+++ This bug was initially created as a clone of Bug #1157894 +++ Bug was closed as fixed without fixing the problem. Description of problem: Yubikey U2F functionality is not working on Fedora. Discussion of issue can be found here: http://forum.yubico.com/viewtopic.php?f=26&t=1535 Version-Release number of selected component (if applicable): ykpers-1.16.1-1.fc21.x86_64 How reproducible: Register and test key at this website using Google Chrome with Fido support extension enabled: http://demo.yubico.com/u2f Steps to Reproduce: Follow instructions on website Actual results: Yubikey not recognized Expected results: Successful registration and authentication. Additional info: /usr/lib/udev/rules.d/69-yubikey.rules needs to be changed to allow for U2F support. change line 7 so it reads as follows: ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111|0113|0114|0115|0116|0120", \ --- Additional comment from Wolfgang Rupprecht on 2014-11-08 19:36:45 EST --- While you are at it, you might want to add the Plugups version of the U2F key also. (Love that product number. Someone has a sense of humor.) ATTRS{idVendor}=="2581", ATTRS{idProduct}=="f1d0", \ ENV{ID_SECURITY_TOKEN}="1" --- Additional comment from Fedora Update System on 2014-11-23 15:38:56 EST --- ykpers-1.16.1-1.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/ykpers-1.16.1-1.fc21 --- Additional comment from Fedora Update System on 2014-11-23 15:39:23 EST --- ykpers-1.16.1-1.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/ykpers-1.16.1-1.fc20 --- Additional comment from Fedora Update System on 2014-11-23 15:39:49 EST --- ykpers-1.16.1-1.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/ykpers-1.16.1-1.fc19 --- Additional comment from Fedora Update System on 2014-11-23 15:40:13 EST --- ykpers-1.16.1-1.el7 has been submitted as an update for Fedora EPEL 7. https://admin.fedoraproject.org/updates/ykpers-1.16.1-1.el7 --- Additional comment from Fedora Update System on 2014-11-23 15:41:39 EST --- ykpers-1.16.1-1.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/ykpers-1.16.1-1.el6 --- Additional comment from Fedora Update System on 2014-11-23 15:42:49 EST --- ykpers-1.16.1-1.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/ykpers-1.16.1-1.el5 --- Additional comment from Fedora Update System on 2014-11-24 16:00:09 EST --- Package ykpers-1.16.1-1.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing ykpers-1.16.1-1.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-15677/ykpers-1.16.1-1.fc21 then log in and leave karma (feedback). --- Additional comment from Fedora Update System on 2014-12-04 01:23:28 EST --- ykpers-1.16.1-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. --- Additional comment from Fedora Update System on 2014-12-04 01:26:45 EST --- ykpers-1.16.1-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. --- Additional comment from Fedora Update System on 2014-12-06 05:50:41 EST --- ykpers-1.16.1-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. --- Additional comment from Fedora Update System on 2014-12-11 01:32:02 EST --- ykpers-1.16.1-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. --- Additional comment from Fedora Update System on 2014-12-11 01:33:51 EST --- ykpers-1.16.1-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report. --- Additional comment from Fedora Update System on 2014-12-11 01:34:34 EST --- ykpers-1.16.1-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. --- Additional comment from Jeremy Fitzhardinge on 2014-12-17 01:20:02 EST --- ykpers.x86_64 0:1.16.1-1.fc21 does not contain the updated /usr/lib/udev/rules.d/69-yubikey.rules matching a device ID of "0120". --- Additional comment from Michele Baldessari on 2014-12-22 05:03:04 EST --- Hi Jeremy, as this bug is closed and done. Can you open a new one so we can track this USB id issue? cheers, Michele
We are using the upstream rules here... they don't have "0120" in them. Is there some reason the upstream project hasn't added that?
I do not own this type of Yubikey myself, so I'm 100% sure, but I doubt whether it makes sense to enable the 0120 device id for ykpers. I'm guessing the device w/ id 0120 is the blue security key, which does not have most functionality you would use ykpers or yubikey-personalization-gui for. The forum post linked in the original bug is about permissions on the U2F device to make it usable for a non-root user. The link mentioned in there is to a udev rules file from a project called libu2f-host, which implements the host-side of the U2F protocol. I don't think the ykpers tool is the place to put the udev rules for this. It doesn't make sense to ask people to install a customization tool to use a piece of hardware as-is. There is a RR open for libu2f-host: bug 1155826. In bug 1155826, comment 9 there is a reference to U2F working fine on Fedora with that package installed. Imo that is the short-term way to fix this: get libu2f-host in Fedora. I'm sadly very short on time, but if I find some, I'll try and review that RR. If someone beats me to it: great :)
Yeah. The correct udev entry is in the libu2f-host (and submitted to be added to systemd/udev). I can also try and review that request in the coming weeks. ;) In the mean time there's nothing we can do here, so I will close this bug out.