search

NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
17.4k stars 13.62k forks source link

Yubikeys not detected by default in KeePassXC 2.6.3 #119984

Open natanlao opened 3 years ago

natanlao commented 3 years ago

Apologies in advance if this is the wrong place to file this -- if this isn't the right place, I'd appreciate a pointer.

Describe the bug

KeePassXC 2.6.3 will not detect hardware keys by default.

To Reproduce Steps to reproduce the behavior:

  1. Attempt to unlock a database with KeePass XC
  2. Insert a hardware key
  3. Press "Refresh" button next to "Hardware Key" field
  4. No keys will be detected

Expected behavior KeePassXC detects hardware keys when inserted

Screenshots None

Additional context This problem is easily solved by adding a udev rule packaged by yubikey-personalization:

  services.udev.packages = with pkgs; [
    yubikey-personalization
  ];

I'm not sure how to implement this kind of fix in nixos.keepassxc, or if it should be fixed in the package or just documented somewhere.

Notify maintainers @turion @jonafato

Metadata

 - system: `"x86_64-linux"`
 - host os: `Linux 5.4.111, NixOS, 20.09.3869.7c23e16b656 (Nightingale)`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.3.10`
 - channels(root): `"nixos-20.09.3869.7c23e16b656"`
 - channels(natan): `""`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`

Maintainer information:

# a list of nixpkgs attributes affected by the problem
attribute:
# a list of nixos modules affected by the problem
module: keepassxc
emmanuelrosa commented 3 years ago

Adding the yubikey udev rules within the keeypass package is not possible. KeePass is a Nix package, which means like all packages, it does not depend on NixOS, but rather only depends on Nixpkgs. On the other hand, services.udev is a NixOS module. NixOS modules can utilize Nix packages, but Nix packages cannot utilize NixOS modules. This is a significant difference between NixOS and other Linux distros, and it often trips people up.

natanlao commented 3 years ago

Okay, thank you! With that said, I think the right move is to document this in keepassxreboot/keepassxc.

turion commented 3 years ago

Still I think the issue is not necessarily invalid. You could still implement a NixOS option services.keepassxc.enable and/or services.keepassxc.yubikey, where the first installs a systemd service with keepassxc, and the second enables the corresponding udev rule.

natanlao commented 3 years ago

Ok, that sounds good to me. Also, now that I check, it doesn't look like keepassxreboot/keepassxc documents platform-specific fixes like this anyway -- oversight on my part.

stale[bot] commented 2 years ago

I marked this as stale due to inactivity. → More info

znd4 commented 6 months ago

oh I assume that this same issue is why yubikey isn't showing up as an option on OSX when installed with nix-darwin