Add udev rules to Linux distributions

solokeys / solo1

Solo 1 firmware in C

https://solokeys.com/

Other

2.31k stars 273 forks source link

Add udev rules to Linux distributions #144

Open nickray opened 5 years ago

nickray commented 5 years ago

It's too much effort for normal people to install udev rules. On Debian [1], 70-u2f.rules is packaged with libu2f-host, which is maintained by Yubico.

For Fedora, according to [1], an alternative is used: https://github.com/amluto/u2f-hidraw-policy which checks if 0xf1d0 is in the hidraw usage page.

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824532

nickray commented 5 years ago

~~https://github.com/Yubico/libu2f-host/pull/117~~ done, we're merged

nickray commented 5 years ago

https://github.com/systemd/systemd/issues/11996

Square252 commented 5 years ago

I created PKGBUILDs for ArchLinux (they are available in the AUR), to provide Solo's udev files directly instead of the one provided via libu2f-host:

emaste commented 5 years ago

For reference the most recent version of FreeBSD's https://www.freshports.org/security/u2f-devd includes SoloKeys entries

        match "vendor"          "0x0483";
        match "product"         "(0xcdab|0xa2ca)";
...
        match "vendor"          "0x1209";
        match "product"         "(0x5070|0x50b0)";

nickray commented 5 years ago

Yeah, libu2f-host cut a release, Arch Linux has us now too @Square252. Hopefully this will roll out to non-stable Debian + Ubuntu soon! @emaste do you happen to know if u2f.conf.sample is the upstream of u2f-devd, or how does this work? In any case, happy about the magic <3

nickray commented 5 years ago

https://tracker.debian.org/pkg/libu2f-host

Forage commented 4 years ago

FYI: Ubuntu 19.10 has libu2f-udev 1.1.10-1 installed by default now which includes rules for Solo

poettering commented 4 years ago

Note that since systemd 244 udev detects fido2 keys automatically and sets the right perms. Any additional udev rules should be unnecessary, in particular any that use vid/pid matching.

jolo1581 commented 4 years ago

@poettering since not everyone has systemd >= 244 the udev rules might be necessary

poettering commented 4 years ago

My comment was mostly a suggestion to add this to the docs (in particular packaging/building docs), so that people who prepare any of this for distros just skip the rules if their distro has a new systemd.

jolo1581 commented 4 years ago

@poettering Maybe you can send a pullrequest

fmeum commented 4 years ago

@jolo1581 @poettering I added a note about the systemd support in #435.

bjacquin commented 4 years ago

@poettering since not everyone has systemd >= 244 the udev rules might be necessary

not everyone has systemd overall