I’m an engineer at Brave and I’d like to request auto-connection for u2f-devices for the Brave browser package.
Brave is developed with privacy and security in mind, so putting obstacles in the way of people trying to use their yubikeys is something we’d like to avoid.
+1 for me for auto-connect u2f-devices for brave since it’s a browser (even designed with privacy and security in mind) and this was already discussed and granted for other snaps such as firefox and chromium.
So, it’s been a week - does this require another vote in favor? Like I said, other browsers already have this autoconnection, so this seems like it should be pretty much automatic…
@roadmr, @emitorino the autoconnection works, but requires the u2f device to be (re)connected after the snap starts.
snappy-debug suggested adding hardware-observe and that did the trick. After connecting it manually, my yubikey worked without the need to disconnect and connect it again. However, the docs (https://snapcraft.io/docs/hardware-observe-interface) say the plug can’t be autoconnected, which seems to defeat its purpose, at least in my case.
Interestingly, while Chromium has the same issue as Brave, Firefox doesn’t and it doesn’t use the hardware-observe plug. I thought maybe it was removable-media that they have autoconnected, that made it work, but I tried adding it to Brave and connecting manually and that didn’t solve the problem.
What is the proper way to make u2f devices be detected without having to (re)connect them after the snap starts?
The docs should maybe be updated to be more clear about this, but the interface is just not auto-connected by default, it can be made to be auto-connecting by going through this process by requesting it on the forum.
Sorry I don’t know which interface is needed for your application, I was just pointing out that if your snap needs hardware-observe connected, it can be made to auto-connect by requesting it on this thread.
Eh, actually, hardware-observe doesn’t solve this. Bizarrely, it appears to make it worse. Currently (re)connecting the device makes it work. With hardware-observe, that no longer applies.
So let me ask again - what is the proper way to make u2f devices be detected without having to (re)connect them after the snap starts? I didn’t see it documented anywhere.
Hi! You asked how firefox does it. Its snap-declaration assertion shows the interfaces it has allowed, assertions are not secret so here it goes (plug config only):
Yes, this is still a problem in both Chromium and Brave.
If the yubikey is inserted before the snap is started, an attempt to use it results in
ERROR:udev_watcher.cc(98)] Failed to begin udev enumeration.
This is preceded with
ERROR:object_proxy.cc(577)] Failed to call method: org.freedesktop.DBus.Properties.Get: object_path= /org/freedesktop/portal/desktop: org.freedesktop.DBus.Error.InvalidArgs: No such interface “org.freedesktop.portal.FileChooser”
ERROR:select_file_dialog_linux_portal.cc(285)] Failed to read portal version property
in both Chromium and Brave.
None of this applies to Firefox.
There are some differences in connections between Firefox and Brave/Chromium. The ones that look like the could be relevant include dbus and hardware-observe.
@roadmr should we enable some additional connections to make this work? I could not find the answer in the snap documentation.