/pynitrokey-0.8.1/README.md 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/README.md 2025-05-06 16:06:04.000000000 +0200 @@ -1,3 +1,8 @@ +<!-- +Copyright Nitrokey GmbH +SPDX-License-Identifier: Apache-2.0 OR MIT +--> + # pynitrokey A command line interface for the Nitrokey FIDO2, Nitrokey Start, Nitrokey 3 and NetHSM. @@ -66,10 +71,17 @@ ## License -Licensed similarly to upstream, under either of +pynitrokey is licensed under either of -- Apache License, Version 2.0 ([LICENSE-APACHE](LICENSE-APACHE) or +- Apache License, Version 2.0 ([LICENSE-APACHE](./LICENSES/Apache-2.0.txt) or http://www.apache.org/licenses/LICENSE-2.0) -- MIT license ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT) +- MIT license ([LICENSE-MIT](./LICENSES/MIT.txt) or http://opensource.org/licenses/MIT) at your option. + +pynitrokey also contains code originating from these projects: +- [gnuk](https://salsa.debian.org/gnuk-team/gnuk/gnuk) by NIIBE Yutaka, [GPL-3.0-or-later](./LICENSES/GPL-3.0-or-later.txt) +- [libnitrokey](https://github.com/Nitrokey/libnitrokey) by Nitrokey GmbH, [LGPL-3.0-only](./LICENSES/LGPL-3.0-only.txt) +- [solo1-cli](https://github.com/solokeys/solo1-cli) by SoloKeys Developers, [Apache-2.0](./LICENSES/Apache-2.0.txt) or [MIT](./LICENSES/MIT) + +For more information, see the SDPX license headers in each file. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/VERSION new/pynitrokey-0.8.3/pynitrokey/VERSION --- old/pynitrokey-0.8.1/pynitrokey/VERSION 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/VERSION 2025-05-06 16:06:04.000000000 +0200 @@ -1 +1 @@ -0.8.1 +0.8.3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/VERSION.license new/pynitrokey-0.8.3/pynitrokey/VERSION.license --- old/pynitrokey-0.8.1/pynitrokey/VERSION.license 1970-01-01 01:00:00.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/VERSION.license 2025-05-06 16:06:04.000000000 +0200 @@ -0,0 +1,2 @@ +Copyright Nitrokey GmbH +SPDX-License-Identifier: Apache-2.0 OR MIT diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/__init__.py new/pynitrokey-0.8.3/pynitrokey/__init__.py --- old/pynitrokey-0.8.1/pynitrokey/__init__.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/__init__.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,12 +1,6 @@ -# -*- coding: utf-8 -*- -# # Copyright 2019 SoloKeys Developers -# -# Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or -# http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or -# http://opensource.org/licenses/MIT>, at your option. This file may not be -# copied, modified, or distributed except according to those terms. -# +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT """Python Library for Nitrokey devices.""" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/cli/__init__.py new/pynitrokey-0.8.3/pynitrokey/cli/__init__.py --- old/pynitrokey-0.8.1/pynitrokey/cli/__init__.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/cli/__init__.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,12 +1,6 @@ -# -*- coding: utf-8 -*- -# # Copyright 2019 SoloKeys Developers -# Copyright 2022 Nitrokey Developers -# -# Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or -# http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or -# http://opensource.org/licenses/MIT>, at your option. This file may not be -# copied, modified, or distributed except according to those terms. +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT import logging import os diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/cli/exceptions.py new/pynitrokey-0.8.3/pynitrokey/cli/exceptions.py --- old/pynitrokey-0.8.1/pynitrokey/cli/exceptions.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/cli/exceptions.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,11 +1,5 @@ -# -*- coding: utf-8 -*- -# -# Copyright 2022 Nitrokey Developers -# -# Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or -# http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or -# http://opensource.org/licenses/MIT>, at your option. This file may not be -# copied, modified, or distributed except according to those terms. +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT from typing import Any diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/cli/fido2.py new/pynitrokey-0.8.3/pynitrokey/cli/fido2.py --- old/pynitrokey-0.8.1/pynitrokey/cli/fido2.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/cli/fido2.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,11 +1,6 @@ -# -*- coding: utf-8 -*- -# # Copyright 2019 SoloKeys Developers -# -# Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or -# http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or -# http://opensource.org/licenses/MIT>, at your option. This file may not be -# copied, modified, or distributed except according to those terms. +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT import hashlib import secrets @@ -353,9 +348,7 @@ help="Serial number of Nitrokey to use. Prefix with 'device=' to provide device file, e.g. 'device=/dev/hidraw5'.", ) @click.option("--pin", help="provide PIN instead of asking the user", default=None) [email protected]( - "-cid", "--cred-id", help="Credential id of there Credential to be deleted" -) [email protected]("-cid", "--cred-id", help="Credential id of the Credential to be deleted") def delete_credential(serial: str, pin: str, cred_id: str) -> None: """Delete a specific credential from the key""" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/cli/monitor.py new/pynitrokey-0.8.3/pynitrokey/cli/monitor.py --- old/pynitrokey-0.8.1/pynitrokey/cli/monitor.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/cli/monitor.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,12 +1,6 @@ -# -*- coding: utf-8 -*- -# # Copyright 2019 SoloKeys Developers -# -# Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or -# http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or -# http://opensource.org/licenses/MIT>, at your option. This file may not be -# copied, modified, or distributed except according to those terms. - +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT import sys import time diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/cli/nethsm.py new/pynitrokey-0.8.3/pynitrokey/cli/nethsm.py --- old/pynitrokey-0.8.1/pynitrokey/cli/nethsm.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/cli/nethsm.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,11 +1,5 @@ -# -*- coding: utf-8 -*- -# -# Copyright 2021 Nitrokey Developers -# -# Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or -# http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or -# http://opensource.org/licenses/MIT>, at your option. This file may not be -# copied, modified, or distributed except according to those terms. +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT import base64 import contextlib @@ -90,6 +84,7 @@ username: Optional[str] password: Optional[str] verify_tls: bool + ca_certs: Optional[str] @click.group() @@ -101,6 +96,10 @@ default=True, help="Whether to verify the TLS certificate of the NetHSM", ) [email protected]( + "--ca-certs", + help="Path to the CA certs to use for the TLS verification", +) @click.pass_context def nethsm( ctx: Context, @@ -108,11 +107,16 @@ username: Optional[str], password: Optional[str], verify_tls: bool, + ca_certs: Optional[str], ) -> None: """Interact with NetHSM devices, see subcommands.""" ctx.obj = Config( - host=host, username=username, password=password, verify_tls=verify_tls + host=host, + username=username, + password=password, + verify_tls=verify_tls, + ca_certs=ca_certs, ) @@ -145,20 +149,24 @@ ) auth = Authentication(username=username, password=password) - with nethsm_sdk.connect(host, auth=auth, verify_tls=config.verify_tls) as nethsm: - try: - yield nethsm - except nethsm_sdk.NetHSMError as e: - raise click.ClickException(f"NetHSM request failed: {e}") - except nethsm_sdk.NetHSMRequestError as e: - if e.type == nethsm_sdk.RequestErrorType.SSL_ERROR: - raise click.ClickException( - f"Could not connect to the NetHSM: {e.reason}\nIf you use a self-signed certificate, please set the --no-verify-tls option." - ) - else: - raise click.ClickException( - f"Cound not connect to the NetHSM: {e.reason}\nIs the NetHSM running and reachable?" - ) + nethsm = NetHSM( + host, auth=auth, verify_tls=config.verify_tls, ca_certs=config.ca_certs + ) + try: + yield nethsm + except nethsm_sdk.NetHSMError as e: + raise click.ClickException(f"NetHSM request failed: {e}") + except nethsm_sdk.NetHSMRequestError as e: + if e.type == nethsm_sdk.RequestErrorType.SSL_ERROR: + raise click.ClickException( + f"Could not connect to the NetHSM: {e.reason}\nIf you use a self-signed certificate, please set the --no-verify-tls option." + ) + else: + raise click.ClickException( + f"Cound not connect to the NetHSM: {e.reason}\nIs the NetHSM running and reachable?" + ) + finally: + nethsm.close() @nethsm.command() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/cli/nk3/__init__.py new/pynitrokey-0.8.3/pynitrokey/cli/nk3/__init__.py --- old/pynitrokey-0.8.1/pynitrokey/cli/nk3/__init__.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/cli/nk3/__init__.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,11 +1,5 @@ -# -*- coding: utf-8 -*- -# -# Copyright 2021-2022 Nitrokey Developers -# -# Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or -# http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or -# http://opensource.org/licenses/MIT>, at your option. This file may not be -# copied, modified, or distributed except according to those terms. +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT import sys from typing import Optional, Sequence diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/cli/nk3/pcsc_absent.py new/pynitrokey-0.8.3/pynitrokey/cli/nk3/pcsc_absent.py --- old/pynitrokey-0.8.1/pynitrokey/cli/nk3/pcsc_absent.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/cli/nk3/pcsc_absent.py 2025-05-06 16:06:04.000000000 +0200 @@ -1 +1,4 @@ +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT + PCSC_ABSENT = "This command requires the pyscard library that is not available on your system. Please consult https://docs.nitrokey.com/nitrokeys/nitrokey3/troubleshooting#pyscard-is-not-available for more information" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/cli/nk3/piv.py new/pynitrokey-0.8.3/pynitrokey/cli/nk3/piv.py --- old/pynitrokey-0.8.1/pynitrokey/cli/nk3/piv.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/cli/nk3/piv.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,6 +1,9 @@ +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT + import datetime import sys -from typing import Optional, Sequence, Tuple, Union +from typing import Any, Iterable, Optional, Sequence, Tuple, Union import click import cryptography @@ -118,6 +121,26 @@ return self._device.sign_p256(data, self._key_reference) + def print_row(values: Iterable[str], widths: Iterable[int]) -> None: + row = [value.ljust(width) for (value, width) in zip(values, widths)] + print(*row, sep="\t") + + def print_table(headers: Sequence[str], data: Iterable[Sequence[Any]]) -> None: + widths = [len(header) for header in headers] + str_data = [] + for row in data: + str_row = [] + for i in range(len(widths)): + str_value = str(row[i]) + str_row.append(str_value) + widths[i] = max(widths[i], len(str_value)) + str_data.append(str_row) + + print_row(headers, widths) + print_row(["-" * width for width in widths], widths) + for row in str_data: + print_row(row, widths) + @nk3.group() @click.option( "--experimental", @@ -180,22 +203,6 @@ guid = device.guid() local_print(f"GUID: {guid.hex().upper()}") - printed_head = False - for key, slot in KEY_TO_CERT_OBJ_ID_MAP.items(): - cert = device.cert(bytes(bytearray.fromhex(slot))) - if cert is not None: - if not printed_head: - local_print("Keys:") - printed_head = True - parsed_cert = x509.load_der_x509_certificate(cert) - local_print(f" {key}") - local_print( - f" algorithm: {parsed_cert.signature_algorithm_oid._name}" - ) - if not printed_head: - local_print("No certificate found") - pass - @piv.command(help="Change the admin key.") @click.option( "--current-admin-key", @@ -321,6 +328,18 @@ "95": "5FC120", } + def _validate_rfc4514( + ctx: click.core.Context, param: click.core.Option, value: str + ) -> Optional[x509.Name]: + if value is None: + return value + + try: + subject_name = x509.Name.from_rfc4514_string(value) + return subject_name + except ValueError: + raise click.BadParameter("Must be valid RFC4514 string.") + @piv.command(help="Generate a new key and certificate signing request.") @click.option( "--admin-key", @@ -369,15 +388,9 @@ help="Algorithm for the key.", ) @click.option( - "--domain-component", - type=click.STRING, - multiple=True, - help="Domain component for the certificate signing request.", - ) - @click.option( "--subject-name", type=click.STRING, - multiple=True, + callback=_validate_rfc4514, help="Subject name for the certificate signing request.", ) @click.option( @@ -402,8 +415,7 @@ admin_key: str, key: str, algo: str, - domain_component: Optional[Sequence[str]], - subject_name: Optional[Sequence[str]], + subject_name: Optional[x509.Name], subject_alt_name_upn: Optional[str], pin: str, path: str, @@ -475,28 +487,10 @@ certificate_builder = x509.CertificateBuilder() csr_builder = x509.CertificateSigningRequestBuilder() - if domain_component is None: - domain_component = [] - if subject_name is None: crypto_rdns = x509.Name([]) else: - crypto_rdns = x509.Name( - [ - x509.RelativeDistinguishedName( - [ - x509.NameAttribute(x509.NameOID.DOMAIN_COMPONENT, subject) - for subject in domain_component - ] - ), - x509.RelativeDistinguishedName( - [ - x509.NameAttribute(x509.NameOID.COMMON_NAME, subject) - for subject in subject_name - ] - ), - ] - ) + crypto_rdns = subject_name certificate_builder = ( certificate_builder.subject_name(crypto_rdns) @@ -781,6 +775,30 @@ with click.open_file(path, mode="wb") as f: f.write(cert_serialized) + @piv.command(help="List certificates.") + def list_certificates() -> None: + device = PivApp() + + headers = ["Slot", "Algorithm", "Subject"] + data = [] + + for key, slot in KEY_TO_CERT_OBJ_ID_MAP.items(): + cert = device.cert(bytes(bytearray.fromhex(slot))) + if cert is not None: + parsed_cert = x509.load_der_x509_certificate(cert) + data.append( + [ + key, + parsed_cert.signature_algorithm_oid._name, + parsed_cert.subject.rfc4514_string(), + ] + ) + + if data: + print_table(headers, data) + else: + local_print("No certificate found.") + except ImportError: from pynitrokey.cli.nk3.pcsc_absent import PCSC_ABSENT diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/cli/nk3/secrets.py new/pynitrokey-0.8.3/pynitrokey/cli/nk3/secrets.py --- old/pynitrokey-0.8.1/pynitrokey/cli/nk3/secrets.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/cli/nk3/secrets.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,3 +1,6 @@ +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT + import csv import io import json @@ -18,7 +21,7 @@ ) from pynitrokey.cli.nk3 import Context, nk3 -from pynitrokey.helpers import AskUser, local_critical, local_print +from pynitrokey.helpers import AskUser, b32padding, local_critical, local_print @nk3.group(cls=ClickAliasedGroup) @@ -245,7 +248,7 @@ raise click.ClickException("Please provide secret for the OTP to work") digits = int(digits_str) - secret_bytes = b32decode(secret) + secret_bytes = b32decode(b32padding(secret), casefold=True) hash_algorithm = ALGORITHM_TO_KIND[hash.upper()] with ctx.connect_device() as device: @@ -358,7 +361,7 @@ def add_challenge_response(ctx: Context, slot: str, secret: str) -> None: """Register Challenge-Response credential.""" - secret_bytes = b32decode(secret) + secret_bytes = b32decode(b32padding(secret), casefold=True) sl = len(secret_bytes) if sl != 20: local_critical(f"Secret has to be exactly 20 bytes in length (got {sl})") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/cli/nk3/update.py new/pynitrokey-0.8.3/pynitrokey/cli/nk3/update.py --- old/pynitrokey-0.8.1/pynitrokey/cli/nk3/update.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/cli/nk3/update.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,11 +1,5 @@ -# -*- coding: utf-8 -*- -# -# Copyright 2021-2022 Nitrokey Developers -# -# Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or -# http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or -# http://opensource.org/licenses/MIT>, at your option. This file may not be -# copied, modified, or distributed except according to those terms. +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT import logging from collections.abc import Set diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/cli/nkfido2.py new/pynitrokey-0.8.3/pynitrokey/cli/nkfido2.py --- old/pynitrokey-0.8.1/pynitrokey/cli/nkfido2.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/cli/nkfido2.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,11 +1,6 @@ -# -*- coding: utf-8 -*- -# # Copyright 2019 SoloKeys Developers -# -# Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or -# http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or -# http://opensource.org/licenses/MIT>, at your option. This file may not be -# copied, modified, or distributed except according to those terms. +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT import json import os diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/cli/nkpk.py new/pynitrokey-0.8.3/pynitrokey/cli/nkpk.py --- old/pynitrokey-0.8.1/pynitrokey/cli/nkpk.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/cli/nkpk.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,11 +1,5 @@ -# -*- coding: utf-8 -*- -# -# Copyright 2024 Nitrokey Developers -# -# Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or -# http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or -# http://opensource.org/licenses/MIT>, at your option. This file may not be -# copied, modified, or distributed except according to those terms. +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT from typing import Optional, Sequence diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/cli/pro.py new/pynitrokey-0.8.3/pynitrokey/cli/pro.py --- old/pynitrokey-0.8.1/pynitrokey/cli/pro.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/cli/pro.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,3 +1,6 @@ +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT + import platform import sys diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/cli/program.py new/pynitrokey-0.8.3/pynitrokey/cli/program.py --- old/pynitrokey-0.8.1/pynitrokey/cli/program.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/cli/program.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,11 +1,6 @@ -# -*- coding: utf-8 -*- -# # Copyright 2019 SoloKeys Developers -# -# Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or -# http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or -# http://opensource.org/licenses/MIT>, at your option. This file may not be -# copied, modified, or distributed except according to those terms. +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT import time diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/cli/start.py new/pynitrokey-0.8.3/pynitrokey/cli/start.py --- old/pynitrokey-0.8.1/pynitrokey/cli/start.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/cli/start.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,11 +1,5 @@ -# -*- coding: utf-8 -*- -# -# Copyright 2020 Nitrokey Developers -# -# Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or -# http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or -# http://opensource.org/licenses/MIT>, at your option. This file may not be -# copied, modified, or distributed except according to those terms. +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT from subprocess import check_output diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/cli/storage.py new/pynitrokey-0.8.3/pynitrokey/cli/storage.py --- old/pynitrokey-0.8.1/pynitrokey/cli/storage.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/cli/storage.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,11 +1,6 @@ -# -*- coding: utf-8 -*- -# -# Copyright 2020 Nitrokey Developers -# -# Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or -# http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or -# http://opensource.org/licenses/MIT>, at your option. This file may not be -# copied, modified, or distributed except according to those terms. +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT + import logging import platform import string diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/cli/trussed/__init__.py new/pynitrokey-0.8.3/pynitrokey/cli/trussed/__init__.py --- old/pynitrokey-0.8.1/pynitrokey/cli/trussed/__init__.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/cli/trussed/__init__.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,11 +1,5 @@ -# -*- coding: utf-8 -*- -# -# Copyright 2021-2024 Nitrokey Developers -# -# Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or -# http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or -# http://opensource.org/licenses/MIT>, at your option. This file may not be -# copied, modified, or distributed except according to those terms. +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT import logging import os.path diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/cli/trussed/test.py new/pynitrokey-0.8.3/pynitrokey/cli/trussed/test.py --- old/pynitrokey-0.8.1/pynitrokey/cli/trussed/test.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/cli/trussed/test.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,11 +1,5 @@ -# -*- coding: utf-8 -*- -# -# Copyright 2021-2024 Nitrokey Developers -# -# Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or -# http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or -# http://opensource.org/licenses/MIT>, at your option. This file may not be -# copied, modified, or distributed except according to those terms. +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT import logging import platform diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/cli/trussed/tests.py new/pynitrokey-0.8.3/pynitrokey/cli/trussed/tests.py --- old/pynitrokey-0.8.1/pynitrokey/cli/trussed/tests.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/cli/trussed/tests.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,12 +1,5 @@ -# -*- coding: utf-8 -*- -# -# Copyright 2018 Yubico AB -# Copyright 2021 Nitrokey Developers -# -# Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or -# http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or -# http://opensource.org/licenses/MIT>, at your option. This file may not be -# copied, modified, or distributed except according to those terms. +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT import logging from hashlib import sha256 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/cli/update.py new/pynitrokey-0.8.3/pynitrokey/cli/update.py --- old/pynitrokey-0.8.1/pynitrokey/cli/update.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/cli/update.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,11 +1,6 @@ -# -*- coding: utf-8 -*- -# # Copyright 2019 SoloKeys Developers -# -# Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or -# http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or -# http://opensource.org/licenses/MIT>, at your option. This file may not be -# copied, modified, or distributed except according to those terms. +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT import json import logging diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/confconsts.py new/pynitrokey-0.8.3/pynitrokey/confconsts.py --- old/pynitrokey-0.8.1/pynitrokey/confconsts.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/confconsts.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,3 +1,6 @@ +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT + import logging import os import tempfile diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/conftest.py new/pynitrokey-0.8.3/pynitrokey/conftest.py --- old/pynitrokey-0.8.1/pynitrokey/conftest.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/conftest.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,3 +1,6 @@ +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT + import copy import logging import pathlib diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/exceptions.py new/pynitrokey-0.8.3/pynitrokey/exceptions.py --- old/pynitrokey-0.8.1/pynitrokey/exceptions.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/exceptions.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,11 +1,6 @@ -# -*- coding: utf-8 -*- -# # Copyright 2019 SoloKeys Developers -# -# Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or -# http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or -# http://opensource.org/licenses/MIT>, at your option. This file may not be -# copied, modified, or distributed except according to those terms. +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT class BasePyNKException(Exception): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/fido2/__init__.py new/pynitrokey-0.8.3/pynitrokey/fido2/__init__.py --- old/pynitrokey-0.8.1/pynitrokey/fido2/__init__.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/fido2/__init__.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,3 +1,6 @@ +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT + import sys import time from typing import List, Optional, Union diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/fido2/client.py new/pynitrokey-0.8.3/pynitrokey/fido2/client.py --- old/pynitrokey-0.8.1/pynitrokey/fido2/client.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/fido2/client.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,11 +1,6 @@ -# -*- coding: utf-8 -*- -# # Copyright 2019 SoloKeys Developers -# -# Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or -# http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or -# http://opensource.org/licenses/MIT>, at your option. This file may not be -# copied, modified, or distributed except according to those terms. +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT import base64 import json diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/fido2/commands.py new/pynitrokey-0.8.3/pynitrokey/fido2/commands.py --- old/pynitrokey-0.8.1/pynitrokey/fido2/commands.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/fido2/commands.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,11 +1,6 @@ -# -*- coding: utf-8 -*- -# # Copyright 2019 SoloKeys Developers -# -# Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or -# http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or -# http://opensource.org/licenses/MIT>, at your option. This file may not be -# copied, modified, or distributed except according to those terms. +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT class SoloExtension: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/fido2/operations.py new/pynitrokey-0.8.3/pynitrokey/fido2/operations.py --- old/pynitrokey-0.8.1/pynitrokey/fido2/operations.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/fido2/operations.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,11 +1,6 @@ -# -*- coding: utf-8 -*- -# # Copyright 2019 SoloKeys Developers -# -# Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or -# http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or -# http://opensource.org/licenses/MIT>, at your option. This file may not be -# copied, modified, or distributed except according to those terms. +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT import binascii import struct diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/helpers.py new/pynitrokey-0.8.3/pynitrokey/helpers.py --- old/pynitrokey-0.8.1/pynitrokey/helpers.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/helpers.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,11 +1,6 @@ -# -*- coding: utf-8 -*- -# # Copyright 2019 SoloKeys Developers -# -# Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or -# http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or -# http://opensource.org/licenses/MIT>, at your option. This file may not be -# copied, modified, or distributed except according to those terms. +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT import ctypes import functools @@ -90,6 +85,19 @@ return data + "=="[: (3 * len(data)) % 4] +def b32padding(data: str) -> str: + """Helper function to pad base32 strings correctly, as some services + provide OTP secrets as base32 strings without the necessary padding + + `s`: `str` base32 input string + + Returns: + `str`: string padded to full base32 character blocks + """ + padding_needed = 8 - (len(data) % 8) + return data + (padding_needed * "=") + + class ProgressBar: """ Helper class for progress bars where the total length of the progress bar diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/libnk.py new/pynitrokey-0.8.3/pynitrokey/libnk.py --- old/pynitrokey-0.8.1/pynitrokey/libnk.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/libnk.py 2025-05-06 16:06:04.000000000 +0200 @@ -17,7 +17,7 @@ You should have received a copy of the GNU Lesser General Public License along with libnitrokey. If not, see <http://www.gnu.org/licenses/>. -SPDX-License-Identifier: LGPL-3.0 +SPDX-License-Identifier: LGPL-3.0-only """ import os import sys diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/nk3/piv_app.py new/pynitrokey-0.8.3/pynitrokey/nk3/piv_app.py --- old/pynitrokey-0.8.1/pynitrokey/nk3/piv_app.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/nk3/piv_app.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,3 +1,6 @@ +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT + import logging import os from typing import Any, Callable, Optional, Sequence, Union @@ -55,12 +58,17 @@ readers = smartcard.System.readers() chosen_connection: Optional[CardConnection] = None for r in readers: - print(r) connection = r.createConnection() try: connection.connect() except NoCardException: continue + + expected_atr = list(bytes.fromhex("3b8f01805d4e6974726f6b657900000000006a")) + if not expected_atr == connection.getATR(): + continue + print(r) + select = [ 0x00, 0xA4, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/nk_headers/NK_C_API__3.4.0.h new/pynitrokey-0.8.3/pynitrokey/nk_headers/NK_C_API__3.4.0.h --- old/pynitrokey-0.8.1/pynitrokey/nk_headers/NK_C_API__3.4.0.h 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/nk_headers/NK_C_API__3.4.0.h 2025-05-06 16:06:04.000000000 +0200 @@ -16,7 +16,7 @@ * You should have received a copy of the GNU Lesser General Public License * along with libnitrokey. If not, see <http://www.gnu.org/licenses/>. * - * SPDX-License-Identifier: LGPL-3.0 + * SPDX-License-Identifier: LGPL-3.0-only */ #ifndef LIBNITROKEY_NK_C_API_H diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/nk_headers/NK_C_API__3.4.1.h new/pynitrokey-0.8.3/pynitrokey/nk_headers/NK_C_API__3.4.1.h --- old/pynitrokey-0.8.1/pynitrokey/nk_headers/NK_C_API__3.4.1.h 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/nk_headers/NK_C_API__3.4.1.h 2025-05-06 16:06:04.000000000 +0200 @@ -16,7 +16,7 @@ * You should have received a copy of the GNU Lesser General Public License * along with libnitrokey. If not, see <http://www.gnu.org/licenses/>. * - * SPDX-License-Identifier: LGPL-3.0 + * SPDX-License-Identifier: LGPL-3.0-only */ #ifndef LIBNITROKEY_NK_C_API_H diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/nk_headers/NK_C_API__3.5.0.h new/pynitrokey-0.8.3/pynitrokey/nk_headers/NK_C_API__3.5.0.h --- old/pynitrokey-0.8.1/pynitrokey/nk_headers/NK_C_API__3.5.0.h 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/nk_headers/NK_C_API__3.5.0.h 2025-05-06 16:06:04.000000000 +0200 @@ -16,7 +16,7 @@ * You should have received a copy of the GNU Lesser General Public License * along with libnitrokey. If not, see <http://www.gnu.org/licenses/>. * - * SPDX-License-Identifier: LGPL-3.0 + * SPDX-License-Identifier: LGPL-3.0-only */ #ifndef LIBNITROKEY_NK_C_API_H diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/nk_headers/NK_C_API__3.6.0.h new/pynitrokey-0.8.3/pynitrokey/nk_headers/NK_C_API__3.6.0.h --- old/pynitrokey-0.8.1/pynitrokey/nk_headers/NK_C_API__3.6.0.h 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/nk_headers/NK_C_API__3.6.0.h 2025-05-06 16:06:04.000000000 +0200 @@ -16,7 +16,7 @@ * You should have received a copy of the GNU Lesser General Public License * along with libnitrokey. If not, see <http://www.gnu.org/licenses/>. * - * SPDX-License-Identifier: LGPL-3.0 + * SPDX-License-Identifier: LGPL-3.0-only */ #ifndef LIBNITROKEY_NK_C_API_H diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/start/__init__.py new/pynitrokey-0.8.3/pynitrokey/start/__init__.py --- old/pynitrokey-0.8.1/pynitrokey/start/__init__.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/start/__init__.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,2 +1,2 @@ - - +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/start/gnuk_token.py new/pynitrokey-0.8.3/pynitrokey/start/gnuk_token.py --- old/pynitrokey-0.8.1/pynitrokey/start/gnuk_token.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/start/gnuk_token.py 2025-05-06 16:06:04.000000000 +0200 @@ -19,6 +19,8 @@ You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. + +SPDX-License-Identifier: GPL-3.0-or-later """ import binascii import logging diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/start/kdf_calc.py new/pynitrokey-0.8.3/pynitrokey/start/kdf_calc.py --- old/pynitrokey-0.8.1/pynitrokey/start/kdf_calc.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/start/kdf_calc.py 2025-05-06 16:06:04.000000000 +0200 @@ -18,6 +18,8 @@ You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. + +SPDX-License-Identifier: GPL-3.0-or-later """ from cffi import FFI diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/start/rsa.py new/pynitrokey-0.8.3/pynitrokey/start/rsa.py --- old/pynitrokey-0.8.1/pynitrokey/start/rsa.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/start/rsa.py 2025-05-06 16:06:04.000000000 +0200 @@ -19,6 +19,8 @@ You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. + +SPDX-License-Identifier: GPL-3.0-or-later """ from binascii import hexlify, unhexlify diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/start/rsa_pub_key.py new/pynitrokey-0.8.3/pynitrokey/start/rsa_pub_key.py --- old/pynitrokey-0.8.1/pynitrokey/start/rsa_pub_key.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/start/rsa_pub_key.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,3 +1,6 @@ +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT + rsa_key_data = [ "9cf7192b51a574d1ad3ccb08ba09b87f228573893eee355529ff243e90fd4b86f79a82097cc7922c0485bed1616b1656a9b0b19ef78ea8ec34c384019adc5d5bf4db2d2a0a2d9cf14277bdcb7056f48b81214e3f7f7742231e29673966f9b1106862112cc798dba8d4a138bb5abfc6d4c12d53a5d39b2f783da916da20852ee139bbafda61d429caf2a4f30847ce7e7ae32ab4061e27dd9e4d00d60910249db8d8559dd85f7ca59659ef400c8f6318700f4e97f0c6f4165de80641490433c88da8682befe68eb311f54af2b07d97ac74edb5399cf054764211694fbb8d1d333f3269f235abe025067f811ff83a2224826219b309ea3e6c968f42b3e52f245dc9", "010001", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/start/threaded_log.py new/pynitrokey-0.8.3/pynitrokey/start/threaded_log.py --- old/pynitrokey-0.8.1/pynitrokey/start/threaded_log.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/start/threaded_log.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,14 +1,7 @@ #! /usr/bin/env python3 -# -*- coding: utf-8 -*- -""" -Copyright 2020 Nitrokey Gmbh - -Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or -http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or -http://opensource.org/licenses/MIT>, at your option. This file may not be -copied, modified, or distributed except according to those terms. -""" +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT import logging import subprocess diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/start/upgrade_by_passwd.py new/pynitrokey-0.8.3/pynitrokey/start/upgrade_by_passwd.py --- old/pynitrokey-0.8.1/pynitrokey/start/upgrade_by_passwd.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/start/upgrade_by_passwd.py 2025-05-06 16:06:04.000000000 +0200 @@ -23,6 +23,8 @@ You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. + +SPDX-License-Identifier: GPL-3.0-or-later """ from pprint import pprint diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/start/usb_strings.py new/pynitrokey-0.8.3/pynitrokey/start/usb_strings.py --- old/pynitrokey-0.8.1/pynitrokey/start/usb_strings.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/start/usb_strings.py 2025-05-06 16:06:04.000000000 +0200 @@ -20,6 +20,8 @@ You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. + +SPDX-License-Identifier: GPL-3.0-or-later """ import sys diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/test_secrets_app.py new/pynitrokey-0.8.3/pynitrokey/test_secrets_app.py --- old/pynitrokey-0.8.1/pynitrokey/test_secrets_app.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/test_secrets_app.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,3 +1,6 @@ +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT + """ Tests for the Secrets application interface placed in secrets_app.py. Requires a live device, or an USB-IP simulation. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pynitrokey/tlv.py new/pynitrokey-0.8.3/pynitrokey/tlv.py --- old/pynitrokey-0.8.1/pynitrokey/tlv.py 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pynitrokey/tlv.py 2025-05-06 16:06:04.000000000 +0200 @@ -1,3 +1,6 @@ +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT + from typing import Optional, Sequence, Tuple diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.8.1/pyproject.toml new/pynitrokey-0.8.3/pyproject.toml --- old/pynitrokey-0.8.1/pyproject.toml 2025-03-28 09:33:49.000000000 +0100 +++ new/pynitrokey-0.8.3/pyproject.toml 2025-05-06 16:06:04.000000000 +0200 @@ -1,3 +1,7 @@ +# Copyright 2019 SoloKeys Developers +# Copyright Nitrokey GmbH +# SPDX-License-Identifier: Apache-2.0 OR MIT + [build-system] requires = ["flit_core >=3.2,<4"] build-backend = "flit_core.buildapi" @@ -40,7 +44,7 @@ "tlv8", "click-aliases >=1.0.5, <2", "semver", - "nethsm >=1.3.0, <2", + "nethsm >=1.4.0, <2", ] dynamic = ["version", "description"]
