drduh
17ca4d058a
Merge pull request #419 from drduh/wip-12feb24
...
12feb24
7 months ago
drduh
07e0fe71fd
few more standard terms
7 months ago
drduh
678e779b1f
typo
7 months ago
drduh
6e19ae4cc4
few more style nits
7 months ago
drduh
29563423c1
explicit keytocard instructions
7 months ago
drduh
0b24d77c18
simplify batch instructions
7 months ago
drduh
ca052604c3
standard names for subkeys
7 months ago
drduh
00708879da
Merge pull request #418 from drduh/wip-12feb24
...
remove yubikey as rng
7 months ago
drduh
8e914a3a60
remove yubikey as rng
7 months ago
drduh
457fc80f8c
Merge pull request #417 from drduh/wip-11feb24
...
11feb24
7 months ago
drduh
d6848d5440
remove multiple hosts
7 months ago
drduh
92d4212019
more grammar
7 months ago
drduh
c69295975c
few more cleanups
7 months ago
drduh
c6052c9028
simplify console output, use generic info
7 months ago
drduh
fbd7008a16
more grammar and formatting
7 months ago
drduh
152f7fb262
grammar and style
7 months ago
drduh
cfe0fa282d
grammar and standardize storage terminology
7 months ago
drduh
24ca007315
standardize Certify/Subkeys, easier command copy, organize links
7 months ago
drduh
c0b4ca6f78
Merge pull request #416 from Paraphraser/20240210-disable-ccid-master
...
add step to set `disable-ccid` in `scdaemon.conf`
7 months ago
Phill Kelley
5c3a4e8b18
fix rookie mistake
...
Add a one-liner that works. Then think about the context and decide to
recommend a rearrangement. And then muck up the consequential adjustment
of the original one-liner. I think I got a badge for that in the scouts.
Well spotted. Sorry.
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
7 months ago
drduh
b2d55a80de
Merge pull request #408 from jpickwell/patch-1
...
Quote Debian Live ISO URL, and add $ to AWK RegExp.
7 months ago
drduh
db9316a8ce
Merge pull request #411 from motiejus/motiejus-flake
...
NixOS Live Image: convert to a flake
7 months ago
drduh
87cb057de5
Merge pull request #414 from colingrady/genuine_link
...
Update link to genuine device check info
7 months ago
Phill Kelley
f8fcb0c2d1
add step to set `disable-ccid` in `scdaemon.conf`
...
Issue #404 reports "GPG acts like my YubiKey isn't plugged in".
With GnuPG 2.3 and later, the system can get into a loop where it
prompts for insertion of a YubiKey even though that YubiKey is already
connected.
The solution for this is to set `disable-ccid` in
`~/.gnupg/scdaemon.conf`.
Testing suggests setting `disable-ccid` does not interfere with earlier
versions of GnuPG (eg 2.2.27 on Debian Bullseye or 2.2.40 on Debian
Bookworm).
This problem has also been mentioned in #277 and #256 . Including a step
in the Guide to set `disable-ccid` may help minimise recurrence.
Also takes the opportunity to ensure `~/.gnupg` directory exists on a
new system before downloading `gpg.conf`.
References:
* Ludovic Rousseau
- [GnuPG and PC/SC conflicts](https://ludovicrousseau.blogspot.com/2019/06/gnupg-and-pcsc-conflicts.html )
* GnuPG.org:
- [Scdaemon Options](https://www.gnupg.org/documentation/manuals/gnupg/Scdaemon-Options.html#index-disable_002dccid )
* YubiCo:
- [Resolving GPG's CCID conflicts](https://support.yubico.com/hc/en-us/articles/4819584884124-Resolving-GPG-s-CCID-conflicts )
- [Troubleshooting Issues with GPG](https://support.yubico.com/hc/en-us/articles/360013714479-Troubleshooting-Issues-with-GPG )
* Closed issues:
- [277 pcscd: Error Reader Exclusive](https://github.com/drduh/YubiKey-Guide/issues/277 )
- [256 Update scdaemon.conf for gnupg 2.3 with MacOS (and possibly others)](https://github.com/drduh/YubiKey-Guide/issues/256 )
Fixes #404
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
7 months ago
Motiejus Jakštys
84c9d9654d
NixOS Live Image: convert to a flake
...
Now `nixpkgs` will be pointing to a specific release, which has a much
smaller chance to unexpectedly break. Currently 23.11. The next one will
be 24.05, 24.11, etc.
NixOS *releases* receive security updates, but packages are upgraded
conservatively, thus don't generally break. As a result, we should need
to worry about NixOS upgrades every 6-12 months. The upgrade means "bump
the version number and try to build it". If it breaks, it will generally
break only then. Less reactive, more proactive surprises.
`flake.nix` was written by @thomaseizinger in
https://github.com/drduh/YubiKey-Guide/issues/406 . Changes from the
original:
- change Gnome to xfce. Now it loads with 384MB of RAM and works well
with the simplest graphics (hello qemu).
- less nasty workaround for hopenpgp-tools. Fixed upstream
(https://github.com/NixOS/nixpkgs/pull/279117 ).
- do not default `copytoram`, user can select this option in the
bootloader.
Here is how to test it:
```
$ nix run .#nixosConfigurations.yubikeyLive.x86_64-linux.config.system.build.vm
```
*Note for the maintainer*: it would be great if you could occasionally
run `nix flake update --commit-lock-file`, *especially* after updating
github.com/drduh/config.git.
Fixes #406
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
8 months ago
Colin Grady
80a90f8813
Update link to genuine device check info
8 months ago
Jordan Pickwell
adf11bfdd5
Update README.md
...
Quote ISO URL, and add `$` RegExp end-of-string anchor to return only the ISO file and none of the other entries that contain `xfce.iso`.
This avoids unnecessary cURL errors.
9 months ago
drduh
f2e5ef2c18
Merge pull request #401 from wildwestrom/master
...
Fix NixOS image: replace deprecated option boot.cleanTmpDir -> boot.tmp.cleanOnBoot
9 months ago
West
7dedee95e0
Fix deprecated boot.cleanTmpDir for boot.tmp.cleanOnBoot
11 months ago
drduh
c41729520f
Merge pull request #399 from drduh/wip-15oct23
...
Remove ancient keyservers
11 months ago
drduh
f76004cffc
Update debian version
11 months ago
drduh
41f3cce9f0
Remove ancient keyservers
11 months ago
drduh
703c6aa37f
Merge pull request #386 from Xronophobe/docs/update-debian-12-live
...
add notes for installing #Required Software on Debian 12
11 months ago
drduh
5d1e524af5
Merge pull request #387 from dkarlovi/patch-1
...
fix: add an explicit example about publishing the pubkey when expiring
11 months ago
drduh
ce29f5db92
Merge pull request #395 from alhirzel/patch-1
...
Add link to "makegpg" tool
11 months ago
drduh
dc201e90cd
Merge pull request #396 from zeorin/fix/nixos
...
Fix NixOS LiveCD image build
11 months ago
drduh
320f4ef4cb
Merge pull request #398 from askiiart/master
...
Update rpmsphere version
11 months ago
Xandor Schiefer
687ff41fb0
fix: use `nix-build` instead of `nix build`
...
`nix build` is a new "Nix command" that is technically still experimental.
11 months ago
Xandor Schiefer
6c422ee16f
fix: update `hopenpgp-tools` in the NixOS build
...
Fixes https://github.com/drduh/YubiKey-Guide/issues/370 .
11 months ago
askiiart
1035e1ab39
Update rpmsphere version
11 months ago
Alex Hirzel
3f92a76287
Add link to "makegpg" tool
1 year ago
Csanad Beres
d4b3e5215b
add note for installing yubikey-manager on Debian 12
1 year ago
Csanad Beres
ec47fa32d6
add note on installing hopenpgp-tools on Debian 12
1 year ago
Dalibor Karlović
2383a66823
fix bad copy paste
1 year ago
drduh
4a641dffd0
Merge pull request #391 from FedericoSchonborn/master
...
Required Software/NixOS: Replace yubioath-desktop with yubioath-flutter
1 year ago
drduh
f486224f5d
Merge pull request #388 from Paraphraser/20230628-multiple-hosts-master
...
2023-06-28 Add section on setting up multiple hosts
1 year ago
drduh
e89e855bb4
Merge pull request #383 from o-kotb/master
...
Update ykman set-touch instructions
1 year ago
drduh
b62293979b
Merge pull request #380 from smoores-dev/adduid
...
Add instructions for adding a new identity
1 year ago
drduh
b047e2f666
Merge pull request #379 from Dreista/patch-1
...
Fix typo
1 year ago
drduh
649c8fd78e
Merge pull request #377 from taigrr/polkit-req-376
...
add polkit rule troubleshooting tip
1 year ago