Comments (7)
Okay, I figured this mess out. It's all in #442.
from glasgow.
Yes, I'd also suggest adding sudo udevadm control --reload
to the documentation (AFAICT some systems will do it based on inotify of file writes, and some systems won't).
There's also sudo udevadm trigger
(which can take options to match to a specific device, but I've not looked up the exact Glasgow match). The "trigger" will reapply the updated udev rules to an already plugged in device, as if it was plugged in again. It might be worth suggesting that rather than needing people to unplug/replug the device.
IIRC plugdev
as a group is a Debian / Ubuntu thing. I'm not quickly finding it on some RHEL / CentOS systems I've checked either (and online references suggest it won't be on Fedora either). I'm not sure what other group name would be common across all Linux that would make sense here; dialout
is a bit more common across Linux distros, but not really the right group (it's intended for serial TTYs). Possibly the sudo
group which is somewhat common across distros? (For reference Debian System Groups.)
Ewen
from glasgow.
One of the issues here is that TAG+="uaccess"
, which is the mechanism that's supposed to replace static groups, doesn't work on my (Debian) system for unknown reasons and is undocumented, like is usual for systemd. Someone who isn't me is going to deal with that.
(Actually, looking at this description it would simply not work unless you relogin to your desktop, which is insane, and so I hope the description is wrong.)
I'm going to close this issue because I don't want to deal with broken and undocumented systemd stuff. Anyone who has a demonstrably working solution (which works across OSes and with/without systemd) is welcome to offer a PR updating the udev rules. If the current state of udev rules is unsatisfying (due to missing plugdev
group) I offer MODE:="0666"
though since the Glasgow hardware is FX2-based this can probably effectively give a determined attacker root (e.g. by making it re-enumerate as a keyboard and hijacking a sudo
invocation or something like that) and it's probably not something that should be done on shared machines.
I've opened #442 to track the addition of udevadm
command, which seems incontroversial and simple.
from glasgow.
Looking carefully at Debian's SystemGroups page it seems that our current use of the plugdev group is actually a misuse, since it's not a disk:
plugdev: Allows members to mount (only with the options nodev and nosuid, for security reasons) and umount removable devices through pmount.
What a mess.
from glasgow.
I made some progress in figuring out what went wrong with TAG+="uaccess"
: it looks like it also needs TAG+="udev-acl"
:
SUBSYSTEM=="usb", ATTRS{idVendor}=="20b7", ATTRS{idProduct}=="9db1", TAG+="uaccess", TAG+="udev-acl"
With this rules file, the device does get an ACL applied:
$ getfacl /dev/bus/usb/001/004
getfacl: Removing leading '/' from absolute path names
# file: dev/bus/usb/001/004
# owner: root
# group: plugdev
user::rw-
user:whitequark:rw-
group::rw-
mask::rw-
other::r--
but it's still not accessible:
$ glasgow list
Traceback (most recent call last):
File "/home/whitequark/.local/bin/glasgow", line 8, in <module>
sys.exit(main())
^^^^^^
File "/home/whitequark/Projects/glasgow/software/glasgow/cli.py", line 919, in main
exit(loop.run_until_complete(_main()))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/asyncio/base_events.py", line 653, in run_until_complete
return future.result()
^^^^^^^^^^^^^^^
File "/home/whitequark/Projects/glasgow/software/glasgow/cli.py", line 882, in _main
for serial in sorted(GlasgowHardwareDevice.enumerate_serials()):
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/whitequark/Projects/glasgow/software/glasgow/device/hardware.py", line 171, in enumerate_serials
devices = cls._enumerate_devices(usb_context)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/whitequark/Projects/glasgow/software/glasgow/device/hardware.py", line 92, in _enumerate_devices
handle = device.open()
^^^^^^^^^^^^^
File "/home/whitequark/.local/pipx/venvs/glasgow/lib/python3.11/site-packages/usb1/__init__.py", line 2055, in open
mayRaiseUSBError(libusb1.libusb_open(self.device_p, byref(handle)))
File "/home/whitequark/.local/pipx/venvs/glasgow/lib/python3.11/site-packages/usb1/__init__.py", line 127, in mayRaiseUSBError
__raiseUSBError(value)
File "/home/whitequark/.local/pipx/venvs/glasgow/lib/python3.11/site-packages/usb1/__init__.py", line 119, in raiseUSBError
raise __STATUS_TO_EXCEPTION_DICT.get(value, __USBError)(value)
usb1.USBErrorAccess: LIBUSB_ERROR_ACCESS [-3]
Why? Who knows.
from glasgow.
usb1.USBErrorAccess: LIBUSB_ERROR_ACCESS [-3]
This error message is terrible, I've fixed it in #442. It now looks like:
$ glasgow list
E: g.device.hardware: missing permissions to open device 001/006
Then you can look at /dev/bus/usb/001/006
to see what's preventing you from accessing it. (We can't print the path because it differs between systems; this code is architecture-independent but devtmpfs usb nodes are Linux-specific obviously.)
from glasgow.
I made some progress in figuring out what went wrong with
TAG+="uaccess"
: it looks like it also needsTAG+="udev-acl"
:
What's weird is that the Debian rules apply the plugdev
group to the /dev/bus/usb device file whenever both of those tags are present, which seems to contradict Debian's own wiki on which devices should go to plugdev
.
Scratch all of this; I was looking at the wrong device file, the tags have never worked in first place.
from glasgow.
Related Issues (20)
- Devices may "forget" firmware. HOT 4
- Add host OS version to `--version` output HOT 6
- Add social media card to the docs HOT 1
- Add a flag to `glasgow factory` which indicates that the device has been modified from the original design
- "glasgow --version" produces TypeError: entry_points() got an unexpected keyword argument 'group' HOT 10
- Calling `exit()` from script / REPL does not terminate glasgow HOT 1
- Mention cases (3d-printable as well) in the documentation HOT 2
- glasgow build also has importlib issues with python <3.10
- Add the very nice diagrams from CrowdSupply packaging on the website
- running Glasgow exectutable produces "TypeError: expected string or bytes-like object" in packaging\utils.py HOT 21
- Export BOM for revC3 and add whichever script generates it in the tree
- Extract test code from each applet to a separate `test.py` file HOT 1
- Python 3.12 is not supported
- Update bitstruct to use Python type annotations
- Documentation: REPL: suggestions for UART example HOT 1
- [RFC draft] New pin management system HOT 1
- Merge queue ignores failing tests and merges PRs anyway
- Reproducible builds for the firmware
- [RFC] Use Nix instead of Docker for reproducible firmware builds HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from glasgow.