[pkg-gnupg-maint] yubikey udev rules: ATTRS{} vs ATTR{}, lintian, and AppStream providers

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Aug 23 22:34:22 BST 2018


This is a complicated multipart issue.  sorry for the large Cc list!

udev ATTRS{} vs. ATTR{}
=======================

back in https://bugs.debian.org/854616, on 2017-02-09 04:33:38 +0900,
NIIBE Yutaka suggested the following udev rule for Yubikey devices:

> ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0111", MODE="664", GROUP="plugdev"

and in version 2.1.18-5 (git commit
c7013c262bd36dcff4fdbdf6f12475855cc20e4c), we added comparable lines to
debian/scdaemon.udev for several such yubikey devices.

however, all the non-Yubikey lines for other USB smartcard tokens in
that file use ATTR{} instead of ATTRS{}.

The difference between udev(7)'s ATTR{} and ATTRS{} comparators is
that ATTRS is willing to "search the devpath upwards", while ATTR{}
looks only at the event device itself.

I believe that the yubikey devices are the event devices themselves, and
don't need to be found further "up the devpath", so i think this should
be OK.  But i don't have any of the listed devices to test with.  (and i
confess i don't fully grok what "the devpath" is, exactly)

Question 1 (for gniibe)
-----------------------

    Can you confirm whether udev needs to search "up the devpath" to
    identify the Yubikey devices?


AppStream device providers
==========================

The lintian tag appstream-metadata-missing-modalias-provide only
compares udev rules using ATTR{}, and not ATTRS{}, which means that the
scdaemon package didn't get any warnings from lintian that the yubikey
devices weren't listed in the AppStream metadata for scdaemon.

If Yubikey devices do actually need udev to search "up the devpath" for
the rules to actually apply, then i don't know whether it's appropriate
to list them as a provider in the AppStream metadata.


Question 2 (for Appstream folks -- i'm cc'ing drivers of DEP-11 here)
---------------------------------------------------------------------

    If a udev rule matches based on ATTRS{} instead of ATTR{}, should
    the AppStream metainfo file list such a device?  If so, can you open
    a bug report against lintian to suggest improving
    appstream-metadata-missing-modalias-provide?


Next Steps
==========

I'm likely to shortly make the following changes in the gnupg2 source
package unless someone objects (or, if i've already made them by the
time you read this, feel free to roll them back with a clear
explanantion):

 * convert the scdaemon udev rules for Yubikey devices to use ATTR{}
   instead of ATTRS{}

 * update the scdaemon AppStream metadata to include the listed YubiKey
   devices






i'd appreciate any insights people have time to share!

    --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20180823/65e6373c/attachment-0001.sig>


More information about the pkg-gnupg-maint mailing list