Move test and example apps

Move test and example apps to their own repo, leaving the ssh agent in
original repo.

.github/workflows/ci.yaml

@@ -38,19 +38,6 @@ jobs:
           cd tkey-libs
           make
 
-      - name: Clone signer
-        uses: actions/checkout@v3
-        with:
-          repository: tillitis/tkey-device-signer
-          ref: main
-          path: tkey-device-signer
-
-      - name: make signer
-        run: make -j -C tkey-device-signer LIBDIR=../tkey-libs
-
-      - name: Copy signer
-        run: cp tkey-device-signer/signer/app.bin cmd/tkey-ssh-agent/app.bin
-
       - name: make
         run: make -j LIBDIR=../tkey-libs
 

Makefile

@@ -1,34 +1,17 @@
 .PHONY: all
-all: apps tkey-ssh-agent runtimer
-
-.PHONY: windows
-windows: tkey-ssh-agent.exe tkey-ssh-agent-tray.exe
-	make -C apps
+all: apps runtimer
 
 DESTDIR=/
 PREFIX=/usr/local
-SYSTEMDDIR=/etc/systemd
 UDEVDIR=/etc/udev
-destbin=$(DESTDIR)/$(PREFIX)/bin
-destman1=$(DESTDIR)/$(PREFIX)/share/man/man1
-destunit=$(DESTDIR)/$(SYSTEMDDIR)/user
 destrules=$(DESTDIR)/$(UDEVDIR)/rules.d
 .PHONY: install
 install:
-	install -Dm755 tkey-ssh-agent $(destbin)/tkey-ssh-agent
-	strip $(destbin)/tkey-ssh-agent
-	install -Dm644 system/tkey-ssh-agent.1 $(destman1)/tkey-ssh-agent.1
-	gzip -n9f $(destman1)/tkey-ssh-agent.1
-	install -Dm644 system/tkey-ssh-agent.service.tmpl $(destunit)/tkey-ssh-agent.service
-	sed -i -e "s,##BINDIR##,$(PREFIX)/bin," $(destunit)/tkey-ssh-agent.service
 	install -Dm644 system/60-tkey.rules $(destrules)/60-tkey.rules
 .PHONY: uninstall
 uninstall:
 	rm -f \
-	$(destbin)/tkey-ssh-agent \
-	$(destunit)/tkey-ssh-agent.service \
 	$(destrules)/60-tkey.rules \
-	$(destman1)/tkey-ssh-agent.1.gz
 .PHONY: reload-rules
 reload-rules:
 	udevadm control --reload
@@ -41,48 +24,13 @@ podman:
 apps:
 	$(MAKE) -C apps
 
-# .PHONY to let go-build handle deps and rebuilds
-.PHONY: tkey-sign
-tkey-sign:
-	go build -ldflags "-X main.signerAppNoTouch=$(TKEY_SIGNER_APP_NO_TOUCH)" ./cmd/tkey-sign
-
-runsign.sh: apps/signer/runsign.sh
-	cp -af $< $@
-
 .PHONY: runtimer
 runtimer:
 	go build ./cmd/runtimer
 
-.PHONY: check-signer-hash
-check-signer-hash:
-	cd cmd/tkey-ssh-agent && sha512sum -c app.bin.sha512
-
-TKEY_SSH_AGENT_VERSION ?=
-# .PHONY to let go-build handle deps and rebuilds
-.PHONY: tkey-ssh-agent
-tkey-ssh-agent: apps check-signer-hash
-	CGO_ENABLED=0 go build -ldflags "-X main.version=$(TKEY_SSH_AGENT_VERSION) -X main.signerAppNoTouch=$(TKEY_SIGNER_APP_NO_TOUCH)" -trimpath ./cmd/tkey-ssh-agent
-
-.PHONY: tkey-ssh-agent.exe
-tkey-ssh-agent.exe:
-	$(MAKE) -C gotools go-winres
-	cd ./cmd/tkey-ssh-agent && ../../gotools/go-winres make --arch amd64
-	$(MAKE) GOOS=windows GOARCH=amd64 tkey-ssh-agent
-
-# .PHONY to let go-build handle deps and rebuilds
-.PHONY: tkey-ssh-agent-tray.exe
-tkey-ssh-agent-tray.exe:
-	$(MAKE) -C gotools go-winres
-	cd ./cmd/tkey-ssh-agent-tray && ../../gotools/go-winres make --arch amd64
-	GOOS=windows GOARCH=amd64 CGO_ENABLED=0 go build -ldflags "-H windowsgui" -trimpath ./cmd/tkey-ssh-agent-tray
-
 .PHONY: clean
 clean:
-	rm -f \
-	tkey-ssh-agent cmd/tkey-ssh-agent/app.bin \
-	tkey-ssh-agent.exe cmd/tkey-ssh-agent/rsrc_windows_amd64.syso \
-	tkey-ssh-agent-tray.exe cmd/tkey-ssh-agent-tray/rsrc_windows_amd64.syso \
-	runtimer runrandom cmd/runrandom/app.bin
+	rm -f runtimer
 	$(MAKE) -C apps clean
 
 .PHONY: lint

README.md

@@ -1,14 +1,13 @@
 
-[![ci](https://github.com/tillitis/tillitis-key1-apps/actions/workflows/ci.yaml/badge.svg?branch=main&event=push)](https://github.com/tillitis/tillitis-key1-apps/actions/workflows/ci.yaml)
+[![ci](https://github.com/tillitis/tkey-testapps/actions/workflows/ci.yaml/badge.svg?branch=main&event=push)](https://github.com/tillitis/tkey-testapps/actions/workflows/ci.yaml)
 
-# Tillitis TKey Apps
+# Tillitis TKey Test Apps
 
-This repository contains some applications for the
+This repository contains some test and example applications for the
 [Tillitis](https://tillitis.se/) TKey USB security stick.
 
 Client apps:
 
-- `tkey-ssh-agent`: An OpenSSH compatible agent.
 - `runtimer`: Control the `timer` device app.
 
 Device apps:
@@ -29,20 +28,7 @@ real hardware.
 
 [Current list of known projects](https://dev.tillitis.se/projects/).
 
-Go packages used with the client apps reside in their own
-repositories:
-
-- https://github.com/tillitis/tkeyclient [Go doc](https://pkg.go.dev/github.com/tillitis/tkeyclient)
-- https://github.com/tillitis/tkeysign [Go doc](https://pkg.go.dev/github.com/tillitis/tkeysign)
-
-Note that development is ongoing. For example, changes might be made
-to [the signer device
-app](https://github.com/tillitis/tkey-device-signer), causing the
-public/private key it provides to change. To avoid unexpected changes
-please use a tagged release.
-
-
-See [Release notes](docs/release_notes.md).
+See [Release notes](RELEASE.md).
 
 ## Building
 
@@ -58,8 +44,7 @@ $ ./build.sh
 ```
 
 which also clones and builds the [TKey device
-libraries](https://github.com/tillitis/tkey-libs) and the [signer
-device app](https://github.com/tillitis/tkey-device-signer) first.
+libraries](https://github.com/tillitis/tkey-libs) first.
 
 If you want to do it manually, clone and build tkey-libs and
 tkey-device-signer manually like this:
@@ -68,12 +53,6 @@ tkey-device-signer manually like this:
 $ git clone -b v0.0.1 https://github.com/tillitis/tkey-libs
 $ cd tkey-libs
 $ make
-$ cd ..
-$ git clone -b v0.0.7 https://github.com/tillitis/tkey-device-signer
-$ cd tkey-device-signer
-$ make
-$ cd ..
-$ cp ../tkey-device-signer/signer/app.bin cmd/tkey-ssh-agent/app.bin
 ```
 
 Then go back to this directory and build everything:
@@ -102,138 +81,6 @@ or run podman directly with
 $ podman run --rm --mount type=bind,source=$(CURDIR),target=/src --mount type=bind,source=$(CURDIR)/../tkey-libs,target=/tkey-libs -w /src -it ghcr.io/tillitis/tkey-builder:2 make -j
 ```
 
-To help prevent unpleasant surprises we keep a hash of the `signer` in
-`cmd/tkey-ssh-agent/app.bin.sha512`. The compilation will fail if this
-is not the expected binary.
-
-### Using tkey-ssh-agent
-
-This client app is a complete, alternative SSH agent with practical
-use. The needed signer device app binary gets built into the
-tkey-ssh-agent, which will load it onto USB stick when started. Like
-the other client apps, tkey-ssh-agent tries to auto-detect serial
-ports of TKey USB sticks. If more than one is found, or if you're
-running on QEMU, then you'll need to use the `--port` flag. An example
-of that:
-
-```
-$ ./tkey-ssh-agent -a ./agent.sock --port /dev/pts/1
-```
-
-This will start the SSH agent and tell it to listen on the specified
-socket `./agent.sock`.
-
-It will also output the SSH ed25519 public key for this instance of
-the app on this specific TKey USB stick. So again; if the signer app
-binary, the USS, or the UDS in the physical USB stick change, then the
-private key will also change -- and thus the derived public key, your
-public identity in the world of SSH.
-
-If you copy-paste the public key into your `~/.ssh/authorized_keys`
-you can try to log onto your local computer (if sshd is running
-there). The socket path set/output above is also needed by SSH in
-`SSH_AUTH_SOCK`:
-
-```
-$ SSH_AUTH_SOCK=/path/to/agent.sock ssh -F /dev/null localhost
-```
-
-`-F /dev/null` is used to ignore your ~/.ssh/config which could
-interfere with this test.
-
-The tkey-ssh-agent also supports the `--uss` and `--uss-file` flags to
-enter a User Supplied Secret.
-
-You can use `--show-pubkey` (short flag: `-p`) to only output the
-pubkey. The pubkey is printed to stdout for easy redirection, but some
-messages are still present on stderr.
-
-#### Installing tkey-ssh-agent
-
-The [`Makefile`](Makefile) has an `install` target that installs
-tkey-ssh-agent and the above mentioned `60-tkey.rules`. First `make`
-then `sudo make install`, then `sudo make reload-rules` to apply the
-rules to the running system. This also installs a man page which
-contains some useful information, try `man ./system/tkey-ssh-agent.1`
-to read it before installing.
-
-There is also a Work In Progress Debian/Ubuntu package which can be
-build using the script `debian/build-pkg.sh`.
-
-#### Windows support
-
-tkey-ssh-agent can be built for and run on Windows. The Makefile has a
-`windows` target that produces `tkey-ssh-agent.exe` and
-`tkey-ssh-agent-tray.exe`. The former is a regular command-line
-program that can be used for example in PowerShell. The latter is a
-small program (built for the `windowsgui` subsystem; no console) that
-sets up a tray icon and launches `tkey-ssh-agent.exe` (which it
-expects to find next to itself) with the same arguments that it was
-itself passed. For automatically starting the SSH agent when logging
-onto the computer, a shortcut to `tkey-ssh-agent-tray.exe`, with the
-required arguments, can be added in your user's `Startup` folder.
-
-When using the `--uss` option the Windows build by default uses the
-pinentry program from Gpg4win for requesting the User-Supplied Secret.
-This package can be installed using: `winget install GnuPG.Gpg4win`.
-
-The SSH Agent supports being used by the native OpenSSH client
-`ssh.exe` (part of Windows Optional Features and installable using
-`winget`). The environment variable `SSH_AUTH_SOCK` should be set to
-the complete path of the Named Pipe that tkey-ssh-agent listens on.
-
-For example, if it is started using `./tkey-ssh-agent.exe -a
-tkey-ssh-agent` the environment variable could be set for the current
-PowerShell like this:
-
-```powershell
-$env:SSH_AUTH_SOCK = '\\.\pipe\tkey-ssh-agent'
-```
-
-Setting this environment variable persistently, for future PowerShell
-terminals, Visual Studio Code, and other programs can be done through
-the System Control Panel. Or using PowerShell:
-
-```powershell
-[Environment]::SetEnvironmentVariable('SSH_AUTH_SOCK', '\\.\pipe\tkey-ssh-agent', 'User')
-```
-
-You can learn more about environment variables on Windows in [this
-article](https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_environment_variables).
-
-The SSH Agent can also be used with the Git-for-Windows client
-(`winget install Git.Git`). By default, it uses its own bundled
-ssh-client. Run the following PowerShell commands to make `git.exe`
-use the system's native ssh.exe:
-
-```
-$sshpath = (get-command ssh.exe).path -replace '\\','/'
-git config --global core.sshCommand $sshpath
-git config --global --get core.sshCommand
-```
-
-The last command should output something like
-`C:/Windows/System32/OpenSSH/ssh.exe`.
-
-For details on how we package and build an MSI installer, see
-[system/windows/README.md](system/windows/README.md).
-
-### Disabling touch requirement
-
-The [signer device app](https://github.com/tkey-device-signer)
-normally requires the USB stick to be physically touched for signing
-to complete. For special purposes it can be compiled with this
-requirement removed, by setting the environment variable
-`TKEY_SIGNER_APP_NO_TOUCH` to some value when building. Example: `make
-TKEY_SIGNER_APP_NO_TOUCH=yesplease`. 
-
-*Note well*: You have to do this when building both the signer and the
-client apps. The client apps will also stop displaying notifications
-about touch if the variable is set.
-
-Of course this changes the signer app binary and as a consequence the
-derived private key and identity will change.
-
 ## Licenses and SPDX tags
 
 Unless otherwise noted, the project sources are licensed under the

docs/release_notes.md → RELEASE.md

@@ -1,5 +1,11 @@
 # Release notes
 
+## v0.0.7
+
+Copy from https://github.com/tillitis/tillitis-key1-apps
+
+With only test and example apps left.
+
 ## v0.0.6
 
 - Change maximum frame length back to 128 bytes.

build.sh

@@ -3,11 +3,7 @@
 LIBDIR=../tkey-libs
 
 git clone -b v0.0.1 https://github.com/tillitis/tkey-libs.git ../tkey-libs
-git clone -b v0.0.7 https://github.com/tillitis/tkey-device-signer.git ../tkey-device-signer
 
 make -j -C ../tkey-libs
-make -j -C ../tkey-device-signer
-
-cp ../tkey-device-signer/signer/app.bin cmd/tkey-ssh-agent/app.bin
 
 make -j