From mboxrd@z Thu Jan 1 00:00:00 1970 From: Chris Marusich Subject: Re: udev-rules for my FST-01 gnuk security token Date: Tue, 24 Jul 2018 22:09:22 -0700 Message-ID: <87h8knucjh.fsf@gmail.com> References: <87pnzjiugu.fsf@gmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:37624) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fiC3J-00046w-KB for help-guix@gnu.org; Wed, 25 Jul 2018 01:09:36 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fiC3G-0007wX-JF for help-guix@gnu.org; Wed, 25 Jul 2018 01:09:33 -0400 Received: from mail-pl0-x244.google.com ([2607:f8b0:400e:c01::244]:44299) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fiC3G-0007vd-9e for help-guix@gnu.org; Wed, 25 Jul 2018 01:09:30 -0400 Received: by mail-pl0-x244.google.com with SMTP id m16-v6so2745507pls.11 for ; Tue, 24 Jul 2018 22:09:30 -0700 (PDT) In-Reply-To: <87pnzjiugu.fsf@gmail.com> (Chris Marusich's message of "Wed, 18 Jul 2018 23:57:05 -0700") List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org Sender: "Help-Guix" To: Arun Isaac Cc: help-guix@gnu.org --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Chris Marusich writes: > Arun Isaac writes: > >> I am trying to get my FST-01 gnuk security token working on >> GuixSD. According to their documentation >> (https://www.fsij.org/doc-gnuk/udev-rules.html), I need to add a custom >> udev-rule. I am trying to use the configuration shown below to achieve >> the same. But, I don't see any file by the name "60-gnupg.rules" created >> in my /run/current-system/profile/lib/udev/rules.d/. Am I doing >> something wrong or is my expectation incorrect? Has anyone successfully >> used a FST-01 gnuk security token in GuixSD? >> >> (use-modules (gnu)) >> >> (define %gnuk-udev-rule >> (udev-rule >> "60-gnupg.rules" >> "ATTR{idVendor}=3D=3D\"234b\", ATTR{idProduct}=3D=3D\"0000\", ENV{ID_= SMARTCARD_READER}=3D\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=3D\"gnupg\"")) >> >> (operating-system >> (host-name "adamantium") >> (timezone "Asia/Kolkata") >> (locale "en_US.utf8") >> (bootloader (bootloader-configuration >> (bootloader grub-bootloader) >> (target "/dev/sda"))) >> (file-systems (cons (file-system >> (device "my-root") >> (mount-point "/") >> (type "ext4")) >> %base-file-systems)) >> (users %base-user-accounts) >> (packages %base-packages) >> (services >> (modify-services %base-services >> (udev-service-type >> config =3D> >> (udev-configuration >> (inherit config) >> (rules >> (append (udev-configuration-rules config) >> (list %gnuk-udev-rule)))))))) >> > > I was able to reproduce your issue by using "guix system build" and > inspecting the profile of the built system. It's missing the udev rule > you added, like you said. What's more concerning is the fact that it's > missing the file "90-kvm.rules", which are supposed to be part of the > default rules included in our udev service (see gnu/services/base.scm). > > Maybe it's a bug. Could you open a bug report by emailing bug-guix@? I understand what's happening, now. It isn't a bug. In short, your rules are being used. It's just a little confusing because Guix starts udevd in a way that causes it to use a specific configuration directory in the store, which is built to contain the union of all the specified rules. I'll explain more below. If you run a VM with your OS configuration (via "guix system vm my-os.scm"), you can follow along. You have the following directories: /run/current-system/profile/lib/udev/rules.d /run/current-system/profile/etc/udev/rules.d These come from the eudev package, as shown here (store item hash abbreviated, since I cannot easily copy/paste from QEMU at the moment): =2D-8<---------------cut here---------------start------------->8--- # readlink /run/current-system/profile/lib/udev/rules.d /gnu/store/...hv9c-eudev-3.2.5/etc/udev # readlink /run/current-system/profile/etc/udev/rules.d /gnu/store/...hv9c-eudev-3.2.5/etc/udev =2D-8<---------------cut here---------------end--------------->8--- However, udevd doesn't use these directories. Examine its arguments: =2D-8<---------------cut here---------------start------------->8--- # ps -wwfe | grep udevd root 251 1 0 10:12 ? 00:00:00 /gnu/store/...hv9c-eudev-3= .2.5/sbin/udevd =2D-8<---------------cut here---------------end--------------->8--- It doesn't have any arguments. In fact, we configure it via environment variables. Check them: =2D-8<---------------cut here---------------start------------->8--- # cat /proc/251/environ | tr '\000' '\n' ... UDEV_CONFIG_FILE=3D/gnu/store/...f32r-udev.conf EUDEV_RULES_DIRECTORY=3D/gnu/store/...cx44-udev-rules/lib/udev/rules.d =2D-8<---------------cut here---------------end--------------->8--- If you check that rules.d directory, you'll find your rules: =2D-8<---------------cut here---------------start------------->8--- # ls /gnu/store/...cx44-udev-rules/lib/udev/rules.d | grep gnupg 60-gnupg.rules =2D-8<---------------cut here---------------end--------------->8--- So, all is well. If you run tools like udevadm to test the rules, you should be able to confirm that your custom rules are being used. By the way, the kvm rules are here, too (thank goodness!): =2D-8<---------------cut here---------------start------------->8--- # ls /gnu/store/...cx44-udev-rules/lib/udev/rules.d | grep kvm 90-kvm.rules =2D-8<---------------cut here---------------end--------------->8--- But why does your system have rules.d directories in /run/current/system/profile, if udevd isn't using them? It's because eudev happens to be included in the %base-packages (defined in (gnu system)), which causes eudev (and its rules.d directories) to be installed into your system profile. The purpose of installing eudev into the system profile is probably not to add these rules.d directories, but rather to make things like the usual tools (e.g., udevadm) available to all users. For more details on how all of this fits together, check out gnu/services/base.scm and gnu/system.scm in the Guix source. I hope that helps! =2D-=20 Chris --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAltYBgIACgkQ3UCaFdgi Rp1N3A/+JjLvTU5xWPUP3oGtccski206ipdkby7aX8DxgZKMR+I4qBXV0CXWArqX lGsNihVz2+br5kNBcBsKkbwVAc64PPDGaO51w6c6aU3NmnnDajrOVVmEvN+9+iTL WKB3WX1B1aK8vWOw304/kIKxAhJjnVQLp4I0fRD/ECyRaOf0bm/c5d8gH3IVxzOo kC7fqVfmLwPBTgTTmKLru65/SeSQnu3E/SuEnyFHFvuQZkIJWL6ycr/DCAtVzmb1 OE0Sxv9+UE/cvIAscxFGxGx8AHNgTER1ahspDSLJ5b8jC1LeN2sFJYNjNiPOuuhq mtRyitgoXevWG6IlbwaEokjPHMGuCJMHWG55XDO9eUU+5fvjmU5GVFGq1ftDeunQ 6mjfsVQDWJM5H+L8u1juBpfY9Y80LPpqppQhAxl5fZlVHfw4Zu7vAWBtjME+lDHm F0GYDNGxwRzt/4S42OBOuTI4kPawCKdgjsF9qZuWg92imJf/nILforlMbNglRRQm ufhZzu7G7tz6CNvFIVfW4dAvnL1FWU9huG71TOM+FUcLNAsD3F8bKPtxQjm20L5g t0e/DW5Nt0LxDe6HCIxJn+JZqWrxI6KPQcQss9vkUFkaMBOrRXbU1lzDtnL/wV/y rsEgn2qlITiqccnsyb3yiyAc4Kd4SIcaYjPUNBgLn8tjwAtT6xE= =nK7C -----END PGP SIGNATURE----- --=-=-=--