Compare commits
17 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| d4f8993988 | |||
| 876afecc5c | |||
| 539111c30c | |||
| 647a620a9c | |||
| 0eee944c64 | |||
| e4ef700263 | |||
| 492612fc8b | |||
| 15c53e42df | |||
| 5d6b618d5f | |||
| 0ee618cdfd | |||
| ed6273d781 | |||
| d38743a2fc | |||
| aaa445c4ac | |||
| e415ce4ae9 | |||
| 145237003e | |||
| 9338b320a4 | |||
| aae48c4f6c |
@@ -105,7 +105,7 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
args: --release --timeout 180 --out Xml
|
args: --release --timeout 180 --out Xml
|
||||||
- name: Upload coverage to Codecov
|
- name: Upload coverage to Codecov
|
||||||
uses: codecov/codecov-action@v3.1.0
|
uses: codecov/codecov-action@v3.1.1
|
||||||
with:
|
with:
|
||||||
token: ${{secrets.CODECOV_TOKEN}}
|
token: ${{secrets.CODECOV_TOKEN}}
|
||||||
|
|
||||||
|
|||||||
@@ -17,7 +17,11 @@ jobs:
|
|||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
name: [linux, windows, macos]
|
name:
|
||||||
|
- linux
|
||||||
|
- macos-arm64
|
||||||
|
- macos-x86_64
|
||||||
|
- windows
|
||||||
include:
|
include:
|
||||||
- name: linux
|
- name: linux
|
||||||
os: ubuntu-18.04
|
os: ubuntu-18.04
|
||||||
@@ -31,7 +35,14 @@ jobs:
|
|||||||
archive_name: age-plugin-yubikey.zip
|
archive_name: age-plugin-yubikey.zip
|
||||||
asset_suffix: x86_64-windows.zip
|
asset_suffix: x86_64-windows.zip
|
||||||
|
|
||||||
- name: macos
|
- name: macos-arm64
|
||||||
|
os: macos-latest
|
||||||
|
target: aarch64-apple-darwin
|
||||||
|
build_flags: --target aarch64-apple-darwin
|
||||||
|
archive_name: age-plugin-yubikey.tar.gz
|
||||||
|
asset_suffix: arm64-darwin.tar.gz
|
||||||
|
|
||||||
|
- name: macos-x86_64
|
||||||
os: macos-latest
|
os: macos-latest
|
||||||
archive_name: age-plugin-yubikey.tar.gz
|
archive_name: age-plugin-yubikey.tar.gz
|
||||||
asset_suffix: x86_64-darwin.tar.gz
|
asset_suffix: x86_64-darwin.tar.gz
|
||||||
@@ -76,12 +87,10 @@ jobs:
|
|||||||
if: matrix.name == 'windows'
|
if: matrix.name == 'windows'
|
||||||
|
|
||||||
- name: Upload archive to release
|
- name: Upload archive to release
|
||||||
uses: svenstaro/upload-release-action@2.2.1
|
uses: svenstaro/upload-release-action@2.3.0
|
||||||
with:
|
with:
|
||||||
repo_token: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
file: ${{ matrix.archive_name }}
|
file: ${{ matrix.archive_name }}
|
||||||
asset_name: age-plugin-yubikey-$tag-${{ matrix.asset_suffix }}
|
asset_name: age-plugin-yubikey-$tag-${{ matrix.asset_suffix }}
|
||||||
tag: ${{ github.ref }}
|
|
||||||
prerelease: true
|
prerelease: true
|
||||||
if: github.event.inputs.test != 'true'
|
if: github.event.inputs.test != 'true'
|
||||||
|
|
||||||
@@ -137,11 +146,9 @@ jobs:
|
|||||||
args: --package age-plugin-yubikey --no-build --target ${{ matrix.target }}
|
args: --package age-plugin-yubikey --no-build --target ${{ matrix.target }}
|
||||||
|
|
||||||
- name: Upload Debian package to release
|
- name: Upload Debian package to release
|
||||||
uses: svenstaro/upload-release-action@2.2.1
|
uses: svenstaro/upload-release-action@2.3.0
|
||||||
with:
|
with:
|
||||||
repo_token: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
file: target/${{ matrix.target }}/debian/*.deb
|
file: target/${{ matrix.target }}/debian/*.deb
|
||||||
tag: ${{ github.ref }}
|
|
||||||
file_glob: true
|
file_glob: true
|
||||||
prerelease: true
|
prerelease: true
|
||||||
if: github.event.inputs.test != 'true'
|
if: github.event.inputs.test != 'true'
|
||||||
|
|||||||
@@ -8,6 +8,16 @@ to 0.3.0 are beta releases.
|
|||||||
|
|
||||||
## [Unreleased]
|
## [Unreleased]
|
||||||
|
|
||||||
|
## [0.3.1] - 2022-12-30
|
||||||
|
### Changed
|
||||||
|
- If a "sharing violation" error is encountered while opening a connection to a
|
||||||
|
YubiKey, and `scdaemon` is running (which can hold exclusive access to a
|
||||||
|
YubiKey indefinitely), `age-plugin-yubikey` now attempts to stop `scdaemon` by
|
||||||
|
interrupting it (or killing it on Windows), and then tries again to open the
|
||||||
|
connection.
|
||||||
|
- Several error messages were enhanced with guidance on how to resolve their
|
||||||
|
respective issue.
|
||||||
|
|
||||||
## [0.3.0] - 2022-05-02
|
## [0.3.0] - 2022-05-02
|
||||||
First non-beta release!
|
First non-beta release!
|
||||||
|
|
||||||
|
|||||||
Generated
+106
-1
@@ -49,7 +49,7 @@ dependencies = [
|
|||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "age-plugin-yubikey"
|
name = "age-plugin-yubikey"
|
||||||
version = "0.3.0"
|
version = "0.3.1"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"age-core",
|
"age-core",
|
||||||
"age-plugin",
|
"age-plugin",
|
||||||
@@ -71,6 +71,7 @@ dependencies = [
|
|||||||
"rand",
|
"rand",
|
||||||
"rust-embed",
|
"rust-embed",
|
||||||
"sha2 0.9.9",
|
"sha2 0.9.9",
|
||||||
|
"sysinfo",
|
||||||
"which",
|
"which",
|
||||||
"x509",
|
"x509",
|
||||||
"x509-parser",
|
"x509-parser",
|
||||||
@@ -246,6 +247,12 @@ version = "0.3.2"
|
|||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "396de984970346b0d9e93d1415082923c679e5ae5c3ee3dcbd104f5610af126b"
|
checksum = "396de984970346b0d9e93d1415082923c679e5ae5c3ee3dcbd104f5610af126b"
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "core-foundation-sys"
|
||||||
|
version = "0.8.3"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "cpufeatures"
|
name = "cpufeatures"
|
||||||
version = "0.2.2"
|
version = "0.2.2"
|
||||||
@@ -264,6 +271,49 @@ dependencies = [
|
|||||||
"cfg-if",
|
"cfg-if",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "crossbeam-channel"
|
||||||
|
version = "0.5.6"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "c2dd04ddaf88237dc3b8d8f9a3c1004b506b54b3313403944054d23c0870c521"
|
||||||
|
dependencies = [
|
||||||
|
"cfg-if",
|
||||||
|
"crossbeam-utils",
|
||||||
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "crossbeam-deque"
|
||||||
|
version = "0.8.2"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "715e8152b692bba2d374b53d4875445368fdf21a94751410af607a5ac677d1fc"
|
||||||
|
dependencies = [
|
||||||
|
"cfg-if",
|
||||||
|
"crossbeam-epoch",
|
||||||
|
"crossbeam-utils",
|
||||||
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "crossbeam-epoch"
|
||||||
|
version = "0.9.13"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "01a9af1f4c2ef74bb8aa1f7e19706bc72d03598c8a570bb5de72243c7a9d9d5a"
|
||||||
|
dependencies = [
|
||||||
|
"autocfg 1.1.0",
|
||||||
|
"cfg-if",
|
||||||
|
"crossbeam-utils",
|
||||||
|
"memoffset",
|
||||||
|
"scopeguard",
|
||||||
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "crossbeam-utils"
|
||||||
|
version = "0.8.14"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "4fb766fa798726286dbbb842f174001dab8abc7b627a1dd86e0b7222a95d929f"
|
||||||
|
dependencies = [
|
||||||
|
"cfg-if",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "crypto-bigint"
|
name = "crypto-bigint"
|
||||||
version = "0.2.11"
|
version = "0.2.11"
|
||||||
@@ -808,6 +858,15 @@ version = "2.4.1"
|
|||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "308cc39be01b73d0d18f82a0e7b2a3df85245f84af96fdddc5d202d27e47b86a"
|
checksum = "308cc39be01b73d0d18f82a0e7b2a3df85245f84af96fdddc5d202d27e47b86a"
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "memoffset"
|
||||||
|
version = "0.7.1"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "5de893c32cde5f383baa4c04c5d6dbdd735cfd4a794b0debdb2bb1b421da5ff4"
|
||||||
|
dependencies = [
|
||||||
|
"autocfg 1.1.0",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "minimal-lexical"
|
name = "minimal-lexical"
|
||||||
version = "0.2.1"
|
version = "0.2.1"
|
||||||
@@ -834,6 +893,15 @@ dependencies = [
|
|||||||
"minimal-lexical",
|
"minimal-lexical",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "ntapi"
|
||||||
|
version = "0.3.7"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "c28774a7fd2fbb4f0babd8237ce554b73af68021b5f695a3cebd6c59bac0980f"
|
||||||
|
dependencies = [
|
||||||
|
"winapi",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "num-bigint"
|
name = "num-bigint"
|
||||||
version = "0.4.3"
|
version = "0.4.3"
|
||||||
@@ -1154,6 +1222,28 @@ dependencies = [
|
|||||||
"getrandom",
|
"getrandom",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "rayon"
|
||||||
|
version = "1.6.1"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "6db3a213adf02b3bcfd2d3846bb41cb22857d131789e01df434fb7e7bc0759b7"
|
||||||
|
dependencies = [
|
||||||
|
"either",
|
||||||
|
"rayon-core",
|
||||||
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "rayon-core"
|
||||||
|
version = "1.10.1"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "cac410af5d00ab6884528b4ab69d1e8e146e8d471201800fa1b4524126de6ad3"
|
||||||
|
dependencies = [
|
||||||
|
"crossbeam-channel",
|
||||||
|
"crossbeam-deque",
|
||||||
|
"crossbeam-utils",
|
||||||
|
"num_cpus",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "redox_syscall"
|
name = "redox_syscall"
|
||||||
version = "0.2.11"
|
version = "0.2.11"
|
||||||
@@ -1426,6 +1516,21 @@ dependencies = [
|
|||||||
"unicode-xid",
|
"unicode-xid",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "sysinfo"
|
||||||
|
version = "0.26.3"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "49086f670c15221b510c3f8c47e04e49714c56820d5ca78e2f58419e9fbb0f1b"
|
||||||
|
dependencies = [
|
||||||
|
"cfg-if",
|
||||||
|
"core-foundation-sys",
|
||||||
|
"libc",
|
||||||
|
"ntapi",
|
||||||
|
"once_cell",
|
||||||
|
"rayon",
|
||||||
|
"winapi",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "tempfile"
|
name = "tempfile"
|
||||||
version = "3.3.0"
|
version = "3.3.0"
|
||||||
|
|||||||
+5
-1
@@ -1,7 +1,7 @@
|
|||||||
[package]
|
[package]
|
||||||
name = "age-plugin-yubikey"
|
name = "age-plugin-yubikey"
|
||||||
description = "YubiKey plugin for age clients"
|
description = "YubiKey plugin for age clients"
|
||||||
version = "0.3.0"
|
version = "0.3.1"
|
||||||
authors = ["Jack Grigg <thestr4d@gmail.com>"]
|
authors = ["Jack Grigg <thestr4d@gmail.com>"]
|
||||||
repository = "https://github.com/str4d/age-plugin-yubikey"
|
repository = "https://github.com/str4d/age-plugin-yubikey"
|
||||||
readme = "README.md"
|
readme = "README.md"
|
||||||
@@ -9,6 +9,7 @@ keywords = ["age", "cli", "encryption", "yubikey"]
|
|||||||
categories = ["command-line-utilities", "cryptography"]
|
categories = ["command-line-utilities", "cryptography"]
|
||||||
license = "MIT OR Apache-2.0"
|
license = "MIT OR Apache-2.0"
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
|
rust-version = "1.56" # MSRV
|
||||||
|
|
||||||
[package.metadata.deb]
|
[package.metadata.deb]
|
||||||
extended-description = """\
|
extended-description = """\
|
||||||
@@ -46,6 +47,9 @@ i18n-embed-fl = "0.6"
|
|||||||
lazy_static = "1"
|
lazy_static = "1"
|
||||||
rust-embed = "6"
|
rust-embed = "6"
|
||||||
|
|
||||||
|
# GnuPG coexistence
|
||||||
|
sysinfo = ">=0.26, <0.26.4"
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
flate2 = "1"
|
flate2 = "1"
|
||||||
man = "0.3"
|
man = "0.3"
|
||||||
|
|||||||
@@ -18,6 +18,15 @@ cargo install age-plugin-yubikey
|
|||||||
|
|
||||||
Help from new packagers is very welcome.
|
Help from new packagers is very welcome.
|
||||||
|
|
||||||
|
### Linux, BSD, etc.
|
||||||
|
|
||||||
|
On non-Windows, non-macOS systems, you need to ensure that the `pcscd` service
|
||||||
|
is installed and running. On Debian or Ubuntu, you can do this with:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ sudo apt-get install pcscd
|
||||||
|
```
|
||||||
|
|
||||||
### Windows Subsystem for Linux (WSL)
|
### Windows Subsystem for Linux (WSL)
|
||||||
|
|
||||||
WSL does not currently provide native support for USB devices. However, Windows
|
WSL does not currently provide native support for USB devices. However, Windows
|
||||||
|
|||||||
@@ -12,6 +12,7 @@
|
|||||||
-yubikey = YubiKey
|
-yubikey = YubiKey
|
||||||
-yubikeys = YubiKeys
|
-yubikeys = YubiKeys
|
||||||
-age-plugin-yubikey = age-plugin-yubikey
|
-age-plugin-yubikey = age-plugin-yubikey
|
||||||
|
-pcscd = pcscd
|
||||||
|
|
||||||
## CLI commands and flags
|
## CLI commands and flags
|
||||||
|
|
||||||
@@ -169,7 +170,14 @@ plugin-err-pin-required = A PIN is required for {-yubikey} with serial {$yub
|
|||||||
|
|
||||||
## Errors
|
## Errors
|
||||||
|
|
||||||
err-custom-mgmt-key = Custom unprotected management keys are not supported.
|
err-custom-mgmt-key = Custom unprotected non-TDES management keys are not supported.
|
||||||
|
rec-custom-mgmt-key =
|
||||||
|
You can use the {-yubikey} Manager CLI to change to a protected management key:
|
||||||
|
{" "}{$cmd}
|
||||||
|
|
||||||
|
See here for more information about {-yubikey} Manager:
|
||||||
|
{" "}{$url}
|
||||||
|
|
||||||
err-invalid-flag-command = Flag '{$flag}' cannot be used with '{$command}'.
|
err-invalid-flag-command = Flag '{$flag}' cannot be used with '{$command}'.
|
||||||
err-invalid-flag-tui = Flag '{$flag}' cannot be used with the interactive interface.
|
err-invalid-flag-tui = Flag '{$flag}' cannot be used with the interactive interface.
|
||||||
err-invalid-pin-length = The PIN needs to be 1-8 characters.
|
err-invalid-pin-length = The PIN needs to be 1-8 characters.
|
||||||
@@ -185,6 +193,22 @@ err-slot-has-no-identity = Slot {$slot} does not contain an {-age} identity or c
|
|||||||
err-slot-is-not-empty = Slot {$slot} is not empty. Use {-flag-force} to overwrite the slot.
|
err-slot-is-not-empty = Slot {$slot} is not empty. Use {-flag-force} to overwrite the slot.
|
||||||
err-timed-out = Timed out while waiting for a {-yubikey} to be inserted.
|
err-timed-out = Timed out while waiting for a {-yubikey} to be inserted.
|
||||||
err-use-list-for-single = Use {-cmd-list} to print the recipient for a single slot.
|
err-use-list-for-single = Use {-cmd-list} to print the recipient for a single slot.
|
||||||
|
|
||||||
|
err-yk-no-service-macos = The Crypto Token Kit service is not running.
|
||||||
|
rec-yk-no-service-macos =
|
||||||
|
You may need to restart it. See this Stack Exchange answer for more help:
|
||||||
|
{" "}{$url}
|
||||||
|
|
||||||
|
err-yk-no-service-pcscd = {-pcscd} is not running.
|
||||||
|
rec-yk-no-service-pcscd =
|
||||||
|
If you are on Debian or Ubuntu, you can install it with:
|
||||||
|
{" "}{$apt}
|
||||||
|
|
||||||
|
err-yk-no-service-win = The Smart Cards for Windows service is not running.
|
||||||
|
rec-yk-no-service-win =
|
||||||
|
See this troubleshooting guide for more help:
|
||||||
|
{" "}{$url}
|
||||||
|
|
||||||
err-yk-not-found = Please insert the {-yubikey} you want to set up
|
err-yk-not-found = Please insert the {-yubikey} you want to set up
|
||||||
err-yk-wrong-pin = Invalid PIN ({$tries} tries remaining before it is blocked)
|
err-yk-wrong-pin = Invalid PIN ({$tries} tries remaining before it is blocked)
|
||||||
err-yk-general = Error while communicating with {-yubikey}: {$err}
|
err-yk-general = Error while communicating with {-yubikey}: {$err}
|
||||||
|
|||||||
+44
-1
@@ -48,7 +48,21 @@ impl From<yubikey::Error> for Error {
|
|||||||
impl fmt::Debug for Error {
|
impl fmt::Debug for Error {
|
||||||
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
|
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
|
||||||
match self {
|
match self {
|
||||||
Error::CustomManagementKey => wlnfl!(f, "err-custom-mgmt-key")?,
|
Error::CustomManagementKey => {
|
||||||
|
wlnfl!(f, "err-custom-mgmt-key")?;
|
||||||
|
let cmd = "ykman piv access change-management-key --protect";
|
||||||
|
let url = "https://developers.yubico.com/yubikey-manager/";
|
||||||
|
writeln!(
|
||||||
|
f,
|
||||||
|
"{}",
|
||||||
|
fl!(
|
||||||
|
crate::LANGUAGE_LOADER,
|
||||||
|
"rec-custom-mgmt-key",
|
||||||
|
cmd = cmd,
|
||||||
|
url = url,
|
||||||
|
),
|
||||||
|
)?;
|
||||||
|
}
|
||||||
Error::InvalidFlagCommand(flag, command) => writeln!(
|
Error::InvalidFlagCommand(flag, command) => writeln!(
|
||||||
f,
|
f,
|
||||||
"{}",
|
"{}",
|
||||||
@@ -141,6 +155,35 @@ impl fmt::Debug for Error {
|
|||||||
Error::UseListForSingleSlot => wlnfl!(f, "err-use-list-for-single")?,
|
Error::UseListForSingleSlot => wlnfl!(f, "err-use-list-for-single")?,
|
||||||
Error::YubiKey(e) => match e {
|
Error::YubiKey(e) => match e {
|
||||||
yubikey::Error::NotFound => wlnfl!(f, "err-yk-not-found")?,
|
yubikey::Error::NotFound => wlnfl!(f, "err-yk-not-found")?,
|
||||||
|
yubikey::Error::PcscError {
|
||||||
|
inner: Some(pcsc::Error::NoService),
|
||||||
|
} => {
|
||||||
|
if cfg!(windows) {
|
||||||
|
wlnfl!(f, "err-yk-no-service-win")?;
|
||||||
|
let url = "https://learn.microsoft.com/en-us/windows/security/identity-protection/smart-cards/smart-card-debugging-information#smart-card-service";
|
||||||
|
writeln!(
|
||||||
|
f,
|
||||||
|
"{}",
|
||||||
|
fl!(crate::LANGUAGE_LOADER, "rec-yk-no-service-win", url = url),
|
||||||
|
)?;
|
||||||
|
} else if cfg!(target_os = "macos") {
|
||||||
|
wlnfl!(f, "err-yk-no-service-macos")?;
|
||||||
|
let url = "https://apple.stackexchange.com/a/438198";
|
||||||
|
writeln!(
|
||||||
|
f,
|
||||||
|
"{}",
|
||||||
|
fl!(crate::LANGUAGE_LOADER, "rec-yk-no-service-macos", url = url),
|
||||||
|
)?;
|
||||||
|
} else {
|
||||||
|
wlnfl!(f, "err-yk-no-service-pcscd")?;
|
||||||
|
let apt = "sudo apt-get install pcscd";
|
||||||
|
writeln!(
|
||||||
|
f,
|
||||||
|
"{}",
|
||||||
|
fl!(crate::LANGUAGE_LOADER, "rec-yk-no-service-pcscd", apt = apt),
|
||||||
|
)?;
|
||||||
|
}
|
||||||
|
}
|
||||||
yubikey::Error::WrongPin { tries } => writeln!(
|
yubikey::Error::WrongPin { tries } => writeln!(
|
||||||
f,
|
f,
|
||||||
"{}",
|
"{}",
|
||||||
|
|||||||
+73
-8
@@ -8,7 +8,7 @@ use age_core::{
|
|||||||
use age_plugin::{identity, Callbacks};
|
use age_plugin::{identity, Callbacks};
|
||||||
use bech32::{ToBase32, Variant};
|
use bech32::{ToBase32, Variant};
|
||||||
use dialoguer::Password;
|
use dialoguer::Password;
|
||||||
use log::warn;
|
use log::{debug, warn};
|
||||||
use std::fmt;
|
use std::fmt;
|
||||||
use std::io;
|
use std::io;
|
||||||
use std::iter;
|
use std::iter;
|
||||||
@@ -77,6 +77,71 @@ pub(crate) fn wait_for_readers() -> Result<Context, Error> {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Stops `scdaemon` if it is running.
|
||||||
|
///
|
||||||
|
/// Returns `true` if `scdaemon` was running and was successfully interrupted (or killed
|
||||||
|
/// if the platform doesn't support interrupts).
|
||||||
|
fn stop_scdaemon() -> bool {
|
||||||
|
debug!("Sharing violation encountered, looking for scdaemon processes to stop");
|
||||||
|
|
||||||
|
use sysinfo::{
|
||||||
|
Process, ProcessExt, ProcessRefreshKind, RefreshKind, Signal, System, SystemExt,
|
||||||
|
};
|
||||||
|
|
||||||
|
let mut interrupted = false;
|
||||||
|
|
||||||
|
let sys =
|
||||||
|
System::new_with_specifics(RefreshKind::new().with_processes(ProcessRefreshKind::new()));
|
||||||
|
|
||||||
|
for process in sys
|
||||||
|
.processes()
|
||||||
|
.values()
|
||||||
|
.filter(|val: &&Process| ["scdaemon", "scdaemon.exe"].contains(&val.name()))
|
||||||
|
{
|
||||||
|
if process
|
||||||
|
.kill_with(Signal::Interrupt)
|
||||||
|
.unwrap_or_else(|| process.kill())
|
||||||
|
{
|
||||||
|
debug!("Stopped scdaemon (PID {})", process.pid());
|
||||||
|
interrupted = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// If we did interrupt `scdaemon`, pause briefly to allow it to exit.
|
||||||
|
if interrupted {
|
||||||
|
sleep(Duration::from_millis(100));
|
||||||
|
}
|
||||||
|
|
||||||
|
interrupted
|
||||||
|
}
|
||||||
|
|
||||||
|
fn open_sesame(
|
||||||
|
op: impl Fn() -> Result<YubiKey, yubikey::Error>,
|
||||||
|
) -> Result<YubiKey, yubikey::Error> {
|
||||||
|
op().or_else(|e| match e {
|
||||||
|
yubikey::Error::PcscError {
|
||||||
|
inner: Some(pcsc::Error::SharingViolation),
|
||||||
|
} if stop_scdaemon() => op(),
|
||||||
|
_ => Err(e),
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Opens a connection to this reader, returning a `YubiKey` if successful.
|
||||||
|
///
|
||||||
|
/// This is equivalent to [`Reader::open`], but additionally handles the presence of
|
||||||
|
/// `scdaemon` (which can indefinitely hold exclusive access to a YubiKey).
|
||||||
|
pub(crate) fn open_connection(reader: &Reader) -> Result<YubiKey, yubikey::Error> {
|
||||||
|
open_sesame(|| reader.open())
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Opens a YubiKey with a specific serial number.
|
||||||
|
///
|
||||||
|
/// This is equivalent to [`YubiKey::open_by_serial`], but additionally handles the
|
||||||
|
/// presence of `scdaemon` (which can indefinitely hold exclusive access to a YubiKey).
|
||||||
|
fn open_by_serial(serial: Serial) -> Result<YubiKey, yubikey::Error> {
|
||||||
|
open_sesame(|| YubiKey::open_by_serial(serial))
|
||||||
|
}
|
||||||
|
|
||||||
pub(crate) fn open(serial: Option<Serial>) -> Result<YubiKey, Error> {
|
pub(crate) fn open(serial: Option<Serial>) -> Result<YubiKey, Error> {
|
||||||
if !Context::open()?.iter()?.any(is_connected) {
|
if !Context::open()?.iter()?.any(is_connected) {
|
||||||
if let Some(serial) = serial {
|
if let Some(serial) = serial {
|
||||||
@@ -99,9 +164,9 @@ pub(crate) fn open(serial: Option<Serial>) -> Result<YubiKey, Error> {
|
|||||||
// connected, an error is returned.
|
// connected, an error is returned.
|
||||||
let yubikey = match (readers_iter.next(), readers_iter.next(), serial) {
|
let yubikey = match (readers_iter.next(), readers_iter.next(), serial) {
|
||||||
(None, _, _) => unreachable!(),
|
(None, _, _) => unreachable!(),
|
||||||
(Some(reader), None, None) => reader.open()?,
|
(Some(reader), None, None) => open_connection(&reader)?,
|
||||||
(Some(reader), None, Some(serial)) => {
|
(Some(reader), None, Some(serial)) => {
|
||||||
let yubikey = reader.open()?;
|
let yubikey = open_connection(&reader)?;
|
||||||
if yubikey.serial() != serial {
|
if yubikey.serial() != serial {
|
||||||
return Err(Error::NoMatchingSerial(serial));
|
return Err(Error::NoMatchingSerial(serial));
|
||||||
}
|
}
|
||||||
@@ -112,12 +177,12 @@ pub(crate) fn open(serial: Option<Serial>) -> Result<YubiKey, Error> {
|
|||||||
.chain(Some(a))
|
.chain(Some(a))
|
||||||
.chain(Some(b))
|
.chain(Some(b))
|
||||||
.chain(readers_iter)
|
.chain(readers_iter)
|
||||||
.find(|reader| match reader.open() {
|
.find(|reader| match open_connection(reader) {
|
||||||
Ok(yk) => yk.serial() == serial,
|
Ok(yk) => yk.serial() == serial,
|
||||||
_ => false,
|
_ => false,
|
||||||
})
|
})
|
||||||
.ok_or(Error::NoMatchingSerial(serial))?;
|
.ok_or(Error::NoMatchingSerial(serial))?;
|
||||||
reader.open()?
|
open_connection(&reader)?
|
||||||
}
|
}
|
||||||
(Some(_), Some(_), None) => return Err(Error::MultipleYubiKeys),
|
(Some(_), Some(_), None) => return Err(Error::MultipleYubiKeys),
|
||||||
};
|
};
|
||||||
@@ -272,7 +337,7 @@ impl Stub {
|
|||||||
&self,
|
&self,
|
||||||
callbacks: &mut dyn Callbacks<E>,
|
callbacks: &mut dyn Callbacks<E>,
|
||||||
) -> io::Result<Result<Option<Connection>, identity::Error>> {
|
) -> io::Result<Result<Option<Connection>, identity::Error>> {
|
||||||
let mut yubikey = match YubiKey::open_by_serial(self.serial) {
|
let mut yubikey = match open_by_serial(self.serial) {
|
||||||
Ok(yk) => yk,
|
Ok(yk) => yk,
|
||||||
Err(yubikey::Error::NotFound) => {
|
Err(yubikey::Error::NotFound) => {
|
||||||
let mut message = i18n_embed_fl::fl!(
|
let mut message = i18n_embed_fl::fl!(
|
||||||
@@ -294,7 +359,7 @@ impl Stub {
|
|||||||
// User told us to skip this key.
|
// User told us to skip this key.
|
||||||
Ok(false) => return Ok(Ok(None)),
|
Ok(false) => return Ok(Ok(None)),
|
||||||
// User said they plugged it in; try it.
|
// User said they plugged it in; try it.
|
||||||
Ok(true) => match YubiKey::open_by_serial(self.serial) {
|
Ok(true) => match open_by_serial(self.serial) {
|
||||||
Ok(yubikey) => break Some(yubikey),
|
Ok(yubikey) => break Some(yubikey),
|
||||||
Err(yubikey::Error::NotFound) => (),
|
Err(yubikey::Error::NotFound) => (),
|
||||||
Err(_) => {
|
Err(_) => {
|
||||||
@@ -348,7 +413,7 @@ impl Stub {
|
|||||||
// Start a 15-second timer waiting for the YubiKey to be inserted
|
// Start a 15-second timer waiting for the YubiKey to be inserted
|
||||||
let start = SystemTime::now();
|
let start = SystemTime::now();
|
||||||
loop {
|
loop {
|
||||||
match YubiKey::open_by_serial(self.serial) {
|
match open_by_serial(self.serial) {
|
||||||
Ok(yubikey) => break yubikey,
|
Ok(yubikey) => break yubikey,
|
||||||
Err(yubikey::Error::NotFound) => (),
|
Err(yubikey::Error::NotFound) => (),
|
||||||
Err(_) => {
|
Err(_) => {
|
||||||
|
|||||||
+2
-2
@@ -229,7 +229,7 @@ fn print_multiple(
|
|||||||
|
|
||||||
let mut printed = 0;
|
let mut printed = 0;
|
||||||
for reader in readers.iter()?.filter(key::filter_connected) {
|
for reader in readers.iter()?.filter(key::filter_connected) {
|
||||||
let mut yubikey = reader.open()?;
|
let mut yubikey = key::open_connection(&reader)?;
|
||||||
if let Some(serial) = serial {
|
if let Some(serial) = serial {
|
||||||
if yubikey.serial() != serial {
|
if yubikey.serial() != serial {
|
||||||
continue;
|
continue;
|
||||||
@@ -401,7 +401,7 @@ fn main() -> Result<(), Error> {
|
|||||||
let reader_names = readers_list
|
let reader_names = readers_list
|
||||||
.iter()
|
.iter()
|
||||||
.map(|reader| {
|
.map(|reader| {
|
||||||
reader.open().map(|yk| {
|
key::open_connection(reader).map(|yk| {
|
||||||
i18n_embed_fl::fl!(
|
i18n_embed_fl::fl!(
|
||||||
LANGUAGE_LOADER,
|
LANGUAGE_LOADER,
|
||||||
"cli-setup-yk-name",
|
"cli-setup-yk-name",
|
||||||
|
|||||||
Reference in New Issue
Block a user