From patchwork Thu Aug 17 14:42:18 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Maxim Cournoyer <maxim.cournoyer@gmail.com>
X-Patchwork-Id: 52961
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id 2E6FC27BBEC; Thu, 17 Aug 2023 15:46:46 +0100 (BST)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No,
 score=-2.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI,
	SPF_HELO_PASS autolearn=ham autolearn_force=no version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id D950F27BBEA
	for <patchwork@mira.cbaines.net>; Thu, 17 Aug 2023 15:46:42 +0100 (BST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1qWeGI-00039r-L8; Thu, 17 Aug 2023 10:46:10 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1qWeGA-000390-VF
 for guix-patches@gnu.org; Thu, 17 Aug 2023 10:46:04 -0400
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1qWeGA-0006Iv-Na
 for guix-patches@gnu.org; Thu, 17 Aug 2023 10:46:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1qWeGA-00008B-I1
 for guix-patches@gnu.org; Thu, 17 Aug 2023 10:46:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#65354] [PATCH 1/2] gnu: yubikey-personalization: Mention udev
 rules file in description.
References: <cover.1692282998.git.maxim.cournoyer@gmail.com>
In-Reply-To: <cover.1692282998.git.maxim.cournoyer@gmail.com>
Resent-From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Thu, 17 Aug 2023 14:46:02 +0000
Resent-Message-ID: <handler.65354.B65354.1692283558466@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 65354
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 65354@debbugs.gnu.org
Cc: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Received: via spool by 65354-submit@debbugs.gnu.org id=B65354.1692283558466
 (code B ref 65354); Thu, 17 Aug 2023 14:46:02 +0000
Received: (at 65354) by debbugs.gnu.org; 17 Aug 2023 14:45:58 +0000
Received: from localhost ([127.0.0.1]:45326 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1qWeG6-00007R-BN
 for submit@debbugs.gnu.org; Thu, 17 Aug 2023 10:45:58 -0400
Received: from mail-qk1-x72e.google.com ([2607:f8b0:4864:20::72e]:57819)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@gmail.com>) id 1qWeG4-00007C-5d
 for 65354@debbugs.gnu.org; Thu, 17 Aug 2023 10:45:56 -0400
Received: by mail-qk1-x72e.google.com with SMTP id
 af79cd13be357-76d7a05552aso76628785a.3
 for <65354@debbugs.gnu.org>; Thu, 17 Aug 2023 07:45:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20221208; t=1692283550; x=1692888350;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=5ZmQx0eOJ4DiGdHnWH9pQn7YrqRyfNIKF1pyZRB9xYg=;
 b=jSw7pO79HsquWBQH9Tz64i64hfGEoGUf97kvwv23PQPpuW9YKuT89At7jpGj/4Z05j
 huCWJg0shjEF9rpGbiY2uaZCK1hpg6keAaHl+f6hE9aF0iS3nbX0Gfwq/s0KjYiQZKV8
 0Fqmun9KHriv9It6JyNzHCi2Qgng/zkuGH7QMpEU4IAFEfAI/EU6mRRKzH1BP+Wl3RIV
 9DkdTV5IQo65E0ySmmeH87abe6aFQdTz0DGdTmSPXh9ilLe2Q3vupPk1i9Dh/5IUcdj7
 ZjNIPFpuQX6mTuyUgzdKa7jlrgBDaQSFZrJHjoJ3lafXp9lbEz2ZSo8VM8SUQPd+LX5j
 HlLw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1692283550; x=1692888350;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=5ZmQx0eOJ4DiGdHnWH9pQn7YrqRyfNIKF1pyZRB9xYg=;
 b=M6cFCl8HwblfzBgeCYzOAtvEff2OHnDbrtwAOTAkD1xcKNfkLMefwuw7sFHk64Tom6
 nxhweDTXJqCXj+aRl/8rfiOnyY8EuOaqAQtAnAcxsM5nldrgYKvN1zt1TrBHZFdCC7ez
 /zlTLsE3nlfRQckZw5E+W6pHva+WtOhogyr20Fjpps+ES0pOQIiQqT5O0bofb1v6OoRK
 imcGSq1kxm5KqxtMAWq3QbNXodOgLF0Wl582Uxw0cK3o31DQY1p9Wmmj36AbtdKR9KNm
 lrJlajCj4q6IUHXTPr0md3Gm1GUJ8JhL+xH/cw71p8QdI0MmC5E/YjydIGo888omfU13
 W8Ww==
X-Gm-Message-State: AOJu0Yw4W9PHn/RpK589pA+7SJsf13dPehAmaBU5vXRQ/Fvzdixd9Rqy
 mvOaEY/+J4GWJr1utRoI9Eqmfp5ukI2LaEhN
X-Google-Smtp-Source: 
 AGHT+IFUgk5sybb/ivuBr2sSiSGq99c0apnTwzyBQjynOjLo3BsfdJVv4hIZUHUyo4t58QVikz8rSA==
X-Received: by 2002:a05:620a:2092:b0:76d:697:e299 with SMTP id
 e18-20020a05620a209200b0076d0697e299mr5517362qka.42.1692283550391;
 Thu, 17 Aug 2023 07:45:50 -0700 (PDT)
Received: from localhost.localdomain (dsl-152-182.b2b2c.ca. [66.158.152.182])
 by smtp.gmail.com with ESMTPSA id
 v15-20020ae9e30f000000b0076ce061f44dsm5209250qkf.25.2023.08.17.07.45.49
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 17 Aug 2023 07:45:49 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date: Thu, 17 Aug 2023 10:42:18 -0400
Message-ID: 
 <7fb2ab34337fa470c23e6d1a8ddeed8e2fa98b61.1692283338.git.maxim.cournoyer@gmail.com>
X-Mailer: git-send-email 2.41.0
MIME-Version: 1.0
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

* gnu/packages/security-token.scm (yubikey-personalization)
[description]: Expound with information regarding the udev rules file the
package contains.
---

 gnu/packages/security-token.scm | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)


base-commit: e80e082be1a85ca3ff17797ceda4e2346ea77b38

diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 3a0ed245ad..babc10aa7d 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -460,7 +460,10 @@ (define-public yubikey-personalization
     (description
      "The YubiKey Personalization package contains a C library and command
 line tools for personalizing YubiKeys.  You can use these to set an AES key,
-retrieve a YubiKey's serial number, and so forth.")
+retrieve a YubiKey's serial number, and so forth.  It also provides the
+@file{69-yubikey.rules} udev rules file, which allows console users to access
+the Yubikey USB device node, which is needed for the challenge/response
+@acronym{OTP, One-Time Password} application used by KeePassXC, for example.")
     (license license:bsd-2)))
 
 (define-public python-pyscard

From patchwork Thu Aug 17 14:42:19 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Maxim Cournoyer <maxim.cournoyer@gmail.com>
X-Patchwork-Id: 52962
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id ECD7127BBEA; Thu, 17 Aug 2023 15:46:46 +0100 (BST)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No,
 score=-2.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI,
	SPF_HELO_PASS autolearn=ham autolearn_force=no version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id B552327BBE2
	for <patchwork@mira.cbaines.net>; Thu, 17 Aug 2023 15:46:42 +0100 (BST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1qWeGI-00039q-If; Thu, 17 Aug 2023 10:46:10 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1qWeGC-00039E-BV
 for guix-patches@gnu.org; Thu, 17 Aug 2023 10:46:05 -0400
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1qWeGB-0006J0-Fg
 for guix-patches@gnu.org; Thu, 17 Aug 2023 10:46:04 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1qWeGA-00008Q-WB
 for guix-patches@gnu.org; Thu, 17 Aug 2023 10:46:03 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#65354] [PATCH 2/2] doc: cookbook: Document the configuration of
 a Yubikey with KeePassXC.
Resent-From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Thu, 17 Aug 2023 14:46:02 +0000
Resent-Message-ID: <handler.65354.B65354.1692283561484@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 65354
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 65354@debbugs.gnu.org
Cc: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Received: via spool by 65354-submit@debbugs.gnu.org id=B65354.1692283561484
 (code B ref 65354); Thu, 17 Aug 2023 14:46:02 +0000
Received: (at 65354) by debbugs.gnu.org; 17 Aug 2023 14:46:01 +0000
Received: from localhost ([127.0.0.1]:45329 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1qWeG8-00007h-Lo
 for submit@debbugs.gnu.org; Thu, 17 Aug 2023 10:46:01 -0400
Received: from mail-qk1-x72b.google.com ([2607:f8b0:4864:20::72b]:46336)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@gmail.com>) id 1qWeG7-00007I-In
 for 65354@debbugs.gnu.org; Thu, 17 Aug 2023 10:46:00 -0400
Received: by mail-qk1-x72b.google.com with SMTP id
 af79cd13be357-76d7bcefe8bso55819685a.1
 for <65354@debbugs.gnu.org>; Thu, 17 Aug 2023 07:45:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20221208; t=1692283554; x=1692888354;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=t2k20BVtGYmJ0mS90thEtmhVp5UyIdWDo8Gb3FrgCqw=;
 b=I6AU6zc1mA5mmSGLFJ+d2Tq85ElF87Um1GDW4SwYksV9xbCdmNVyzY5FO8q1Ep58jf
 rbmT5SIIgmcZwray7sp0RIJJgVxG/IbqiFJgd+vSMF7O4kI4pX2cmMzkj+ITNDKUyEZZ
 yonbVWzZ7wTt2P96AoVIQrJYHGQAc6JAmK1ywWU41WXzqKIYIIrTgwcnUtak3SG0x8q3
 De2Nw/X0BXOrfSQz0kK25vSo1u7tIkF8/RbQHjPyxlH/vdypJNp5D7Qce+6U8aWmJP9D
 1240diYHnxNjkOuEE9fp7DIhN+kzS7rubf7YYMya/KXIWmS0VZm7xHuAhw4x/tu9ILlb
 i7mg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1692283554; x=1692888354;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=t2k20BVtGYmJ0mS90thEtmhVp5UyIdWDo8Gb3FrgCqw=;
 b=D6Ok8fzROnZCZzvcWTVHNhMPeQ3csGHb9OAeGGya7jKJiY574W+Pv2t69b16X0K97x
 4uhnYdamEYbpTrenx93lJdVNSYZkOtHMjh5s4JP2af0wVGZMX2tPxgg3B8vmPHVW+8+F
 nezLvsxQ/EKlw6wBWCkC0TXxrI2Rly5W2uexTJlYiRL9DAS6u6AnPBaN2HBQN3hm3nQP
 zQhEFtnADS7jMp+EFUeHIg6EcUEPlsynSHRy3wifOxeMAWMVPe7OTIjnxwaD/GmemgDq
 XaCBNPOPjreHoo3EzSkspozHFaqZq5xsv+WT1nBBTFlmoNSA6EDp/Tm3uJVxH3dibm36
 YFeg==
X-Gm-Message-State: AOJu0YwGT3aWze81zuF2gmD3Lx3Ph7GNYUfF8cZ5EFg7BuWVndNRrVYX
 1xOR3v8onMPVy5ccBCH2/gAr+PVh7ubM/RAr
X-Google-Smtp-Source: 
 AGHT+IGjKAtPKieHy8R7VXoRdk9jQ0Y43plFwhQ/IZ/yx6zvqXpXTDkUvb8vwyXjmYbUU7UqFoDArA==
X-Received: by 2002:a05:620a:1904:b0:767:2e61:ca9c with SMTP id
 bj4-20020a05620a190400b007672e61ca9cmr6493915qkb.57.1692283553895;
 Thu, 17 Aug 2023 07:45:53 -0700 (PDT)
Received: from localhost.localdomain (dsl-152-182.b2b2c.ca. [66.158.152.182])
 by smtp.gmail.com with ESMTPSA id
 v15-20020ae9e30f000000b0076ce061f44dsm5209250qkf.25.2023.08.17.07.45.53
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 17 Aug 2023 07:45:53 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date: Thu, 17 Aug 2023 10:42:19 -0400
Message-ID: 
 <5704de4654bb878f397c2435473a8ec58b268108.1692283338.git.maxim.cournoyer@gmail.com>
X-Mailer: git-send-email 2.41.0
In-Reply-To: 
 <7fb2ab34337fa470c23e6d1a8ddeed8e2fa98b61.1692283338.git.maxim.cournoyer@gmail.com>
References: 
 <7fb2ab34337fa470c23e6d1a8ddeed8e2fa98b61.1692283338.git.maxim.cournoyer@gmail.com>
MIME-Version: 1.0
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

* doc/guix-cookbook.texi (Using security keys)
[Requiring a Yubikey to open a KeePassXC database]: New subsection.
---

 doc/guix-cookbook.texi | 44 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index 87430b741a..e5ed707450 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -2152,6 +2152,50 @@ Using security keys
 @samp{Applications -> OTP} view, delete the slot 1 configuration, which
 comes pre-configured with the Yubico OTP application.
 
+@subsection Requiring a Yubikey to open a KeePassXC database
+@cindex yubikey, keepassxc integration
+The KeePassXC password manager application has support for Yubikeys, but
+it requires installing a udev rules for your Guix System and some
+configuration of the Yubico OTP application on the key.
+
+The necessary udev rules file comes from the
+@code{yubikey-personalization} package, and can be installed like:
+
+@lisp
+(use-package-modules ... security-token ...)
+...
+(operating-system
+ ...
+ (services
+  (cons*
+   ...
+   (udev-rules-service 'yubikey yubikey-personalization))))
+@end lisp
+
+After reconfiguring your system (and reconnecting your Yubikey), you'll
+then want to configure the OTP challenge/response application of your
+Yubikey on its slot 2, which is what KeePassXC uses.  It's easy to do so
+via the Yubikey Manager configuration tool, which can be invoked with:
+
+@example
+guix shell yubikey-manager-qt -- ykman-gui
+@end example
+
+First, ensure @samp{OTP} is enabled under the @samp{Interfaces} tab,
+then navigate to @samp{Applications -> OTP}, and click the
+@samp{Configure} button under the @samp{Long Touch (Slot 2)} section.
+Select @samp{Challenge-response}, input or generate a secret key, and
+click the @samp{Finish} button.  If you have a second Yubikey you'd like
+to use as a backup, you should configure it the same way, using the
+@emph{same} secret key.
+
+Your Yubikey should now be detected by KeePassXC.  It can be added to a
+database by navigating to KeePassXC's @samp{Database -> Database
+Security...}  menu, then clicking the @samp{Add additional
+protection...} button, then @samp{Add Challenge-Response}, selecting the
+security key from the drop-down menu and clicking the @samp{OK} button
+to complete the setup.
+
 @node Dynamic DNS mcron job
 @section Dynamic DNS mcron job