CVS commit: pkgsrc/security/py-libagent

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/py-libagent
From: "Jonathan Schleifer" <js%netbsd.org@localhost>
Date: Sun, 1 Mar 2026 15:09:42 +0000

Module Name:    pkgsrc
Committed By:   js
Date:           Sun Mar  1 15:09:42 UTC 2026

Modified Files:
        pkgsrc/security/py-libagent: Makefile PLIST distinfo
Added Files:
        pkgsrc/security/py-libagent/patches: patch-libagent_device_trezor.py
            patch-libagent_gpg_agent.py

Log Message:
Update security/py-libagent to 0.16.0

- Test on Python 3.13 by @romanz in #492
- Support SSH CA generation by @romanz in #493
- replace pkg_resources for python 3.12 by @branchv in #480
- Dedup sending age response by @romanz in #497
- Parse SSH server host key as well by @romanz in #507
- Drop keepkey support by @romanz in #511
- Drop ledger support by @romanz in #513
- libagent: Add USB IDs for Jade Plus by @nitramiz in #510
- Switch to trezorlib 0.20 to support TS7 by @romanz in #512

Additionally, two patches have been applied on top of 0.16.0:

- Lookup GnuPG user ID (instead of assuming it's the first one) in #517
- Fix passphrase support on Trezor in #519


To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/security/py-libagent/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/security/py-libagent/PLIST
cvs rdiff -u -r1.1 -r1.2 pkgsrc/security/py-libagent/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/security/py-libagent/patches/patch-libagent_device_trezor.py \
    pkgsrc/security/py-libagent/patches/patch-libagent_gpg_agent.py

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/py-libagent/Makefile
diff -u pkgsrc/security/py-libagent/Makefile:1.5 pkgsrc/security/py-libagent/Makefile:1.6
--- pkgsrc/security/py-libagent/Makefile:1.5    Thu Jan 15 08:28:42 2026
+++ pkgsrc/security/py-libagent/Makefile        Sun Mar  1 15:09:41 2026
@@ -1,13 +1,13 @@
-# $NetBSD: Makefile,v 1.5 2026/01/15 08:28:42 wiz Exp $
+# $NetBSD: Makefile,v 1.6 2026/03/01 15:09:41 js Exp $
 
 DISTNAME=      trezor-agent-${PKGVERSION_NOREV}
-PKGNAME=       ${PYPKGPREFIX}-libagent-0.15.0
+PKGNAME=       ${PYPKGPREFIX}-libagent-0.16.0
 CATEGORIES=    security python
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=romanz/}
 GITHUB_PROJECT=        trezor-agent
-GITHUB_TAG=    v${PKGVERSION_NOREV}
+GITHUB_TAG=    libagent/${PKGVERSION_NOREV}
 
-WRKSRC=                ${WRKDIR}/${DISTNAME}
+WRKSRC=                ${WRKDIR}/trezor-agent-libagent-${PKGVERSION_NOREV}
 
 MAINTAINER=    js%NetBSD.org@localhost
 HOMEPAGE=      https://github.com/romanz/trezor-agent

Index: pkgsrc/security/py-libagent/PLIST
diff -u pkgsrc/security/py-libagent/PLIST:1.2 pkgsrc/security/py-libagent/PLIST:1.3
--- pkgsrc/security/py-libagent/PLIST:1.2       Sun Apr 20 04:40:50 2025
+++ pkgsrc/security/py-libagent/PLIST   Sun Mar  1 15:09:41 2026
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.2 2025/04/20 04:40:50 js Exp $
+@comment $NetBSD: PLIST,v 1.3 2026/03/01 15:09:41 js Exp $
 ${PYSITELIB}/libagent-${PKGVERSION}.dist-info/METADATA
 ${PYSITELIB}/libagent-${PKGVERSION}.dist-info/RECORD
 ${PYSITELIB}/libagent-${PKGVERSION}.dist-info/WHEEL
@@ -25,15 +25,6 @@ ${PYSITELIB}/libagent/device/interface.p
 ${PYSITELIB}/libagent/device/jade.py
 ${PYSITELIB}/libagent/device/jade.pyc
 ${PYSITELIB}/libagent/device/jade.pyo
-${PYSITELIB}/libagent/device/keepkey.py
-${PYSITELIB}/libagent/device/keepkey.pyc
-${PYSITELIB}/libagent/device/keepkey.pyo
-${PYSITELIB}/libagent/device/keepkey_defs.py
-${PYSITELIB}/libagent/device/keepkey_defs.pyc
-${PYSITELIB}/libagent/device/keepkey_defs.pyo
-${PYSITELIB}/libagent/device/ledger.py
-${PYSITELIB}/libagent/device/ledger.pyc
-${PYSITELIB}/libagent/device/ledger.pyo
 ${PYSITELIB}/libagent/device/onlykey.py
 ${PYSITELIB}/libagent/device/onlykey.pyc
 ${PYSITELIB}/libagent/device/onlykey.pyo
@@ -43,9 +34,6 @@ ${PYSITELIB}/libagent/device/onlykey_def
 ${PYSITELIB}/libagent/device/trezor.py
 ${PYSITELIB}/libagent/device/trezor.pyc
 ${PYSITELIB}/libagent/device/trezor.pyo
-${PYSITELIB}/libagent/device/trezor_defs.py
-${PYSITELIB}/libagent/device/trezor_defs.pyc
-${PYSITELIB}/libagent/device/trezor_defs.pyo
 ${PYSITELIB}/libagent/device/ui.py
 ${PYSITELIB}/libagent/device/ui.pyc
 ${PYSITELIB}/libagent/device/ui.pyo

Index: pkgsrc/security/py-libagent/distinfo
diff -u pkgsrc/security/py-libagent/distinfo:1.1 pkgsrc/security/py-libagent/distinfo:1.2
--- pkgsrc/security/py-libagent/distinfo:1.1    Sat Sep 21 12:40:17 2024
+++ pkgsrc/security/py-libagent/distinfo        Sun Mar  1 15:09:41 2026
@@ -1,6 +1,8 @@
-$NetBSD: distinfo,v 1.1 2024/09/21 12:40:17 js Exp $
+$NetBSD: distinfo,v 1.2 2026/03/01 15:09:41 js Exp $
 
-BLAKE2s (trezor-agent-0.15.0.tar.gz) = 04b00c96af84379d23a5b976b003405bdb2d5489fe8fcd4e89341e5ce82ff7a4
-SHA512 (trezor-agent-0.15.0.tar.gz) = af42d5fff527fe0deb35b27d6b77a3abe49df294e5b7dd69e187d32d5668bd72b1c3b0f20bbe40f81aee9d8e12bb836ec8d0c5bd8f3190c771c7aa3b94bb4fb0
-Size (trezor-agent-0.15.0.tar.gz) = 926014 bytes
+BLAKE2s (trezor-agent-0.16.0.tar.gz) = e60c537b032bb2f9eae6d8dbc73ececc7e537f7fcad872c38b288b0645e829e1
+SHA512 (trezor-agent-0.16.0.tar.gz) = afa91d7ebe5e9582b5ad42823c538f8891906b1da531fc74280c66cbc0f534f1421d12d7313aeea5d9a7393f646d778e58a92d176f15526513c9b4b0dcade14d
+Size (trezor-agent-0.16.0.tar.gz) = 923834 bytes
+SHA1 (patch-libagent_device_trezor.py) = 4a8b21f237cabbc8a33ca38072e9d2d163b511bb
+SHA1 (patch-libagent_gpg_agent.py) = f38ac130c397bd6896beba2d6d7b876f60b67560
 SHA1 (patch-setup.py) = bc0377560b88ee5c88a5249e42c2c505be9a0b59

Added files:

Index: pkgsrc/security/py-libagent/patches/patch-libagent_device_trezor.py
diff -u /dev/null pkgsrc/security/py-libagent/patches/patch-libagent_device_trezor.py:1.1
--- /dev/null   Sun Mar  1 15:09:42 2026
+++ pkgsrc/security/py-libagent/patches/patch-libagent_device_trezor.py Sun Mar  1 15:09:41 2026
@@ -0,0 +1,27 @@
+$NetBSD: patch-libagent_device_trezor.py,v 1.1 2026/03/01 15:09:41 js Exp $
+
+From 29fc6e43abeb8e6da587286c43ec1f8b24d25ec2 Mon Sep 17 00:00:00 2001
+From: Roman Zeyde <me%romanzey.de@localhost>
+Date: Sun, 1 Mar 2026 15:36:50 +0100
+Subject: [PATCH] Fix passphrase support on Trezor
+
+--- libagent/device/trezor.py.orig     2026-03-01 15:05:00.329998622 +0000
++++ libagent/device/trezor.py
+@@ -3,7 +3,7 @@
+ import logging
+ 
+ from trezorlib.btc import get_public_node
+-from trezorlib.client import get_default_client, get_default_session
++from trezorlib.client import PassphraseSetting, get_default_client
+ from trezorlib.exceptions import TrezorFailure
+ from trezorlib.messages import IdentityType
+ from trezorlib.misc import get_ecdh_session_key, sign_identity
+@@ -37,7 +37,7 @@ class Trezor(interface.Device):
+                 pin_callback=self.ui.get_pin,
+                 code_entry_callback=self.ui.get_pairing_code,
+             )
+-            session = client.get_session(passphrase="")  # TODO: support passphrase
++            session = client.get_session(passphrase=PassphraseSetting.AUTO)
+             log.info("%s @ fpr=%s", session, session.get_root_fingerprint().hex())
+             self.__class__._session = session
+ 
Index: pkgsrc/security/py-libagent/patches/patch-libagent_gpg_agent.py
diff -u /dev/null pkgsrc/security/py-libagent/patches/patch-libagent_gpg_agent.py:1.1
--- /dev/null   Sun Mar  1 15:09:42 2026
+++ pkgsrc/security/py-libagent/patches/patch-libagent_gpg_agent.py     Sun Mar  1 15:09:42 2026
@@ -0,0 +1,46 @@
+$NetBSD: patch-libagent_gpg_agent.py,v 1.1 2026/03/01 15:09:42 js Exp $
+
+From de6301e9c8d5459be070a472abf85c59998f8c32 Mon Sep 17 00:00:00 2001
+From: Roman Zeyde <me%romanzey.de@localhost>
+Date: Sun, 1 Mar 2026 12:02:24 +0100
+Subject: [PATCH] Lookup GnuPG user ID (instead of assuming it's the first one)
+
+--- libagent/gpg/agent.py.orig 2026-03-01 15:03:49.749580195 +0000
++++ libagent/gpg/agent.py
+@@ -161,19 +161,26 @@ class Handler:
+         keygrip_bytes = binascii.unhexlify(keygrip)
+         pubkey_dict, user_ids = decode.load_by_keygrip(
+             pubkey_bytes=self.pubkey_bytes, keygrip=keygrip_bytes)
+-        # We assume the first user ID is used to generate TREZOR-based GPG keys.
+-        user_id = user_ids[0]['value'].decode('utf-8')
++        log.debug("pubkey_dict %s", pubkey_dict)
++
+         curve_name = protocol.get_curve_name_by_oid(pubkey_dict['curve_oid'])
+         ecdh = pubkey_dict['algo'] == protocol.ECDH_ALGO_ID
+ 
+-        identity = client.create_identity(user_id=user_id, curve_name=curve_name)
+-        verifying_key = self.client.pubkey(identity=identity, ecdh=ecdh)
+-        pubkey = protocol.PublicKey(
+-            curve_name=curve_name, created=pubkey_dict['created'],
+-            verifying_key=verifying_key, ecdh=ecdh)
+-        assert pubkey.key_id() == pubkey_dict['key_id']
+-        assert pubkey.keygrip() == keygrip_bytes
+-        return identity
++        # Lookup the first user ID that matches the provided keygrip
++        for user_id_dict in user_ids:
++            log.debug("user_id: %s", user_id_dict)
++            user_id = user_id_dict['value'].decode('utf-8')
++
++            identity = client.create_identity(user_id=user_id, curve_name=curve_name)
++            verifying_key = self.client.pubkey(identity=identity, ecdh=ecdh)
++            pubkey = protocol.PublicKey(
++                curve_name=curve_name, created=pubkey_dict['created'],
++                verifying_key=verifying_key, ecdh=ecdh)
++
++            if pubkey.keygrip() == keygrip_bytes and pubkey.key_id() == pubkey_dict['key_id']:
++                return identity
++
++        raise KeyError(keygrip)
+ 
+     def pksign(self, conn):
+         """Sign a message digest using a private EC key."""

Prev by Date: CVS commit: pkgsrc
Next by Date: CVS commit: pkgsrc/security/py-trezor-agent
Previous by Thread: CVS commit: pkgsrc
Next by Thread: CVS commit: pkgsrc/security/py-trezor-agent
Indexes:

Home | Main Index | Thread Index | Old Index