# nitrokey-app for nitrokey storage



## maurizio (Feb 20, 2019)

Hello world!,
nitrokey-storage is a really nice encrypted storage usb.
Someone tried to compile the nitrokey-app on FreeBSD https://support.nitrokey.com/t/using-the-nitrokey-app-under-freebsd/889
And it seems compiling is successful and nitrokey-app works well on FreeBSD.
Any chance to get nitrokey-app in ports or pkg?

Have a nice day!


----------



## SirDice (Feb 20, 2019)

maurizio said:


> Any chance to get nitrokey-app in ports or pkg?


Somebody has to create the port for it. I suggest you start reading the Porter's Handbook.


----------



## monwarez (Aug 21, 2020)

I applied some patch upstream to allow FreeBSD build, since they merged it I made a port of nitrokey-app.
Here the related patch for libnitrokey: PR 248797, and nitrokey-app: PR 248799


----------



## maurizio (Aug 22, 2020)

monwarez said:


> I applied some patch upstream to allow FreeBSD build, since they merged it I made a port of nitrokey-app.
> Here the related patch for libnitrokey: PR 248797, and nitrokey-app: PR 248799


Thibault, YOU ROCK!


----------



## maurizio (Aug 23, 2020)

I would like to test my nitrokey but I cannot install nitrokey-app with pkg on FREEBSD 12.1. The same problem with libnitrokey.

```
$ uname -a
FreeBSD freebsd.localhost 12.1-RELEASE-p8 FreeBSD 12.1-RELEASE-p8 GENERIC  amd64
$ sudo pkg install nitrokey-app
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
pkg: No packages available to install matching 'nitrokey-app' have been found in the repositories
$ pkg search nitrokey-app
$
```
What's wrong?
Thank you very much for your support


----------



## T-Daemon (Aug 23, 2020)

It isn't available in the latest package repository yet, but a build will be released in the next update ( see "_Queued ports_" ). quarterly has no security/nitrokey-app port, that means no package until 2020Q4, unless it is added until then. If you are on quarterly you could ask the maintainer to add it to quarterly.


----------



## monwarez (Aug 24, 2020)

I have a personal pkg repository that have security/nitrokey-app in it (I follow latest branch), if you cannot setup a port tree to test you can use at your own risk my build of nitrokey-app

synth repository

Basically you have to download 2 files and put them in specific location, and then the next `pkg update` will add a new pkg repository: Synth
If you use this repository make sure that you are following latest and pay attention to what pkg will do.
Like if it try to delete installed package do not proceed, since I did not build all of the available packages (there is 553 packages).
The same apply if it try to update some of Qt dependency to a new version but not all of them.


----------



## ludensen (Sep 20, 2020)

monwarez THANK YOU for the work put into the port!
Yesterday I compiled it from ports after compiling devel/qt5 - no problems at all.
Haven't testet it with my HW-key yet though...

NB.
My first try at compiling was before compiling Qt5 and it exited because it couldn't find and compile `qtbase-everywhere` (included in "main" devel/qt5) - a missing dependency?
(I haven't used ports that much...)

[Edit]
OK, had a look at my notes and log:


> > => Couldn't fetch it - please try to retrieve this (me: qtbase-everywhere-src-5.15.0)
> 
> 
> 
> ...


So it tells me to find it manually...     (and I probably chose the bulkiest port to get the program... )
- and I'm on FuryBSD and not mainline.


----------



## monwarez (Sep 20, 2020)

You are welcome.
If you edit your pkg repository to use latest (I don't know if FuryBSD have their own repository, I assume it used FreeBSD ones) you can directly install it.
For the missing distfiles, it could be that the mirror for qt source are down or there is some network issue.
You could download https://github.com/qt/qtbase/releases/tag/v5.15.0 and then extract and compress as txz
The expected sha256 should be:

```
SHA256 (qtbase-everywhere-src-5.15.0.tar.xz) = 9e7af10aece15fa9500369efde69cb220eee8ec3a6818afe01ce1e7d484824c5
```


----------



## ludensen (Sep 20, 2020)

Thank you, I will do that on the other laptop - if I'm not just copying over the files...

Yes, I too think that FuryBSD as a philosophy uses mainline.
But I find myself have to compile from ports more often now on FuryBSD than earlier on TrueOS...
I thought "mainline" was "the full set of packages"


----------



## ludensen (Sep 27, 2020)

the Nitrokey-app does not detect my Nitrokey. I see the Nitrokey in `dmesg`.
I have installed a linux box (where the key function flawlessly) and updated the Nitrokey FW, but still no detection on FreeBSD.
The successful compilations in this thread have all been from github - I might try that when I have some time during the coming week...  (or have another go at compiling from ports in a jail and find my mistake...)
Anyone else having good/bad experinces with compiling from ports?

[Update]
The new binary Nitrokey-app sees my nitrokey, but I have to start it with sudo!
(the added benefit is tons of messages in the terminal to locate/debug what's happening).
So my own compiled app _might_ have worked - I don't remember if I tried starting it with sudo...
Running the app without sudo results in some terminal messages about the key not being initialized - which is not true - and a lot of "housekeeping" messages that didn't indicate a privilege problem.
So don't just click the icon in your window-manager and expect it to work ;-)


----------



## maurizio (Dec 11, 2020)

ludensen is right! nitrokey-app detects my nitrokey storage only when running command `sudo nitrokey-app`. It seems that nitrokey-app works only if launched with sudo.
Yeah! the icon in my desktop menu does NOT work.


----------



## monwarez (Dec 11, 2020)

Solution: (to test)
By looking at the UDEV rules from linux, we have this for nitrokey storage

```
## Nitrokey Storage
ATTR{idVendor}=="20a0", ATTR{idProduct}=="4109", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg", TAG+="uaccess"
```
Assuming that you are in the u2f groups (and you installed security/u2f-devd )

Create a file /usr/local/etc/devd/nitrokey_storage.conf

```
# Nitrokey Storage
notify 100 {
        match "system"          "USB";
        match "subsystem"       "DEVICE";
        match "type"            "ATTACH";
        match "vendor"          "0x20a0";
        match "product"         "0x4109";
        action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev";
};

attach 100 {
        match "vendor"          "0x20a0";
        match "product"         "0x4109";
        action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name";
};
```

The icons works for the launcher that I use: x11/albert


----------

