fixes for yubikey
This commit is contained in:
parent
ca974a5b6c
commit
e537201e7b
18
bootstrap.sh
18
bootstrap.sh
|
@ -4,7 +4,7 @@ DOTS_BRANCH="main"
|
|||
STOW_DIR=".local/share/stow"
|
||||
DOTS_PACKAGE="dots"
|
||||
|
||||
USER_GROUPS="wheel" # Comma separated list
|
||||
USER_GROUPS="wheel,plugdev" # Comma separated list
|
||||
SCRIPT_DIR="$(dirname "$(readlink -f "$0")")"
|
||||
|
||||
BOLD="$(tput bold)"
|
||||
|
@ -192,12 +192,12 @@ install_dotfiles() {
|
|||
enable_services() {
|
||||
tput sc
|
||||
info "Installing user service service..."
|
||||
target="/etc/sv/runsvdir-${username}/run"
|
||||
mkdir -p "$(dirname "$target")"
|
||||
sed "s/<U>/$username/" "${SCRIPT_DIR}/userservice.sh" >"$target"
|
||||
target="/etc/sv/runsvdir-${username}"
|
||||
mkdir -p "$(dirname "$target")"
|
||||
sed "s/<U>/$username/" "${SCRIPT_DIR}/userservice.sh" >"$target/run"
|
||||
[ ! -L "/var/service/$(basename "$target")" ] &&
|
||||
ln -s "$target" "/var/service/"
|
||||
chmod 755 "$target"
|
||||
chmod 755 "$target"
|
||||
tput rc
|
||||
tput el
|
||||
#shellcheck disable=SC2016
|
||||
|
@ -208,10 +208,10 @@ enable_services() {
|
|||
}
|
||||
|
||||
finalize() {
|
||||
gid=$(getent passwd "$username" | cut -d ':' -f 4)
|
||||
groupname=$(getent group "$gid" | cut -d ':' -f 1)
|
||||
chown "$username:$groupname" "$user_home"
|
||||
info "Done!"
|
||||
gid=$(getent passwd "$username" | cut -d ':' -f 4)
|
||||
groupname=$(getent group "$gid" | cut -d ':' -f 1)
|
||||
chown "$username:$groupname" "$user_home"
|
||||
info "Done!"
|
||||
}
|
||||
|
||||
### CONTROL FLOW BEGINS HERE ###
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
ACTION!="add|change", GOTO="yubico_end"
|
||||
|
||||
# Udev rules for letting the console user access the Yubikey USB
|
||||
# device node, needed for challenge/response to work correctly.
|
||||
|
||||
# Yubico Yubikey II
|
||||
ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111|0114|0116|0401|0403|0404|0405|0407|0410",
|
||||
ENV{ID_SECURITY_TOKEN}="1"
|
||||
|
||||
LABEL="yubico_end"
|
|
@ -0,0 +1,89 @@
|
|||
# Copyright (C) 2013-2015 Yubico AB
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU Lesser General Public License as published by
|
||||
# the Free Software Foundation; either version 2.1, or (at your option)
|
||||
# any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
|
||||
# General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Lesser General Public License
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
# this udev file should be used with udev 188 and newer
|
||||
ACTION!="add|change", GOTO="u2f_end"
|
||||
|
||||
# Yubico YubiKey
|
||||
ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0121|0200|0402|0403|0404|0406|0407|0410", TAG+="uaccess", GROUP="plugdev", MODE="0660"
|
||||
|
||||
# Happlink (formerly Plug-Up) Security KEY
|
||||
ATTRS{idVendor}=="2581", ATTRS{idProduct}=="f1d0", TAG+="uaccess", GROUP="plugdev", MODE="0660"
|
||||
|
||||
# Neowave Keydo and Keydo AES
|
||||
ATTRS{idVendor}=="1e0d", ATTRS{idProduct}=="f1d0|f1ae", TAG+="uaccess", GROUP="plugdev", MODE="0660"
|
||||
|
||||
# HyperSecu HyperFIDO
|
||||
ATTRS{idVendor}=="096e|2ccf", ATTRS{idProduct}=="0880", TAG+="uaccess", GROUP="plugdev", MODE="0660"
|
||||
|
||||
# Feitian ePass FIDO, BioPass FIDO2
|
||||
ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0850|0852|0853|0854|0856|0858|085a|085b|085d|0866|0867", TAG+="uaccess", GROUP="plugdev", MODE="0660"
|
||||
|
||||
# JaCarta U2F
|
||||
ATTRS{idVendor}=="24dc", ATTRS{idProduct}=="0101|0501", TAG+="uaccess", GROUP="plugdev", MODE="0660"
|
||||
|
||||
# U2F Zero
|
||||
ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="8acf", TAG+="uaccess", GROUP="plugdev", MODE="0660"
|
||||
|
||||
# VASCO SecureClick
|
||||
ATTRS{idVendor}=="1a44", ATTRS{idProduct}=="00bb", TAG+="uaccess", GROUP="plugdev", MODE="0660"
|
||||
|
||||
# Bluink Key
|
||||
ATTRS{idVendor}=="2abe", ATTRS{idProduct}=="1002", TAG+="uaccess", GROUP="plugdev", MODE="0660"
|
||||
|
||||
# Thetis Key
|
||||
ATTRS{idVendor}=="1ea8", ATTRS{idProduct}=="f025", TAG+="uaccess", GROUP="plugdev", MODE="0660"
|
||||
|
||||
# Nitrokey FIDO U2F, Nitrokey FIDO2, Safetech SafeKey
|
||||
ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="4287|42b1|42b3", TAG+="uaccess", GROUP="plugdev", MODE="0660"
|
||||
|
||||
# Google Titan U2F
|
||||
ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="5026", TAG+="uaccess", GROUP="plugdev", MODE="0660"
|
||||
|
||||
# Tomu board + chopstx U2F + SoloKeys
|
||||
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="cdab|a2ca", TAG+="uaccess", GROUP="plugdev", MODE="0660"
|
||||
|
||||
# SoloKeys
|
||||
ATTRS{idVendor}=="1209", ATTRS{idProduct}=="5070|50b0", TAG+="uaccess", GROUP="plugdev", MODE="0660"
|
||||
|
||||
# Trezor
|
||||
ATTRS{idVendor}=="534c", ATTRS{idProduct}=="0001", TAG+="uaccess", GROUP="plugdev", MODE="0660"
|
||||
ATTRS{idVendor}=="1209", ATTRS{idProduct}=="53c1", TAG+="uaccess", GROUP="plugdev", MODE="0660"
|
||||
|
||||
# Infineon FIDO
|
||||
ATTRS{idVendor}=="058b", ATTRS{idProduct}=="022d", TAG+="uaccess", GROUP="plugdev", MODE="0660"
|
||||
|
||||
# Ledger Blue, Nano S and Nano X
|
||||
ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0000|0001|0004|0005|0015|1005|1015|4005|4015", TAG+="uaccess", GROUP="plugdev", MODE="0660"
|
||||
|
||||
# Kensington VeriMark
|
||||
ATTRS{idVendor}=="06cb", ATTRS{idProduct}=="0088", TAG+="uaccess", GROUP="plugdev", MODE="0660"
|
||||
|
||||
# Longmai mFIDO
|
||||
ATTRS{idVendor}=="4c4d", ATTRS{idProduct}=="f703", TAG+="uaccess", GROUP="plugdev", MODE="0660"
|
||||
|
||||
# eWBM FIDO2 - Goldengate 310, 320, 500, 450
|
||||
ATTRS{idVendor}=="311f", ATTRS{idProduct}=="4a1a|4c2a|5c2f|f47c", TAG+="uaccess", GROUP="plugdev", MODE="0660"
|
||||
|
||||
# OnlyKey (FIDO2 / U2F)
|
||||
ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="60fc", TAG+="uaccess", GROUP="plugdev", MODE="0660"
|
||||
|
||||
# GoTrust Idem Key
|
||||
ATTRS{idVendor}=="1fc9", ATTRS{idProduct}=="f143", TAG+="uaccess", GROUP="plugdev", MODE="0660"
|
||||
|
||||
# ellipticSecure MIRKey
|
||||
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ac", TAG+="uaccess", GROUP="plugdev", MODE="0660"
|
||||
|
||||
LABEL="u2f_end"
|
|
@ -0,0 +1,8 @@
|
|||
|
||||
# Udev rules for letting the console user access the Yubikey USB
|
||||
# device node, needed for challenge/response to work correctly.
|
||||
|
||||
ACTION=="add|change", SUBSYSTEM=="usb",
|
||||
ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111|0114|0116|0401|0403|0404|0405|0407|0410", \
|
||||
TEST=="/var/run/ConsoleKit/database", \
|
||||
RUN+="udev-acl --action=$env{ACTION} --device=$env{DEVNAME}"
|
|
@ -63,3 +63,6 @@ syncthing
|
|||
blueman
|
||||
bluez
|
||||
libspa-bluetooth
|
||||
gnome-keyring
|
||||
gnupg2-scdaemon
|
||||
yubikey-manager
|
||||
|
|
|
@ -4,3 +4,4 @@ NetworkManager
|
|||
elogind
|
||||
crond
|
||||
bluetoothd
|
||||
pcscd
|
||||
|
|
Reference in New Issue