Re: Nitrokey and udev rules

Tue, 22 May 2018 06:27:53 -0700 

Pierre Neidhardt <ambre...@gmail.com> writes:

> I'm trying to use my nitrokey on GuixSD.
>
> --8<---------------cut here---------------start------------->8---
>> gpg --card-status
> gpg: selecting openpgp failed: No such device
> gpg: OpenPGP card not available: No such device
> --8<---------------cut here---------------end--------------->8---
>
> It turns out that the nitrokey needs some udev rules to be driven by
> gpg:
>
>       
> https://www.nitrokey.com/documentation/installation#p:nitrokey-start&os:linux
>
> Thus I tried to configure the following rule:
>
> --8<---------------cut here---------------start------------->8---
> (define %nitrokey-udev-rule
>   (udev-rule
>    "41-nitrokey.rules"
>    (string-append "ACTION==\"add\", SUBSYSTEM==\"usb\", "
>                   "ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4211\", "
>                   "ENV{ID_SMARTCARD_READER}=\"1\", 
> ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", GROUP+=\"users\", 
> TAG+=\"uaccess\"")))
>
> ; ...
>  (modify-services
>    %desktop-services
>    (udev-service-type config =>
>                       (udev-configuration
>                        (inherit config)
>                        (rules (append (udev-configuration-rules config)
>                                       (list %nitrokey-udev-rule))))))
> --8<---------------cut here---------------end--------------->8---

This looks correct to me.  I do something similar for udev rules for my
digital oscilloscope, the Axoloti audio development board, and an AVR
programmer.

> I've tried the "plugdev" (as suggested on the website) and "users"
> GROUP, to no avail: I get the same error from `gpg --card-status`.
>
> I tried testing the rule with udevadm:
>
> --8<---------------cut here---------------start------------->8---
> sudo udevadm test ${udevadm info -q path -n /dev/bus/usb/001/008}
[…]
> Reading rules file: 
> /gnu/store/if6kkgnbwx1lmb5wp8p8g68i8s9hqs58-eudev-3.2.5/lib/udev/rules.d/[…]
[…]
> As you can see, 41-nitrokey.rules does not show here.  In fact I can't
> find it on the filesystem.  I don't understand how GuixSD manages the
> udev rules.  Am I missing something?

FWIW, udevadm on my machine also doesn’t show all udev rules, because it
only seems to look in the rules.d directory of the eudev package.  When
you reconfigure your system you actually get a directory like this:

   /gnu/store/crjkqwqsc42sq8zmd1slgpb4jhx9h524-udev-rules/lib/udev/rules.d/

that is the union of all rules, including your custom rules.

--
Ricardo

Reply via email to