From f7f719b153bd82776f39c9d4b7828b0b4ec5aa5e Mon Sep 17 00:00:00 2001 From: Manuel Thalmann Date: Fri, 3 May 2024 01:40:09 +0200 Subject: [PATCH 1/5] Add `okular` as a markdown viewer --- flake.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/flake.nix b/flake.nix index 789b70f..99f4d80 100644 --- a/flake.nix +++ b/flake.nix @@ -149,6 +149,9 @@ # This guide itself (run `view-yubikey-guide` on the terminal # to open it in a non-graphical environment). yubikeyGuide + + # PDF and Markdown viewer + okular ]; # Disable networking so the system is air-gapped From 841785582988d236d2c97de16f962eeb115c9ed3 Mon Sep 17 00:00:00 2001 From: Manuel Thalmann Date: Fri, 3 May 2024 01:43:36 +0200 Subject: [PATCH 2/5] Disable screen saver --- flake.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 789b70f..3112cb0 100644 --- a/flake.nix +++ b/flake.nix @@ -78,7 +78,10 @@ # Comment out to run in a console for a smaller iso and less RAM. xserver = { enable = true; - desktopManager.xfce.enable = true; + desktopManager.xfce = { + enable = true; + enableScreensaver = false; + }; displayManager = { lightdm.enable = true; autoLogin = { From c4541aab99ac19e926415cf2555f458b3a60588a Mon Sep 17 00:00:00 2001 From: Manuel Thalmann Date: Fri, 3 May 2024 01:46:02 +0200 Subject: [PATCH 3/5] Fix non-existent guide icon --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 789b70f..26ac54b 100644 --- a/flake.nix +++ b/flake.nix @@ -38,7 +38,7 @@ ''; shortcut = pkgs.makeDesktopItem { name = "yubikey-guide"; - icon = "${pkgs.yubikey-manager-qt}/share/ykman-gui/icons/ykman.png"; + icon = "${pkgs.yubikey-manager-qt}/share/icons/hicolor/128x128/apps/ykman.png"; desktopName = "drduh's YubiKey Guide"; genericName = "Guide to using YubiKey for GnuPG and SSH"; comment = "Open the guide in a reader program"; From 21eb55c899b601fd0fa2a92a4c8d16d0d107ec1b Mon Sep 17 00:00:00 2001 From: Manuel Thalmann Date: Fri, 3 May 2024 01:59:18 +0200 Subject: [PATCH 4/5] Include the diceware web app --- diceware-vt.patch | 65 +++++++++++++++++++++++++++++++++++++++++++++++ flake.nix | 61 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 126 insertions(+) create mode 100644 diceware-vt.patch diff --git a/diceware-vt.patch b/diceware-vt.patch new file mode 100644 index 0000000..8911ed2 --- /dev/null +++ b/diceware-vt.patch @@ -0,0 +1,65 @@ +diff --git a/index.html b/index.html +index 2f26ed9..3b4a2d3 100644 +--- a/index.html ++++ b/index.html +@@ -920,8 +920,19 @@ + + ++ + + +diff --git a/index.js b/index.js +index e95e2a1..9d45377 100644 +--- a/index.js ++++ b/index.js +@@ -238,11 +238,28 @@ function getWordFromWordNum (wordNum) { + function displayWords (words) { + 'use strict' + ++ // get symbol and number for the first and third words (CMD) ++ if (words.length > 1) { ++ var symbols = getWords(1,2) ++ var number = Math.floor(Math.random() * 100) ++ var symbol_pos = Math.floor(Math.random() * words.length) ++ var number_pos = Math.floor(Math.random() * words.length) ++ var capitalize_pos = Math.floor(Math.random() * words.length) ++ } ++ + // add the word to the global array of words + $.each(words, function (index, obj) { + var objEntropy = new Big(obj.entropy) + totalEntropy = totalEntropy.plus(objEntropy) + $('#totalEntropy').text(totalEntropy.toFixed(2)) ++ if (words.length > 1) { ++ // add symbol to random word (CMD) ++ if (index == symbol_pos) obj.word = obj.word + symbols[0].word ++ // add number to random word (CMD) ++ if (index == number_pos) obj.word = obj.word + number ++ // capitalize random word (CMD) ++ if (index == capitalize_pos) obj.word = obj.word.charAt(0).toUpperCase() + obj.word.substring(1) ++ } + wordList.push(obj.word) + }) + +@@ -370,4 +387,4 @@ $(document).ready(function () { + $('#addFiveDieRollWord').val('') + displayCrackTime(wordList) + }) +-}) ++}) +\ No newline at end of file diff --git a/flake.nix b/flake.nix index 789b70f..e60b3e1 100644 --- a/flake.nix +++ b/flake.nix @@ -29,6 +29,8 @@ sed '/pinentry-program/d' ${drduhConfig}/gpg-agent.conf > $out echo "pinentry-program ${pkgs.pinentry.curses}/bin/pinentry" >> $out ''; + dicewareAddress = "localhost"; + dicewarePort = 8080; viewYubikeyGuide = pkgs.writeShellScriptBin "view-yubikey-guide" '' viewer="$(type -P xdg-open || true)" if [ -z "$viewer" ]; then @@ -49,6 +51,38 @@ name = "yubikey-guide"; paths = [viewYubikeyGuide shortcut]; }; + dicewareScript = pkgs.writeShellScriptBin "diceware-webapp" '' + viewer="$(type -P xdg-open || true)" + if [ -z "$viewer" ]; then + viewer="firefox" + fi + exec $viewer "http://"${lib.escapeShellArg dicewareAddress}":${toString dicewarePort}/index.html" + ''; + dicewarePage = pkgs.stdenv.mkDerivation { + name = "diceware-page"; + src = pkgs.fetchFromGitHub { + owner = "grempe"; + repo = "diceware"; + rev = "9ef886a2a9699f73ae414e35755fd2edd69983c8"; + sha256 = "44rpK8svPoKx/e/5aj0DpEfDbKuNjroKT4XUBpiOw2g="; + }; + patches = [ + # Include changes published on https://secure.research.vt.edu/diceware/ + ./diceware-vt.patch + ]; + buildPhase = '' + cp -a . $out + ''; + }; + dicewareWebApp = pkgs.makeDesktopItem { + name = "diceware"; + icon = "${dicewarePage}/favicon.ico"; + desktopName = "Diceware Passphrase Generator"; + genericName = "Passphrase Generator"; + comment = "Open the passphrase generator in a web browser"; + categories = ["Utility"]; + exec = "${dicewareScript}/bin/${dicewareScript.name}"; + }; in { isoImage = { isoName = "yubikeyLive.iso"; @@ -87,9 +121,34 @@ }; }; }; + # Host the `https://secure.research.vt.edu/diceware/` website offline + nginx = { + enable = true; + virtualHosts."diceware.local" = { + listen = [ + { + addr = dicewareAddress; + port = dicewarePort; + } + ]; + root = "${dicewarePage}"; + }; + }; }; programs = { + # Add firefox for running the diceware web app + firefox = { + enable = true; + preferences = { + # Disable data reporting confirmation dialogue + "datareporting.policy.dataSubmissionEnabled" = false; + # Disable welcome tab + "browser.aboutwelcome.enabled" = false; + }; + # Make preferences appear as user-defined values + preferencesStatus = "user"; + }; ssh.startAgent = false; gnupg.agent = { enable = true; @@ -138,6 +197,7 @@ # Password generation tools diceware + dicewareWebApp pwgen # Might be useful beyond the scope of the guide @@ -194,6 +254,7 @@ cp -R ${self}/contrib/* ${homeDir} ln -sf ${yubikeyGuide}/share/applications/yubikey-guide.desktop ${desktopDir} + ln -sf ${dicewareWebApp}/share/applications/${dicewareWebApp.name} ${desktopDir} ln -sfT ${self} ${documentsDir}/YubiKey-Guide ''; system.stateVersion = "23.11"; From 6cfb493f2b142a1bd151bb0259ea8af3102a5b61 Mon Sep 17 00:00:00 2001 From: Manuel Thalmann Date: Fri, 3 May 2024 02:23:00 +0200 Subject: [PATCH 5/5] Export the `GNUPGHOME` variable Merging this PR will fix #434 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5986c05..043188e 100644 --- a/README.md +++ b/README.md @@ -256,7 +256,7 @@ sudo dnf install \ Create a temporary directory which will be cleared on [reboot](https://en.wikipedia.org/wiki/Tmpfs) and set it as the GnuPG directory: ```console -GNUPGHOME=$(mktemp -d -t gnupg-$(date +%Y-%m-%d)-XXXXXXXXXX) +export GNUPGHOME=$(mktemp -d -t gnupg-$(date +%Y-%m-%d)-XXXXXXXXXX) ``` ## Configuration