Bug#824532: udev: Include udev rules for more U2F devices
Control: tags -1 +patch -moreinfo On Fri, Jun 02, 2017 at 03:36:06AM +0200, Michael Biebl wrote: > > Nicolas, please send me a patch against > > https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/tree/debian/extra/rules/70-debian-uaccess.rules?h=stretch > > including all the entries you want to see added for Stretch. I will try > to get this into 9.0 or 9.1 then. Patch attached. > I plan to remove debian/extra/rules/70-debian-uaccess.rules once buster > opens for development. So please get this sorted out for buster. RFS #848327 should sort this out properly, and I am planning to get it in sid soon. Best, Nicolas signature.asc Description: PGP signature ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Processed: Re: Bug#824532: udev: Include udev rules for more U2F devices
Processing control commands: > tags -1 +patch -moreinfo Bug #824532 [udev] udev: Include udev rules for more U2F devices Bug #862067 [udev] udev: U2F support. Outdated uaccess udev rules. Ignoring request to alter tags of bug #824532 to the same tags previously set Ignoring request to alter tags of bug #862067 to the same tags previously set Bug #824532 [udev] udev: Include udev rules for more U2F devices Bug #862067 [udev] udev: U2F support. Outdated uaccess udev rules. Removed tag(s) moreinfo. Removed tag(s) moreinfo. -- 824532: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824532 862067: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862067 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Bug#824532: udev: Include udev rules for more U2F devices
Am 02.06.2017 um 13:33 schrieb Nicolas Braud-Santoni: > On Fri, Jun 02, 2017 at 03:36:06AM +0200, Michael Biebl wrote: >> >> Nicolas, please send me a patch against > > Patch attached. Hm, the patch seems missing. Regards, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Processed: Re: Bug#824532: udev: Include udev rules for more U2F devices
Processing control commands: > tags -1 +patch -moreinfo Bug #824532 [udev] udev: Include udev rules for more U2F devices Bug #862067 [udev] udev: U2F support. Outdated uaccess udev rules. Ignoring request to alter tags of bug #824532 to the same tags previously set Ignoring request to alter tags of bug #862067 to the same tags previously set Bug #824532 [udev] udev: Include udev rules for more U2F devices Bug #862067 [udev] udev: U2F support. Outdated uaccess udev rules. Ignoring request to alter tags of bug #824532 to the same tags previously set Ignoring request to alter tags of bug #862067 to the same tags previously set -- 824532: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824532 862067: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862067 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Bug#824532: udev: Include udev rules for more U2F devices
Control: tags -1 +patch -moreinfo
On Fri, Jun 02, 2017 at 03:36:06AM +0200, Michael Biebl wrote:
>
> Nicolas, please send me a patch against
>
> https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/tree/debian/extra/rules/70-debian-uaccess.rules?h=stretch
>
> including all the entries you want to see added for Stretch. I will try
> to get this into 9.0 or 9.1 then.
Patch attached.
> I plan to remove debian/extra/rules/70-debian-uaccess.rules once buster
> opens for development. So please get this sorted out for buster.
RFS #848327 should sort this out properly, and I am planning to get it in sid
soon.
Best,
Nicolas
commit 97350d3e5dcae092c90a0090c089dabd684bf068
Author: Nicolas Braud-Santoni
Date: Fri Jun 2 13:26:57 2017 +0200
debian/extra/rules: Use updated U2F ruleset
This ruleset comes from Yubico's libu2f-host.
See BTS#848327 for a long-term solution.
Closes #824532
diff --git a/debian/extra/rules/70-debian-uaccess.rules b/debian/extra/rules/70-debian-uaccess.rules
index 18d61371d..f94948c75 100644
--- a/debian/extra/rules/70-debian-uaccess.rules
+++ b/debian/extra/rules/70-debian-uaccess.rules
@@ -1,19 +1,22 @@
-# FIDO u2f devices for two-factor authentication; current clients access the
-# device directly
-ACTION!="add|change", GOTO="fido_u2f_end"
-SUBSYSTEM!="hidraw", GOTO="fido_u2f_end"
-KERNEL!="hidraw*", GOTO="fido_u2f_end"
+# this udev file should be used with udev 188 and newer
+ACTION!="add|change", GOTO="u2f_end"
-# FIDO u2f devices, until there is a proper kernel driver
-ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", TAG+="uaccess"
+# Yubico YubiKey
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", TAG+="uaccess"
-# Happlink (formaly Plug-Up) Security KEY
-ATTRS{idVendor}=="2581", ATTRS{idProduct}=="f1d0", TAG+="uaccess"
+# Happlink (formerly Plug-Up) Security KEY
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="f1d0", TAG+="uaccess"
-# Neowave Keydo
-ATTRS{idVendor}=="1e0d", ATTRS{idProduct}=="f1d0", TAG+="uaccess"
+# Neowave Keydo and Keydo AES
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1e0d", ATTRS{idProduct}=="f1d0|f1ae", TAG+="uaccess"
# HyperSecu HyperFIDO
-ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0880", TAG+="uaccess"
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e|2ccf", ATTRS{idProduct}=="0880", TAG+="uaccess"
-LABEL="fido_u2f_end"
+# Feitian ePass FIDO
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0850", TAG+="uaccess"
+
+# JaCarta U2F
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="24dc", ATTRS{idProduct}=="0101", TAG+="uaccess"
+
+LABEL="u2f_end"
signature.asc
Description: PGP signature
___
Pkg-systemd-maintainers mailing list
Pkg-systemd-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Processed: reopening
Processing commands for cont...@bugs.debian.org:
> unarchive 761658
Bug #761658 {Done: m...@linux.it (Marco d'Itri)} [systemd] Please do not
default to using Google nameservers
Unarchived Bug 761658
> severity 761658 serious
Bug #761658 {Done: m...@linux.it (Marco d'Itri)} [systemd] Please do not
default to using Google nameservers
Severity set to 'serious' from 'wishlist'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
761658: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761658
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
___
Pkg-systemd-maintainers mailing list
Pkg-systemd-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Bug#761658: urgency of a fix before stretch
Dear maintainers, leaking information, whatsoever, is not acceptable in Debian, and against policy, at least lintian errors out on many occasions with privacy-foobar* errors. Setting the default servers to Google is not acceptable. Ignoring this fact with the explanation that one can *disable* it is not sufficient. Reason: *Every* leak can be disabled by unplugging the network cable. This is not a solution. I am planning to upload an NMU fixing this issue to DELAY3 and hope that release managers allow this fix into stretch. All the best Norbert -- PREINING Norbert http://www.preining.info Accelia Inc. +JAIST +TeX Live +Debian Developer GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13 ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Bug#761658: urgency of a fix before stretch
Am 02.06.2017 um 16:32 schrieb Norbert Preining: > Dear maintainers, > > leaking information, whatsoever, is not acceptable in Debian, and against > policy, at least lintian errors out on many occasions with > privacy-foobar* > errors. > > Setting the default servers to Google is not acceptable. > > Ignoring this fact with the explanation that one can *disable* it is > not sufficient. Reason: *Every* leak can be disabled by unplugging the > network cable. > > This is not a solution. > > I am planning to upload an NMU fixing this issue to DELAY3 and hope that > release managers allow this fix into stretch. Your reasoning is flawed. The Google DNS servers are not set as default. Neither is resolved enabled by default. So I object to your hostile NMU. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Bug#824532: udev: Include udev rules for more U2F devices
Hello, that patch seems to be a bit old. The latest GIT-version has quite a few more HW-IDs and I think it would be very beneficial to have the latest version in stretch in order to provide out-of-the-box support for as many tokens as possible. https://github.com/Yubico/libu2f-host/blob/e6ee395fc7ee66884adefb2056a40a8e4ca514fd/70-u2f.rules Regards, Andreas On 2017-06-02 14:00, Nicolas Braud-Santoni wrote: Control: tags -1 +patch -moreinfo On Fri, Jun 02, 2017 at 03:36:06AM +0200, Michael Biebl wrote: Nicolas, please send me a patch against https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/tree/debian/extra/rules/70-debian-uaccess.rules?h=stretch including all the entries you want to see added for Stretch. I will try to get this into 9.0 or 9.1 then. Patch attached. I plan to remove debian/extra/rules/70-debian-uaccess.rules once buster opens for development. So please get this sorted out for buster. RFS #848327 should sort this out properly, and I am planning to get it in sid soon. Best, Nicolas ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Bug#761658: urgency of a fix before stretch
> Your reasoning is flawed. The Google DNS servers are not set as default. AC_ARG_WITH(dns-servers, AS_HELP_STRING([--with-dns-servers=DNSSERVERS], [Space-separated list of default DNS servers]), [DNS_SERVERS="$withval"], [DNS_SERVERS="8.8.8.8 8.8.4.4 2001:4860:4860:: 2001:4860:4860::8844"]) and I don't see any usage of --with-dns-servers ? Please explain? Norbert -- PREINING Norbert http://www.preining.info Accelia Inc. +JAIST +TeX Live +Debian Developer GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13 ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Bug#761658: urgency of a fix before stretch
Am 02.06.2017 um 16:46 schrieb Norbert Preining: >> Your reasoning is flawed. The Google DNS servers are not set as default. > > AC_ARG_WITH(dns-servers, > AS_HELP_STRING([--with-dns-servers=DNSSERVERS], > [Space-separated list of default DNS servers]), > [DNS_SERVERS="$withval"], > [DNS_SERVERS="8.8.8.8 8.8.4.4 2001:4860:4860:: > 2001:4860:4860::8844"]) > > and I don't see any usage of --with-dns-servers ? > > Please explain? You're the one who needs to explain a hostile NMU. Do you actually know what this is about? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Bug#824532: udev: Include udev rules for more U2F devices
Am 02.06.2017 um 16:14 schrieb Andreas Gnau: > Hello, > that patch seems to be a bit old. The latest GIT-version has quite a few > more HW-IDs and I think it would be very beneficial to have the latest > version in stretch in order to provide out-of-the-box support for as > many tokens as possible. > > https://github.com/Yubico/libu2f-host/blob/e6ee395fc7ee66884adefb2056a40a8e4ca514fd/70-u2f.rules Nicolas, your call. Feel free to send me an updated patch or let me know if I should use the one you sent earlier. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Processed: severity of 854041 is important, tagging 854041
Processing commands for cont...@bugs.debian.org: > severity 854041 important Bug #854041 [systemd] systemd: dpkg fails for systemd package when upgrading from jessie to stretch Severity set to 'important' from 'normal' > tags 854041 + confirmed Bug #854041 [systemd] systemd: dpkg fails for systemd package when upgrading from jessie to stretch Added tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 854041: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854041 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Bug#761658: urgency of a fix before stretch
On Jun 02, Norbert Preining wrote: > I am planning to upload an NMU fixing this issue to DELAY3 and hope that > release managers allow this fix into stretch. You cannot do a NMU just because the maintainers of a package disagree with you. As one of the systemd maintainers I am explicitly and publicly requesting that you do not introduce this unwanted change. -- ciao, Marco signature.asc Description: PGP signature ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Bug#824532: udev: Include udev rules for more U2F devices
X-Debbugs-CC: ales...@yubico.com, k...@yubico.com On Fri, Jun 02, 2017 at 05:10:52PM +0200, Michael Biebl wrote: > Am 02.06.2017 um 16:14 schrieb Andreas Gnau: > > Hello, > > that patch seems to be a bit old. The latest GIT-version has quite a few > > more HW-IDs and I think it would be very beneficial to have the latest > > version in stretch in order to provide out-of-the-box support for as > > many tokens as possible. > > > > https://github.com/Yubico/libu2f-host/blob/e6ee395fc7ee66884adefb2056a40a8e4ca514fd/70-u2f.rules > > Nicolas, your call. Feel free to send me an updated patch or let me know > if I should use the one you sent earlier. I would not be super-comfortable shipping the ruleset from libu2f-host's development version in stretch, given that I cannot test it with any of the new devices. Were this a released version, I would feel much more confident about it, if only because it would be exposed to users. @Alessio, Klas: Were you able to test those rules before merging upstream? Do you have a new release planned soon? signature.asc Description: PGP signature ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Bug#761658: urgency of a fix before stretch
Good morning, >As one of the systemd maintainers I am explicitly and publicly >requesting that you do not introduce this unwanted change. Then how are you planning to deal with this serious bug after years of inactivity? Norbert On June 3, 2017 5:49:39 AM GMT+09:00, m...@linux.it wrote: >On Jun 02, Norbert Preining wrote: > >> I am planning to upload an NMU fixing this issue to DELAY3 and hope >that >> release managers allow this fix into stretch. >You cannot do a NMU just because the maintainers of a package disagree >with you. > -- PREINING Norbert + TeX Live & Debian Developer + http://www.preining.info GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Bug#761658: urgency of a fix before stretch
also sprach Norbert Preining [2017-06-03 00:12 +0200]: > Then how are you planning to deal with this serious bug after > years of inactivity? Sounds like it might need ctte attention. -- .''`. martin f. krafft @martinkrafft : :' : proud Debian developer `. `'` http://people.debian.org/~madduck `- Debian - when you have better things to do than fixing systems digital_signature_gpg.asc Description: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current) ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
