1
0
Fork 0

fixes for yubikey

This commit is contained in:
Luca Bilke 2024-01-03 20:51:44 +01:00
parent ca974a5b6c
commit e537201e7b
6 changed files with 120 additions and 9 deletions

View File

@ -4,7 +4,7 @@ DOTS_BRANCH="main"
STOW_DIR=".local/share/stow"
DOTS_PACKAGE="dots"
USER_GROUPS="wheel" # Comma separated list
USER_GROUPS="wheel,plugdev" # Comma separated list
SCRIPT_DIR="$(dirname "$(readlink -f "$0")")"
BOLD="$(tput bold)"
@ -192,12 +192,12 @@ install_dotfiles() {
enable_services() {
tput sc
info "Installing user service service..."
target="/etc/sv/runsvdir-${username}/run"
mkdir -p "$(dirname "$target")"
sed "s/<U>/$username/" "${SCRIPT_DIR}/userservice.sh" >"$target"
target="/etc/sv/runsvdir-${username}"
mkdir -p "$(dirname "$target")"
sed "s/<U>/$username/" "${SCRIPT_DIR}/userservice.sh" >"$target/run"
[ ! -L "/var/service/$(basename "$target")" ] &&
ln -s "$target" "/var/service/"
chmod 755 "$target"
chmod 755 "$target"
tput rc
tput el
#shellcheck disable=SC2016
@ -208,10 +208,10 @@ enable_services() {
}
finalize() {
gid=$(getent passwd "$username" | cut -d ':' -f 4)
groupname=$(getent group "$gid" | cut -d ':' -f 1)
chown "$username:$groupname" "$user_home"
info "Done!"
gid=$(getent passwd "$username" | cut -d ':' -f 4)
groupname=$(getent group "$gid" | cut -d ':' -f 1)
chown "$username:$groupname" "$user_home"
info "Done!"
}
### CONTROL FLOW BEGINS HERE ###

View File

@ -0,0 +1,10 @@
ACTION!="add|change", GOTO="yubico_end"
# Udev rules for letting the console user access the Yubikey USB
# device node, needed for challenge/response to work correctly.
# Yubico Yubikey II
ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111|0114|0116|0401|0403|0404|0405|0407|0410",
ENV{ID_SECURITY_TOKEN}="1"
LABEL="yubico_end"

View File

@ -0,0 +1,89 @@
# Copyright (C) 2013-2015 Yubico AB
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
# General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
# this udev file should be used with udev 188 and newer
ACTION!="add|change", GOTO="u2f_end"
# Yubico YubiKey
ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0121|0200|0402|0403|0404|0406|0407|0410", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# Happlink (formerly Plug-Up) Security KEY
ATTRS{idVendor}=="2581", ATTRS{idProduct}=="f1d0", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# Neowave Keydo and Keydo AES
ATTRS{idVendor}=="1e0d", ATTRS{idProduct}=="f1d0|f1ae", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# HyperSecu HyperFIDO
ATTRS{idVendor}=="096e|2ccf", ATTRS{idProduct}=="0880", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# Feitian ePass FIDO, BioPass FIDO2
ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0850|0852|0853|0854|0856|0858|085a|085b|085d|0866|0867", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# JaCarta U2F
ATTRS{idVendor}=="24dc", ATTRS{idProduct}=="0101|0501", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# U2F Zero
ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="8acf", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# VASCO SecureClick
ATTRS{idVendor}=="1a44", ATTRS{idProduct}=="00bb", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# Bluink Key
ATTRS{idVendor}=="2abe", ATTRS{idProduct}=="1002", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# Thetis Key
ATTRS{idVendor}=="1ea8", ATTRS{idProduct}=="f025", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# Nitrokey FIDO U2F, Nitrokey FIDO2, Safetech SafeKey
ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="4287|42b1|42b3", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# Google Titan U2F
ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="5026", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# Tomu board + chopstx U2F + SoloKeys
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="cdab|a2ca", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# SoloKeys
ATTRS{idVendor}=="1209", ATTRS{idProduct}=="5070|50b0", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# Trezor
ATTRS{idVendor}=="534c", ATTRS{idProduct}=="0001", TAG+="uaccess", GROUP="plugdev", MODE="0660"
ATTRS{idVendor}=="1209", ATTRS{idProduct}=="53c1", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# Infineon FIDO
ATTRS{idVendor}=="058b", ATTRS{idProduct}=="022d", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# Ledger Blue, Nano S and Nano X
ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0000|0001|0004|0005|0015|1005|1015|4005|4015", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# Kensington VeriMark
ATTRS{idVendor}=="06cb", ATTRS{idProduct}=="0088", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# Longmai mFIDO
ATTRS{idVendor}=="4c4d", ATTRS{idProduct}=="f703", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# eWBM FIDO2 - Goldengate 310, 320, 500, 450
ATTRS{idVendor}=="311f", ATTRS{idProduct}=="4a1a|4c2a|5c2f|f47c", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# OnlyKey (FIDO2 / U2F)
ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="60fc", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# GoTrust Idem Key
ATTRS{idVendor}=="1fc9", ATTRS{idProduct}=="f143", TAG+="uaccess", GROUP="plugdev", MODE="0660"
# ellipticSecure MIRKey
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ac", TAG+="uaccess", GROUP="plugdev", MODE="0660"
LABEL="u2f_end"

View File

@ -0,0 +1,8 @@
# Udev rules for letting the console user access the Yubikey USB
# device node, needed for challenge/response to work correctly.
ACTION=="add|change", SUBSYSTEM=="usb",
ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111|0114|0116|0401|0403|0404|0405|0407|0410", \
TEST=="/var/run/ConsoleKit/database", \
RUN+="udev-acl --action=$env{ACTION} --device=$env{DEVNAME}"

View File

@ -63,3 +63,6 @@ syncthing
blueman
bluez
libspa-bluetooth
gnome-keyring
gnupg2-scdaemon
yubikey-manager

View File

@ -4,3 +4,4 @@ NetworkManager
elogind
crond
bluetoothd
pcscd