Update

Author: svartkanin

archinstall/lib/authentication/authentication_handler.py

@@ -21,18 +21,14 @@ def setup_auth(
 		self,
 		install_session: 'Installer',
 		auth_config: AuthenticationConfiguration,
-		users: list['User'] | None = None,
+		users: list['User'],
+		hostname: str,
 	) -> None:
 		if auth_config.u2f_config and users is not None:
-			self._setup_u2f_login(install_session, auth_config.u2f_config, users)
+			self._setup_u2f_login(install_session, auth_config.u2f_config, users, hostname)
 
-	def _setup_u2f_login(
-		self,
-		install_session: 'Installer',
-		u2f_config: U2FLoginConfiguration,
-		users: list[User],
-	) -> None:
-		self._configure_u2f_mapping(install_session, u2f_config, users)
+	def _setup_u2f_login(self, install_session: 'Installer', u2f_config: U2FLoginConfiguration, users: list[User], hostname: str) -> None:
+		self._configure_u2f_mapping(install_session, u2f_config, users, hostname)
 		self._update_pam_config(install_session, u2f_config)
 
 	def _update_pam_config(
@@ -42,9 +38,9 @@ def _update_pam_config(
 	) -> None:
 		match u2f_config.u2f_login_method:
 			case U2FLoginMethod.Passwordless:
-				config_entry = f'auth sufficient pam_u2f.so authfile={self._u2f_auth_file} cue'
+				config_entry = 'auth sufficient pam_u2f.so authfile=/etc/u2f_mappings cue'
 			case U2FLoginMethod.SecondFactor:
-				config_entry = f'auth required pam_u2f.so authfile={self._u2f_auth_file} cue'
+				config_entry = 'auth required pam_u2f.so authfile=/etc/u2f_mappings cue'
 			case _:
 				raise ValueError(f'Unknown U2F login method: {u2f_config.u2f_login_method}')
 
@@ -79,15 +75,21 @@ def _add_u2f_entry(self, file: Path, entry: str) -> None:
 
 		file.write_text('\n'.join(content) + '\n')
 
-	def _configure_u2f_mapping(self, install_session: 'Installer', u2f_config: U2FLoginConfiguration, users: list[User]) -> None:
+	def _configure_u2f_mapping(
+		self,
+		install_session: 'Installer',
+		u2f_config: U2FLoginConfiguration,
+		users: list[User],
+		hostname: str,
+	) -> None:
 		debug(f'Setting up U2F login: {u2f_config.u2f_login_method.value}')
 
 		install_session.pacman.strap('pam-u2f')
 
 		Tui.print(tr(f'Setting up U2F login: {u2f_config.u2f_login_method.value}'))
 
 		# https://developers.yubico.com/pam-u2f/
-		u2f_auth_file = install_session.target / self._u2f_auth_file
+		u2f_auth_file = install_session.target / 'etc/u2f_mappings'
 		u2f_auth_file.touch()
 		existing_keys = u2f_auth_file.read_text()
 
@@ -98,7 +100,11 @@ def _configure_u2f_mapping(self, install_session: 'Installer', u2f_config: U2FLo
 			Tui.print(tr('Setting up U2F device for user: {}').format(user.username))
 			Tui.print(tr('You may need to enter the PIN and then touch your U2F device to register it'))
 
-			worker = SysCommandWorker(f'arch-chroot {install_session.target} pamu2fcfg -u {user.username}', peek_output=True)
+			cmd = ' '.join(['arch-chroot', str(install_session.target), 'pamu2fcfg', '-u', user.username, '-o', f'pam://{hostname}', '-i', f'pam://{hostname}'])
+
+			debug(f'Enrolling U2F device: {cmd}')
+
+			worker = SysCommandWorker(cmd, peek_output=True)
 			pin_inputted = False
 
 			while worker.is_alive():

archinstall/lib/disk/fido.py

@@ -38,7 +38,7 @@ def get_fido2_devices(cls) -> list[Fido2Device]:
 
 			for line in fido_devices.split('\r\n'):
 				path, details = line.replace(',', '').split(':', maxsplit=1)
-				vendor, product, manufacturer = details.strip().split(' ', maxsplit=2)
+				_, product, manufacturer = details.strip().split(' ', maxsplit=2)
 
 				cls._u2f_devices.append(Fido2Device(Path(path.strip()), manufacturer.strip(), product.strip().split('=')[1]))
 

archinstall/lib/installer.py

@@ -1506,7 +1506,7 @@ def _add_efistub_bootloader(
 
 		parent_dev_path = device_handler.get_parent_device_path(boot_partition.safe_dev_path)
 
-		cmd_template = (
+		cmd_template = [
 			'efibootmgr',
 			'--create',
 			'--disk',
@@ -1520,7 +1520,7 @@ def _add_efistub_bootloader(
 			'--unicode',
 			*cmdline,
 			'--verbose',
-		)
+		]
 
 		for kernel in self.kernels:
 			# Setup the firmware entry

archinstall/scripts/guided.py

@@ -117,8 +117,8 @@ def perform_installation(mountpoint: Path) -> None:
 		if users := config.users:
 			installation.create_users(users)
 
-		if config.auth_config:
-			auth_handler.setup_auth(installation, config.auth_config, config.users)
+		if config.auth_config and config.users:
+			auth_handler.setup_auth(installation, config.auth_config, config.users, config.hostname)
 
 		if config.packages and config.packages[0] != '':
 			installation.add_additional_packages(config.packages)