[Bug 1283296] Review Request: pam-u2f - PAM authentication over U2F

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1283296



--- Comment #22 from Seth Jennings  ---
Wow, so I've slacked off on this package like crazy!  Apologies.

I'm opening new bugs to track the issues raised, since this bug is closed.

Was able to recreate the selinux issue.  Opened this bug against
selinux-policy:
https://bugzilla.redhat.com/show_bug.cgi?id=1377451

FYI, full type enforcement needed is:

module my-login 1.0;

require {
type local_login_t;
type udev_var_run_t;
class file { getattr open read };
}

#= local_login_t ==
allow local_login_t udev_var_run_t:file { getattr open read };

Re: env vars issue, the upstream issue is closed and seems to be address by
1.0.4.  Just need to update the package to that version.  Opening a bug to
track for bodhi purposes:
https://bugzilla.redhat.com/show_bug.cgi?id=1377455

Re: README
https://bugzilla.redhat.com/show_bug.cgi?id=1377459

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1283296] Review Request: pam-u2f - PAM authentication over U2F

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1283296



--- Comment #21 from James  ---
Any advance on the selinux issue?

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1283296] Review Request: pam-u2f - PAM authentication over U2F

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1283296

Fedora Update System  changed:

   What|Removed |Added

 Status|ON_QA   |CLOSED
 Resolution|--- |ERRATA
Last Closed||2016-05-04 14:54:23



-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1283296] Review Request: pam-u2f - PAM authentication over U2F

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1283296



--- Comment #20 from Fedora Update System  ---
pam-u2f-1.0.3-5.fc23 has been pushed to the Fedora 23 stable repository. If
problems still persist, please make note of it in this bug report.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/package-review@lists.fedoraproject.org

[Bug 1283296] Review Request: pam-u2f - PAM authentication over U2F

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1283296

Seth Jennings  changed:

   What|Removed |Added

 CC||sjenn...@redhat.com



--- Comment #19 from Seth Jennings  ---
Fred, the package is already in the repos.  The selinux issue is still
outstanding.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1283296] Review Request: pam-u2f - PAM authentication over U2F

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1283296

fred  changed:

   What|Removed |Added

 CC||fredo...@gmail.com



--- Comment #18 from fred  ---
Hi,
I just got offered a yubikey, any news on the support front ? 
Thanks

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1283296] Review Request: pam-u2f - PAM authentication over U2F

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1283296



--- Comment #17 from Seth Jennings  ---
Sorry for the delayed reply.

(In reply to Georg Sauthoff from comment #16)
> I've tested it on Fedora 23 and it doesn't work with SELinux set to enforce
> (the default setting).
> 
> Only after executing
> 
> semanage permissive -a local_login_t
> 
> the module worked.
> 
> Also, a Fedora specific README would be helpful - i.e. one where it is
> described what files you have to change in what way.

Yes, a Fedora README would be a good idea.

> 
> For example, I wanted to configure U2F as 2nd factor in addition to password
> authentication - for locale console logins and gnome shell (including
> unlocking a locked screen). I've managed to do that via adding this line
> before the `auth ... pasword-auth` line in /etc/pam.d/{login,gdm-password}:
> 
> auth requisite pam_u2f.so debug authfile=/etc/u2f_mappings interactive
> 
> (and filling /etc/u2f_mappings with output from pamu2fcfg)
> 
> In addition to that, the Fedora README could also mention pamu2fcfg.
> 
> More SELinux details:
> 
> The SELinux audit messages looked like this (before executing semanage
> permissive):
> 
> type=AVC msg=audit(1452281803.756:2262): avc:  denied  { read } for 
> pid=11098 comm="login" name="c248:0" dev="tmpfs" ino=14836
> scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=0
> type=AVC msg=audit(1452281803.756:2263): avc:  denied  { read } for 
> pid=11098 comm="login" name="c248:1" dev="tmpfs" ino=14839
> scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=0
> type=AVC msg=audit(1452281803.757:2264): avc:  denied  { read } for 
> pid=11098 comm="login" name="c248:2" dev="tmpfs" ino=894548
> scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=0
> type=AVC msg=audit(1452281803.757:2265): avc:  denied  { read } for 
> pid=11098 comm="login" name="c248:3" dev="tmpfs" ino=895813
> scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=0
> type=AVC msg=audit(1452281803.758:2266): avc:  denied  { read } for 
> pid=11098 comm="login" name="c248:4" dev="tmpfs" ino=894573
> scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=0
> type=AVC msg=audit(1452281803.758:2267): avc:  denied  { read } for 
> pid=11098 comm="login" name="c248:5" dev="tmpfs" ino=910340
> scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=0
> type=AVC msg=audit(1452281803.759:2268): avc:  denied  { read } for 
> pid=11098 comm="login" name="c248:6" dev="tmpfs" ino=908284
> scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=0

I didn't try to use it for console logins so it seems there is an selinux
policy issue there.  I'll check it out.

> 
> 
> The tool audit2allow suggests:
> 
> #= local_login_t ==
> allow local_login_t udev_var_run_t:file read;


Thanks for the testing!

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1283296] Review Request: pam-u2f - PAM authentication over U2F

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1283296



--- Comment #16 from Georg Sauthoff  ---
I've tested it on Fedora 23 and it doesn't work with SELinux set to enforce
(the default setting).

Only after executing

semanage permissive -a local_login_t

the module worked.

Also, a Fedora specific README would be helpful - i.e. one where it is
described what files you have to change in what way.

For example, I wanted to configure U2F as 2nd factor in addition to password
authentication - for locale console logins and gnome shell (including unlocking
a locked screen). I've managed to do that via adding this line before the `auth
... pasword-auth` line in /etc/pam.d/{login,gdm-password}:

auth requisite pam_u2f.so debug authfile=/etc/u2f_mappings interactive

(and filling /etc/u2f_mappings with output from pamu2fcfg)

In addition to that, the Fedora README could also mention pamu2fcfg.

More SELinux details:

The SELinux audit messages looked like this (before executing semanage
permissive):

type=AVC msg=audit(1452281803.756:2262): avc:  denied  { read } for  pid=11098
comm="login" name="c248:0" dev="tmpfs" ino=14836
scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023
tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=0
type=AVC msg=audit(1452281803.756:2263): avc:  denied  { read } for  pid=11098
comm="login" name="c248:1" dev="tmpfs" ino=14839
scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023
tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=0
type=AVC msg=audit(1452281803.757:2264): avc:  denied  { read } for  pid=11098
comm="login" name="c248:2" dev="tmpfs" ino=894548
scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023
tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=0
type=AVC msg=audit(1452281803.757:2265): avc:  denied  { read } for  pid=11098
comm="login" name="c248:3" dev="tmpfs" ino=895813
scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023
tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=0
type=AVC msg=audit(1452281803.758:2266): avc:  denied  { read } for  pid=11098
comm="login" name="c248:4" dev="tmpfs" ino=894573
scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023
tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=0
type=AVC msg=audit(1452281803.758:2267): avc:  denied  { read } for  pid=11098
comm="login" name="c248:5" dev="tmpfs" ino=910340
scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023
tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=0
type=AVC msg=audit(1452281803.759:2268): avc:  denied  { read } for  pid=11098
comm="login" name="c248:6" dev="tmpfs" ino=908284
scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023
tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=0


The tool audit2allow suggests:

#= local_login_t ==
allow local_login_t udev_var_run_t:file read;

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1283296] Review Request: pam-u2f - PAM authentication over U2F

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1283296

Fedora Update System  changed:

   What|Removed |Added

 Status|MODIFIED|ON_QA



--- Comment #15 from Fedora Update System  ---
pam-u2f-1.0.3-5.fc23 has been pushed to the Fedora 23 testing repository. If
problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here:
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f047c98286

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1283296] Review Request: pam-u2f - PAM authentication over U2F

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1283296

Fedora Update System  changed:

   What|Removed |Added

 Status|POST|MODIFIED



-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1283296] Review Request: pam-u2f - PAM authentication over U2F

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1283296



--- Comment #14 from Fedora Update System  ---
pam-u2f-1.0.3-5.fc23 has been submitted as an update to Fedora 23.
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f047c98286

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1283296] Review Request: pam-u2f - PAM authentication over U2F

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1283296



--- Comment #13 from Jon Ciesla  ---
Package request has been approved:
https://admin.fedoraproject.org/pkgdb/package/pam-u2f

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1283296] Review Request: pam-u2f - PAM authentication over U2F

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1283296

Zbigniew Jędrzejewski-Szmek  changed:

   What|Removed |Added

 Status|ASSIGNED|POST



-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1283296] Review Request: pam-u2f - PAM authentication over U2F

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1283296

Zbigniew Jędrzejewski-Szmek  changed:

   What|Removed |Added

   See Also||https://bugzilla.redhat.com
   ||/show_bug.cgi?id=1292687
  Flags|fedora-review?  |fedora-review+



--- Comment #12 from Zbigniew Jędrzejewski-Szmek  ---
INFO: No upstream for (Source2): gpgkey-D3994701.gpg
It would be nice to provide a full URL.

General recommendation is to have BuildRequires on separate lines, because this
makes later diffs much easier to read.

%autosetup macro would be nice here (%autosetup -n ... -p1), because then you
can remove the %patchN lines.

%description should end in a dot (repeated from comment #5).

The key verification checking fails, see linked bug.

- license is OK (BSD)
- license file is present, %license is used
- license matches headers
- latest version
- no scriptlets
- provides/requires look sane
- I did some small testing and it seems to work as expected (I don't have the
hardware, but it seems to be trying to do the right things...)

rpmlint:
Checking: pam-u2f-1.0.3-4.fc24.x86_64.rpm
  pamu2fcfg-1.0.3-4.fc24.x86_64.rpm
  pam-u2f-debuginfo-1.0.3-4.fc24.x86_64.rpm
  pam-u2f-1.0.3-4.fc24.src.rpm
pam-u2f.x86_64: W: spelling-error %description -l en_US authenticators ->
authentication, authenticates, authenticate
pam-u2f.src: W: spelling-error %description -l en_US authenticators ->
authentication, authenticates, authenticate
4 packages and 0 specfiles checked; 0 errors, 2 warnings.

So the packaging side looks OK. There are some small issues pointed out above.
Package is APPROVED.

I think it would be worthwhile to have someone from the security team look this
code over. This is normally not part of a review, but I strongly recommend
contacting
the security team [https://fedoraproject.org/wiki/Security_Team].

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1283296] Review Request: pam-u2f - PAM authentication over U2F

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1283296



--- Comment #11 from Seth Jennings  ---
Updated with upstream patches

Spec URL: https://www.variantweb.net/pub/review/pam-u2f.spec
SRPM URL: https://www.variantweb.net/pub/review/pam-u2f-1.0.3-4.fc23.src.rpm

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1283296] Review Request: pam-u2f - PAM authentication over U2F

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1283296

Zbigniew Jędrzejewski-Szmek  changed:

   What|Removed |Added

 Status|NEW |ASSIGNED
   Assignee|nob...@fedoraproject.org|zbys...@in.waw.pl
  Flags||fedora-review?



--- Comment #9 from Zbigniew Jędrzejewski-Szmek  ---
It seems that the issue has been patched upstream. Can you prepare an updated
srpm with the patches?

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1283296] Review Request: pam-u2f - PAM authentication over U2F

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1283296



--- Comment #10 from Seth Jennings  ---
(In reply to Zbigniew Jędrzejewski-Szmek from comment #9)
> It seems that the issue has been patched upstream. Can you prepare an
> updated srpm with the patches?

Thanks, will do!

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1283296] Review Request: pam-u2f - PAM authentication over U2F

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1283296



--- Comment #7 from Zbigniew Jędrzejewski-Szmek  ---
> Where can the environment variable DEFAULT_AUTHFILE_DIR_VAR come from?

So, this module uses a number of environment variables
($DEFAULT_AUTHFILE_DIR_VAR, $XDG_CONFIG_HOME at least). To try it out, I added
"auth require pam_u2f.so debug origin=pam://$HOSTNAME appid=pam://$HOSTNAME" as
the first line in /etc/pam.d/su-l, and then I run:

$ su -
[pam-u2f.c:parse_cfg(48)] called.
[pam-u2f.c:parse_cfg(49)] flags 0 argc 3
[pam-u2f.c:parse_cfg(51)] argv[0]=debug
[pam-u2f.c:parse_cfg(51)] argv[1]=origin=pam://$HOSTNAME
[pam-u2f.c:parse_cfg(51)] argv[2]=appid=pam://$HOSTNAME
[pam-u2f.c:parse_cfg(52)] max_devices=0
[pam-u2f.c:parse_cfg(53)] debug=1
[pam-u2f.c:parse_cfg(54)] interactive=0
[pam-u2f.c:parse_cfg(55)] cue=0
[pam-u2f.c:parse_cfg(56)] manual=0
[pam-u2f.c:parse_cfg(57)] nouserok=0
[pam-u2f.c:parse_cfg(58)] alwaysok=0
[pam-u2f.c:parse_cfg(59)] authfile=(null)
[pam-u2f.c:parse_cfg(60)] origin=pam://$HOSTNAME
[pam-u2f.c:parse_cfg(61)] appid=pam://$HOSTNAME
[pam-u2f.c:pam_sm_authenticate(124)] Maximum devices number not set. Using
default (24)
[pam-u2f.c:pam_sm_authenticate(142)] Requesting authentication for user root
[pam-u2f.c:pam_sm_authenticate(153)] Found user root
[pam-u2f.c:pam_sm_authenticate(154)] Home directory for root is /root
[pam-u2f.c:pam_sm_authenticate(161)] Variable XDG_CONFIG_HOME is not set. Using
default value ($HOME/.config/)
[pam-u2f.c:pam_sm_authenticate(193)] Using default authentication file
/root/.config/Yubico/u2f_keys
[util.c:get_devices_from_authfile(34)] Cannot open file:
/root/.config/Yubico/u2f_keys (No such file or directory)
[pam-u2f.c:pam_sm_authenticate(211)] Unable to get devices from file
/root/.config/Yubico/u2f_keys
[pam-u2f.c:pam_sm_authenticate(259)] done. [Authentication service cannot
retrieve authentication info]
Password: 

Question: I'd expect the auth process to fail, since "require" is used.

In the logs I see:

Dec 06 19:38:28 rawhide su[9137]: PAM pam_parse: expecting return value;
[...require]

Looks like an error in the module.

Then I run:
$ XDG_CONFIG_HOME=/home/test su -
[pam-u2f.c:parse_cfg(48)] called.
[pam-u2f.c:parse_cfg(49)] flags 0 argc 3
[pam-u2f.c:parse_cfg(51)] argv[0]=debug
[pam-u2f.c:parse_cfg(51)] argv[1]=origin=pam://$HOSTNAME
[pam-u2f.c:parse_cfg(51)] argv[2]=appid=pam://$HOSTNAME
[pam-u2f.c:parse_cfg(52)] max_devices=0
[pam-u2f.c:parse_cfg(53)] debug=1
[pam-u2f.c:parse_cfg(54)] interactive=0
[pam-u2f.c:parse_cfg(55)] cue=0
[pam-u2f.c:parse_cfg(56)] manual=0
[pam-u2f.c:parse_cfg(57)] nouserok=0
[pam-u2f.c:parse_cfg(58)] alwaysok=0
[pam-u2f.c:parse_cfg(59)] authfile=(null)
[pam-u2f.c:parse_cfg(60)] origin=pam://$HOSTNAME
[pam-u2f.c:parse_cfg(61)] appid=pam://$HOSTNAME
[pam-u2f.c:pam_sm_authenticate(124)] Maximum devices number not set. Using
default (24)
[pam-u2f.c:pam_sm_authenticate(142)] Requesting authentication for user root
[pam-u2f.c:pam_sm_authenticate(153)] Found user root
[pam-u2f.c:pam_sm_authenticate(154)] Home directory for root is /root
[pam-u2f.c:pam_sm_authenticate(178)] Variable XDG_CONFIG_HOME set to /home/test
[pam-u2f.c:pam_sm_authenticate(193)] Using default authentication file
/home/test/Yubico/u2f_keys
[util.c:get_devices_from_authfile(34)] Cannot open file:
/home/test/Yubico/u2f_keys (No such file or directory)
[pam-u2f.c:pam_sm_authenticate(211)] Unable to get devices from file
/home/test/Yubico/u2f_keys
[pam-u2f.c:pam_sm_authenticate(259)] done. [Authentication service cannot
retrieve authentication info]
Password: 

As you can see, "Requesting authentication for user root", but it's happy to
read configuration from a user specified file. This doesn't seem right.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1283296] Review Request: pam-u2f - PAM authentication over U2F

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1283296



--- Comment #8 from Zbigniew Jędrzejewski-Szmek  ---
I filed https://github.com/Yubico/pam-u2f/issues/28 to resolve this upstream.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1283296] Review Request: pam-u2f - PAM authentication over U2F

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1283296

Seth Jennings  changed:

   What|Removed |Added

 CC||sjenn...@redhat.com



--- Comment #6 from Seth Jennings  ---
Fixed.  Thanks Zbigniew!

Spec URL: https://www.variantweb.net/pub/review/pam-u2f.spec
SRPM URL: https://www.variantweb.net/pub/review/pam-u2f-1.0.3-3.fc23.src.rpm

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1283296] Review Request: pam-u2f - PAM authentication over U2F

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1283296

Zbigniew Jędrzejewski-Szmek  changed:

   What|Removed |Added

 CC||zbys...@in.waw.pl



--- Comment #5 from Zbigniew Jędrzejewski-Szmek  ---
find -exec rm -f {} ';' can be replaced with find -delete.

It is nice to put BuildRequires/Requires each on a separate line.

%description should end in a dot.

The module should not Require pam: it is a plugin for pam. It already has an
automatically generated dependency on libpam.so, and that is enough. Other pam
modules do not Require pam.

Where can the environment variable DEFAULT_AUTHFILE_DIR_VAR come from?

I didn't look at pamu2fcfg, but the code of the pam module appears to be
carefully written, looks correct.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1283296] Review Request: pam-u2f - PAM authentication over U2F

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1283296

Till Maas  changed:

   What|Removed |Added

 CC||opensou...@till.name



--- Comment #3 from Till Maas  ---
- There is a typo in the description for pamu2fcfg: "too" instead of "tool"

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1283296] Review Request: pam-u2f - PAM authentication over U2F

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1283296



--- Comment #4 from Seth Jennings  ---
(In reply to Till Maas from comment #3)
> - There is a typo in the description for pamu2fcfg: "too" instead of "tool"

Fixed.  Thanks Till.

Spec URL: https://www.variantweb.net/pub/review/pam-u2f.spec
SRPM URL: https://www.variantweb.net/pub/review/pam-u2f-1.0.3-2.fc23.src.rpm

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1283296] Review Request: pam-u2f - PAM authentication over U2F

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1283296

Seth Jennings  changed:

   What|Removed |Added

 Attachment|0   |1
#1096146 is||
   obsolete||



--- Comment #2 from Seth Jennings  ---
Created attachment 1096147
  --> https://bugzilla.redhat.com/attachment.cgi?id=1096147=edit
fedora-review

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Bug 1283296] Review Request: pam-u2f - PAM authentication over U2F

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1283296



--- Comment #1 from Seth Jennings  ---
Created attachment 1096146
  --> https://bugzilla.redhat.com/attachment.cgi?id=1096146=edit
fedora-review

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review