Nixpkgs: "Unknown group plugdev" errors from pkgs.libu2f-host

Created on 25 Dec 2019 · 8Comments · Source: NixOS/nixpkgs

Describe the bug

I recently noticed errors in logs around a missing plugdev group:

systemd-udevd[3985]: /nix/store/[...]-udev-rules/70-u2f.rules:20 Unknown group 'plugdev', ignoring
[ ... repeats dozens of times for different lines in 70-u2f.rules ... ]

To Reproduce
Steps to reproduce the behavior:

Add pkgs.libu2f-host to services.udev.packages on a NixOS system built from a recent commit
Follow logs with e.g journalctl --all -f

Expected behavior

No errors in logs.

Additional context

I'm not 100% sure what changed to trigger this error or how to best address it, but the 70-u2f.rules config file does refer to a plugdev group, which commonly is present on other distros:

$ cat /nix/store/<...>/70-u2f.rules
[...]
# Yubico YubiKey
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0200|0402|0403|0406|0407|0410", TAG+="uaccess", GROUP="plugdev", MODE="0660"
[... many more 'plugdev' references ... ]

The group is indeed not present on my NixOS system:

$ cat /etc/group | grep plugdev
$

The 70-u2f.rules udev config seems to be fetched from the libu2f-host package.

Metadata

$ nix run nixpkgs.nix-info -c nix-info -m
 - system: `"x86_64-linux"`
 - host os: `Linux 4.19.89, NixOS, 20.03.git.e3951d2 (Markhor)`

 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.3.1`
 - channels(root): `"nixos-19.03.173676.d1dff0bcd9f"`
 - channels(user): `""`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`

Maintainer information:

# a list of nixpkgs attributes affected by the problem
attribute: libu2f-host
# a list of nixos modules affected by the problem
module:

bug nixos

Source

hkjn

Most helpful comment

@timstott If I'm not mistaken, this comment is not about nixpkgs on non-systemd distros, but other non-systemd distros in general.

As written in https://github.com/Yubico/libu2f-host/issues/116#issuecomment-576022128, we probably can just ignore the warning for now, and remove the udev rule entirely once a systemd with https://github.com/systemd/systemd/commit/d45ee2f31a8358db0accde2e7c81777cedadc3c2 has landed in nixpkgs.

flokli on 19 Jan 2020

👍2

All 8 comments

I see 2 ways of fixing this:

a) just adding the plugdev group - this group is used in older Debian/Ubuntu distributions to indicate the device can be mounted using pmount

b) removing GROUP="plugdev" from udev files as TAG+="uaccess" should be enough

prusnak on 25 Dec 2019

A simple nixpkgs search shows there are more modules/packages using the plugdev group such as:

nixos/modules/hardware/onlykey.udev
nixos/modules/hardware/openrazer.nix
pkgs/tools/security/nitrokey-app/udev-rules.nix
pkgs/applications/radio/hackrf/default.nix

and upstream packages tarballs used in:

pkgs/development/tools/misc/openocd/default.nix
pkgs/development/libraries/libftdi/1.x.nix
pkgs/tools/bluetooth/openobex/default.nix

In pkgs/os-specific/linux/trezor-udev-rules/default.nix we replace the the plugdev group with the trezord group.

prusnak on 25 Dec 2019

Since we don't include that group by default like Debian does, we should probably remove these references to plugdev. Users can always add their own custom udev rules if they want special group handling.

matthewbauer on 26 Dec 2019

Looking at https://github.com/systemd/systemd/issues/4288, TAG+="uaccess" seems to be the right way forward for most of these rules.

We might just want to patch those to use it, and upstream these patches.

flokli on 29 Dec 2019

@flokli most of the affected udev files already have TAG+="uaccess"; they just include the plugdev group for older Debian/Ubuntu distros. This is indeed obsolete method, so fix is indeed just a matter of removing this from the udev files.

prusnak on 29 Dec 2019

According to this comment removing GROUP="plugdev" breaks some non-systemd distros where nixpkgs maybe independently installed.

What are your thoughts on removing the offending rule via nixos/modules/services/hardware/u2f.nix? Same approach can be taken with other nixos/modules. This would preserve backward compatibility with non NixOS systems.