On 1/8/24 10:30, Tomoaki AOKI wrote:
On Mon, 8 Jan 2024 08:18:38 -0700
Warner Losh <i...@bsdimp.com> wrote:
On Mon, Jan 8, 2024, 7:55〓AM Christian Weisgerber <na...@mips.inka.de>
wrote:
We have FIDO/U2F support for SSH in base.
We also have a group "u2f", 116, in the default /etc/group file.
Why do we keep the devd configuration (to chgrp the device nodes)
in a port, security/u2f-devd? Can't we just add this to base, too?
It's just another devd configuration file.
This properly belongs to devfs.conf no? Otherwise it's a race...
Warner
--
Christian "naddy" Weisgerber na...@mips.inka.de
It's devd.conf materials. It actually is security/usf-devd/files
u2f.conf and its contents is sets of notify 100 { match "vendor" ...
match "product" ... action "chgrpy u2f ..." };.
Some hase more items in it, though.
So it should be in ports to adapt for latest products more quickly than
in base, I think.
I don't see any obvious reason that we can't compromise and have a
baseline of products in base and just use the port for new products not
yet known to base. These vendors presumably aren't going to quickly
repurpose some PID for a non-u2f thing, much less in a way that we care
about.
Thanks,
Kyle Evans
