any luck on the binary being in the repo yet? or do we need someone to test it still? as i have a yubikey neo - and would appreciate it being in the repo as in a rush to get the laptop setup for work - and it just makes it easier if the apps are ever updated
On Thursday, May 21, 2015 at 1:43:54 AM UTC-4, Alex Dubois wrote: > > > > On Wednesday, 20 May 2015 22:44:32 UTC+1, Marek Marczykowski-Górecki wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Mon, Apr 27, 2015 at 03:37:53PM +1000, Miguel Jacq wrote: >> > Hi, >> > >> > I recently installed Qubes R3 RC1 and I'd like to integrate Yubikey >> > into the dom0 authentication (e.g for login to the Qubes OS itself - >> > not for integration with remote services at this stage). >> > >> > >> > I am trying to follow the instructions at >> > https://github.com/adubois/qubes-app-linux-yubikey but I have hit a >> > blocker: the installation instructions say to run this in the USB >> AppVM: >> > >> > sudo yum install qubes-yubikey-vm >> > >> > But I get: >> > >> > [user@fedora-21 ~]$ sudo yum install qubes-yubikey-vm >> > Loaded plugins: langpacks, post-transaction-actions, yum-qubes-hooks >> > No package qubes-yubikey-vm available. >> > Error: Nothing to do >> > [user@fedora-21 ~]$ >> > >> > >> > And the instructions for the dom0: >> > >> > sudo yum install qubes-yubikey-dom0 >> > >> > .. I get >> > >> > "No package qubes-yubikey-dom0 available' >> > >> > My questions are: >> > >> > >> > 1) Are the yubikey packages not present in R3 (yet?) or do I do need >> > to do something special to enable the Qubes repository? (I'm from >> > Debian background and not RH/Fedora so it could be that I don't know >> > some extra Yum task that's been assumed by the author) >> >> Actually this was never available in qubes repository, so you need to >> compile the package on your own. The readme file contains instructions >> on this installation method. >> >> > 2) The instructions discuss personalizing the Yubikey with a symmetric >> > AES key (presumably in OTP mode). My Yubikey is already configured in >> > OTP because it is used with my own Yubikey validation server(s) >> > elsewhere. Can I just reuse the AES key which I already know is on my >> > Yubikey's first slot? (I can't use the other slot either as it serves >> > a different purpose) ). >> >> Currently qubes-app-linux-yubikey does not allow for that - it requires >> that the YubiKey is used exclusively for Qubes and if some missing OTP >> is detected, it blocks this way of authentication. This is well >> described in "Usage" paragraph, including reasoning why it is done this >> way. >> >> > Many thanks (especially to Alex Dubois for providing the Yubikey app, >> > if he's reading this) >> > > Hi Miguel, > > I was no longer on the devel mailing list, but now I am back. I'm glad you > find it useful. If you have it running and are using it, feedback on > usability would be great. As for the install part, please read below, it > should soon be easier to do it. > >> > >> > P.S I'd have sent this to qubes-users but Alex's documentation asks >> > explicitly to use the qubes-devel list. >> > > Hi Marek, > > I saw you've done some work on the github repo. I've re-joined the devel > mailing list. > > Thanks for your help, I'll review and merge the changes hopefully by the > end of the week-end. I may need some help on the git side. > > Do you want to add this to the community tools? Let me know how to > proceed, I'll be happy to help support this package. I'm also happy to > explore other strong-auth options if there are needs. > > Cheers, > Alex > > Alex > >> >> >> - -- >> Best Regards, >> Marek Marczykowski-Górecki >> Invisible Things Lab >> A: Because it messes up the order in which people normally read text. >> Q: Why is top-posting such a bad thing? >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1 >> >> iQEcBAEBAgAGBQJVXQA3AAoJENuP0xzK19csi/YIAJEHW7A1V3Og7vMkfIfFeN6b >> SWCChhoYtWdgBF1UYselUwopbWC/eknIk7fgKku5iOFSrt8RjCkb/BFSGcchWg6i >> TJrN0MVCT/Iffw3tV7UcQ9sWlQ9rGgoSwd+VKX9yqmz2xTdF/88Sn5ATUmrAmQot >> Un1I8rmBpwUG7zdx71ZEZpImO1rwJFRSDBuxqDR73V2thX3tNRzq35/sov2GtZQP >> PgGnhvjPQExtnV9Yxc6ETcezMzP5KkhRz+kHCBrId66lI3+dLXpK5uD5hpxHraw8 >> rPWmfENR7yOwSGO5EG2ZMPsaUC5dXWrGoL8LRYsA5djJipQygu5KQXhD4KCiqk0= >> =acDP >> -----END PGP SIGNATURE----- >> > -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/80957054-2665-4702-93e8-36e1da696c24%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
