search

maximbaz / yubikey-touch-detector

A tool to detect when your YubiKey is waiting for a touch (to send notification or display a visual indicator on the screen)
ISC License
415 stars 31 forks source link

No U2F events captured after boot #48

Open Majiir opened 1 year ago

Majiir commented 1 year ago

I use the systemd user service to run yubikey-touch-detector. I'm using NixOS 23.05 with GNOME 44.2.

When I first boot my machine, no U2F events are captured. (I don't use any other watchers.) The logs indicate successful startup of the service:

time="2023-10-06T17:24:42-04:00" level=debug msg="Starting YubiKey touch detector"
time="2023-10-06T17:24:42-04:00" level=debug msg="No 'gpg' binary in $PATH or '/home/majiir/.gnupg/pubring.kbx' could not be found. Disabling GPG and SSH watchers."
time="2023-10-06T17:24:42-04:00" level=debug msg="U2F watcher on '/dev' is successfully established"
time="2023-10-06T17:24:42-04:00" level=debug msg="HMAC watcher on '/dev' is successfully established"

However, no events are recorded in the logs, sent to the unix socket, or notified through libnotify.

The issue can be fixed by restarting the service or by unplugging and replugging the Yubikey (which is already inserted when the machine boots). In the latter case, the logs simply start recording events as usual.

Is the service missing a dependency? I noticed that it doesn't require dbus.socket, but adding that didn't fix the issue. The issue seems to be related to the watchers.

maximbaz commented 1 year ago

Another interesting issue! The U2F watcher depends on the presence of /dev/hidraw* devices, it's quite interesting that those are not present on your system yet, when the app launches.

This page has some diagrams of the order of systemd dependencies: https://man7.org/linux/man-pages/man7/bootup.7.html

I can't easily find the problem though, default.target seems to be executed quite late... Can you spot a possible dependency?

anpin commented 10 months ago

Hi, I have been faced with the same issue. In nixos current implementation of the systemd service is wanted by graphical-session.target, not default.target. However overriding it doesn't fix the issue.

I do see the notification If I run the binary manually, with -v -no-socket in parallel to the service [1], but not if I add the same flags to the systemd environment variables, or run the binary without the service [2].

[1] image [2] image

anpin commented 10 months ago

Right after I opened issue in the nixos repo, I stopped the manually running instance, closed the shell window and tried to connect somewhere which required to touch the key then notification appeared once, but never again.