Nitrokey FIDO2 does not work with Chromium snap

the7thstranger · August 18, 2021, 11:48pm

I have a Nitrokey FIDO2, which unfortunately does not work at all with the Chromium snap by default. (It works fine with the Firefox deb on Ubuntu or the Chromium deb on Debian.)

This problem can be fixed by adding the following lines to /etc/udev/rules.d/70-snap.chromium.rules:

# u2f-devices
# Nitrokey FIDO2
SUBSYSTEM=="hidraw", KERNEL=="hidraw*", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="42b1", TAG+="snap_chromium_chromium"
TAG=="snap_chromium_chromium", RUN+="/usr/lib/snapd/snap-device-helper $env{ACTION} snap_chromium_chromium $devpath $major:$minor"

and then running sudo udevadm control --reload-rules && sudo udevadm trigger

After that, it works perfectly well.

The Yubico YubiKey is already present with a very similar line, so this is merely a case of a missing rule, meaning that it can be fixed very easily.

I have opened a bug on Launchpad as well.

I was wondering where the 70-snap.chromium.rules file comes from. dpkg -S /etc/udev/rules.d/70-snap.chromium.rules doesn’t find anything, so does that mean that it’s part of the Chromium snap? Or snapd? I would like this fix to be upstreamed somehow, but I don’t know where to start.

ijohnson · August 19, 2021, 1:19am

This file is generated by snapd dynamically depending on the interfaces connected for the chromium snap at runtime. Probably we just need to update the u2f-devices interface (again). If you are comfortable, take a look at this PR for an example of where to change the code: https://github.com/snapcore/snapd/pull/10080

You’ll want to add an identical element like the existing Nitrokey FIDO here:

github.com

snapcore/snapd/blob/ce844255c3725e1fbd609050698f1a8a690d923a/interfaces/builtin/u2f_devices.go#L100-L104


	{
		Name:             "Nitrokey FIDO U2F",
		VendorIDPattern:  "20a0",
		ProductIDPattern: "4287",
	},

with the same VendorIDPattern and the new ProductIDPattern (it appears to be 42b1 from your comment).