udev rules to support U2F security keys #53036
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation for this change
Physical security keys like the YubiKey can greatly improve the security of software systems. U2F is an open standard supported by most major internet sites like GitHub, Twitter, Google and others. You can use the physical key just like a normal key. You need to insert it into your computer (most of the time in addition to your password) to login your accounts.
On Linux udev rules are needed to support U2F security keys. Yubico, the makers of the YubiKey, maintain a rules file that supports a number of security keys, namely the following:
Yubikey, Happlink Security Key, HyperSecu HyperFIDO, Feitian ePass FIDO, JaCarta U2F, U2F Zero, VASCO SecureClick, Bluink Key, Thetis Key, Nitrokey FIDO U2F and the Google Titan U2F.
Things done
This package gives nixos users a simple way to install the rules file needed for their security key. All one has to to is add it to the udev packages in the nix configuration:
I have tested this package with the YubiKey 5C and I have verified that the rules file is placed in the correct location, so it should work like the normal place-the-file-here install on other distros.
sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)nix path-info -S
before and after)