Closed
Bug 1434277
Opened 7 years ago
Closed 6 years ago
Web Authentication, U2F - Document Dependencies for Common Linux Distributions
Categories
(Core :: DOM: Device Interfaces, enhancement, P3)
Tracking
()
RESOLVED
FIXED
People
(Reporter: jcj, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [webauthn] [u2f])
Web Authentication (and U2F) on Linux depend on libudev, but also require access to the /dev/hidraw devices to function.
* In Fedora, this means Firefox has a dependency on u2f-hidraw-policy [1].
* For Arch, there might be manual configuration needed [2].
* It appears that for Debian, there is likely a dependency on libhidapi-hidraw0 [3] but I haven't tested it.
* Suse also appears to have a dependency on libhidapi-hidraw0, but that's also unconfirmed.
I have also not collected this information for any other Linux distributions.
We should consider including the final information in the release notes for Firefox 60. Marking this relnote-firefox.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1513968
[2] https://wiki.archlinux.org/index.php/yubikey#Yubikey_not_acting_as_HID_device
[3] https://groups.google.com/d/msg/mozilla.dev.platform/UW6WMmoDzEU/sfIjwEIDBgAJ
Comment 1•7 years ago
|
||
It's my understanding that on Debian it _should_ just work, and if not I think this is something we should fix in Debian and Mozilla shouldn't care about it. In Debian stable I do get the right permission. The permissions are set correctly be default by the udev package, which gives permission to the plugdev group.
In Debian testing something seems to have changed. My current understanding is that logind would set up an ACL, but I'm testing this on a system without systemd/logind which is probably why it broke for me, but should work for most other users. I didn't have time to file a bug in Debian yet about it.
Comment 2•7 years ago
|
||
I tried removing libhidapi-hidraw0 on Debian, and it still works. It's really just a library used by the u2f-host tool/library.
Comment 3•7 years ago
|
||
The debian changelog for udev 229-6 says:
* Add debian/extra/rules/70-debian-uaccess.rules: Make FIDO U2F dongles
accessible to the user session. This avoids having to install libu2f-host0
(which isn't discoverable at all) to make those devices work.
(LP: #1387908)
libu2f-host0 depends on libhidapi-hidraw0.
It's at least my understanding that firefox doesn't need this (on Debian), that the udev rules should just make it work.
Comment 4•7 years ago
|
||
At least my problem on Debian was that I still had consolekit installed instead of libpam-systemd. This will probably be fixed so that others don't run into this.
But things might change in the future. The udev files to set up the permissions are now in udev, but they don't want to ship it anymore and it's also part of the libu2f-udev package. So in the future it might be that you need to install that. It might also be that instead of this list of devices we might want to go with the fedora approach and use the u2f-hidraw-policy software you've mentioned before.
Comment 5•7 years ago
|
||
Kurt, the udev rules were dropped from the udev Debian package in 237-2 (https://bugs.debian.org/889665) so as of buster the libu2f-udev package is necessary. I guess we need to figure out on the Debian side how to make sure that gets installed when needed.
Comment 6•7 years ago
|
||
We're about to ship 60 next week, do we have some consolidated documentation on dependencies here?
We can then update the Linux section of https://www.mozilla.org/en-US/firefox/60.0/system-requirements/
Reporter | ||
Comment 7•7 years ago
|
||
To my knowledge, we've collected only what's here in-bug.
Updated•6 years ago
|
Assignee: ttaubert → nobody
Status: ASSIGNED → NEW
Comment 8•6 years ago
|
||
Unassigned, P1, is this a critical bug or is it okay to bounce down to P2?
Flags: needinfo?(kyle)
Comment 9•6 years ago
|
||
Moving to P3 for now, as WebAuthn is on maintenance until jcj gets back (unfortunately can't ni until then), and I'll let him triage it again when he is.
Flags: needinfo?(kyle)
Priority: P1 → P3
Comment 10•6 years ago
|
||
WONTFIX per jcjones on IRC.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: mozilla60 → ---
Reporter | ||
Comment 11•6 years ago
|
||
It's been a while since this shipped. There's guidance out there already, probably just let this go.
You need to log in
before you can comment on or make changes to this bug.
Description
•