Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fido2luks: 0.2.3 -> 0.2.15 #100418

Merged
merged 1 commit into from Nov 8, 2020
Merged

fido2luks: 0.2.3 -> 0.2.15 #100418

merged 1 commit into from Nov 8, 2020

Conversation

@pltanton
Copy link
Contributor

@pltanton pltanton commented Oct 13, 2020

Motivation for this change

The old version is really outdated. In fresh version many patches applied to support higher variety of tokens, f.e. SoloKey or specific kinds of Tenzor.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
@prusnak
Copy link
Member

@prusnak prusnak commented Oct 13, 2020

@GrahamcOfBorg build fido2luks

@pltanton
Copy link
Contributor Author

@pltanton pltanton commented Oct 13, 2020

I just find out, that init.rd script not works with fresh version properly.

fido2luks -i open ${device} ${name} ${fido2.credential} --await-dev ${toString fido2.gracePeriod} --salt string:$passphrase

It fails with

[    2.585602] stage-1-init: Waiting for your FIDO2 device...
[    2.586584] random: fido2luks: uninitialized urandom read (16 bytes read)
[    2.587060] random: fido2luks: uninitialized urandom read (4 bytes read)
[    2.587535] stage-1-init: IoError { cause: Os { code: 6, kind: Other, message: "No such device or address" } }
[    2.587750] stage-1-init: No FIDO2 key found, falling back to normal open procedure

Also, if I pass -i flag the argument --salt is ignored. Actually I don't understand why we need an interactive mode here if we already read salt few lines before.

@mmahut could you explain, please, why -i had been put here?

UPD: Removing this options make token works like a charm. I also add it to commit.

@pltanton
Copy link
Contributor Author

@pltanton pltanton commented Oct 22, 2020

So, what about this PR? @prusnak @mmahut

@prusnak
Copy link
Member

@prusnak prusnak commented Oct 22, 2020

@pltanton The correct name is pkg-config, not pkgconfig, please revert this change.

Also remove interactive flag from initrd, because of broken io.
@pltanton
Copy link
Contributor Author

@pltanton pltanton commented Oct 28, 2020

@mmahut can you approve?

Should I do something with this PR to merge it?

@pltanton
Copy link
Contributor Author

@pltanton pltanton commented Nov 8, 2020

@prusnak is it possible to merge pr without @mmahut approve? Sadly I'm not familiar with nixpkgs PR flow and can't find an instruction to move this pr forward, can you help me with some piece of advice?

@mmahut
Copy link
Member

@mmahut mmahut commented Nov 8, 2020

Given @prusnak approval, there is no problem, thank you!

@mmahut mmahut merged commit e02f6bf into NixOS:master Nov 8, 2020
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants