Date: Mon, 8 Jan 2024 10:35:03 -0600 From: Kyle Evans <kevans@FreeBSD.org> To: freebsd-current@freebsd.org Subject: Re: Move u2f-devd into base? Message-ID: <b38c7956-17d8-4c6a-a56a-42befdf35c17@FreeBSD.org> In-Reply-To: <20240109013058.22807f3816603829316cef4c@dec.sakura.ne.jp> References: <ZZwLx1RxlY6xuvFV@lorvorc.mips.inka.de> <CANCZdfqpbL=QNgTwBveUpBooucX2MbfZnR9dw4w25_TXYOyuDg@mail.gmail.com> <20240109013058.22807f3816603829316cef4c@dec.sakura.ne.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/8/24 10:30, Tomoaki AOKI wrote:
> On Mon, 8 Jan 2024 08:18:38 -0700
> Warner Losh <imp@bsdimp.com> wrote:
>
>> On Mon, Jan 8, 2024, 7:55〓AM Christian Weisgerber <naddy@mips.inka.de>
>> wrote:
>>
>>> We have FIDO/U2F support for SSH in base.
>>>
>>> We also have a group "u2f", 116, in the default /etc/group file.
>>>
>>> Why do we keep the devd configuration (to chgrp the device nodes)
>>> in a port, security/u2f-devd? Can't we just add this to base, too?
>>> It's just another devd configuration file.
>>>
>>
>> This properly belongs to devfs.conf no? Otherwise it's a race...
>>
>> Warner
>>
>> --
>>> Christian "naddy" Weisgerber naddy@mips.inka.de
>
> It's devd.conf materials. It actually is security/usf-devd/files
> u2f.conf and its contents is sets of notify 100 { match "vendor" ...
> match "product" ... action "chgrpy u2f ..." };.
> Some hase more items in it, though.
>
> So it should be in ports to adapt for latest products more quickly than
> in base, I think.
>
I don't see any obvious reason that we can't compromise and have a
baseline of products in base and just use the port for new products not
yet known to base. These vendors presumably aren't going to quickly
repurpose some PID for a non-u2f thing, much less in a way that we care
about.
Thanks,
Kyle Evans
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b38c7956-17d8-4c6a-a56a-42befdf35c17>