| Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
it seems to be only accepting fingerprints and rejecting key ID-s
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Add a one-liner that works. Then think about the context and decide to
recommend a rearrangement. And then muck up the consequential adjustment
of the original one-liner. I think I got a badge for that in the scouts.
Well spotted. Sorry.
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
|
|
Issue #404 reports "GPG acts like my YubiKey isn't plugged in".
With GnuPG 2.3 and later, the system can get into a loop where it
prompts for insertion of a YubiKey even though that YubiKey is already
connected.
The solution for this is to set `disable-ccid` in
`~/.gnupg/scdaemon.conf`.
Testing suggests setting `disable-ccid` does not interfere with earlier
versions of GnuPG (eg 2.2.27 on Debian Bullseye or 2.2.40 on Debian
Bookworm).
This problem has also been mentioned in #277 and #256. Including a step
in the Guide to set `disable-ccid` may help minimise recurrence.
Also takes the opportunity to ensure `~/.gnupg` directory exists on a
new system before downloading `gpg.conf`.
References:
* Ludovic Rousseau
- [GnuPG and PC/SC conflicts](https://ludovicrousseau.blogspot.com/2019/06/gnupg-and-pcsc-conflicts.html)
* GnuPG.org:
- [Scdaemon Options](https://www.gnupg.org/documentation/manuals/gnupg/Scdaemon-Options.html#index-disable_002dccid)
* YubiCo:
- [Resolving GPG's CCID conflicts](https://support.yubico.com/hc/en-us/articles/4819584884124-Resolving-GPG-s-CCID-conflicts)
- [Troubleshooting Issues with GPG](https://support.yubico.com/hc/en-us/articles/360013714479-Troubleshooting-Issues-with-GPG)
* Closed issues:
- [277 pcscd: Error Reader Exclusive](https://github.com/drduh/YubiKey-Guide/issues/277)
- [256 Update scdaemon.conf for gnupg 2.3 with MacOS (and possibly others)](https://github.com/drduh/YubiKey-Guide/issues/256)
Fixes #404
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
|
|
Now `nixpkgs` will be pointing to a specific release, which has a much
smaller chance to unexpectedly break. Currently 23.11. The next one will
be 24.05, 24.11, etc.
NixOS *releases* receive security updates, but packages are upgraded
conservatively, thus don't generally break. As a result, we should need
to worry about NixOS upgrades every 6-12 months. The upgrade means "bump
the version number and try to build it". If it breaks, it will generally
break only then. Less reactive, more proactive surprises.
`flake.nix` was written by @thomaseizinger in
https://github.com/drduh/YubiKey-Guide/issues/406. Changes from the
original:
- change Gnome to xfce. Now it loads with 384MB of RAM and works well
with the simplest graphics (hello qemu).
- less nasty workaround for hopenpgp-tools. Fixed upstream
(https://github.com/NixOS/nixpkgs/pull/279117).
- do not default `copytoram`, user can select this option in the
bootloader.
Here is how to test it:
```
$ nix run .#nixosConfigurations.yubikeyLive.x86_64-linux.config.system.build.vm
```
*Note for the maintainer*: it would be great if you could occasionally
run `nix flake update --commit-lock-file`, *especially* after updating
github.com/drduh/config.git.
Fixes #406
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
|
|
|
|
Quote ISO URL, and add `$` RegExp end-of-string anchor to return only the ISO file and none of the other entries that contain `xfce.iso`.
This avoids unnecessary cURL errors.
|
|
|
|
|
|
|
|
`nix build` is a new "Nix command" that is technically still experimental.
|
|
Fixes https://github.com/drduh/YubiKey-Guide/issues/370.
|
|
|
|
|
|
|
|
|
|
|
|
Trying to use yubioath-desktop results on this error:
yubioath-desktop has been deprecated by upstream in favor of yubioath-flutter
On the current stable channel (23.05).
Signed-off-by: Federico Damián Schonborn <fdschonborn@gmail.com>
|
|
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
|
