| 4 Dec 2023 |
 Ilan Joselevich (Kranzes) | Seems to have some workarounds, would be nice if you could implement them as it seems other people also have -sk keys configured for the community darwin builder, and it probably doesn't work for them either. | 14:55:14 |
| Ilan Joselevich (Kranzes) | Redacted or Malformed Event | 14:58:22 |
 Lily Foster | In reply to @kranzes:matrix.org
libfido2 in nixpkgs already has what we need, just gotta plug that into sshd:
[kranzes@pongo ~]$ nix build nixpkgs\#libfido2 --system x86_64-darwin
[kranzes@pongo ~]$ cd result
[kranzes@pongo ~/result]$ ls
bin lib
[kranzes@pongo ~/result]$ tree
.
├── bin
│ ├── fido2-assert
│ ├── fido2-cred
│ └── fido2-token
└── lib
├── libfido2.1.13.0.dylib
├── libfido2.1.dylib -> libfido2.1.13.0.dylib
├── libfido2.a
└── libfido2.dylib -> libfido2.1.dylib
i mean the nixpkgs openssh is already built with -sk key support on darwin. i assume it's using the openssh built-in to macOS though | 15:02:00 |
| Ilan Joselevich (Kranzes) | It's not. | 15:02:15 |
| Lily Foster | What's not? | 15:02:31 |
| Lily Foster | Using the built-in openssh or our openssh is not compiled with -sk key support? | 15:02:41 |
| Ilan Joselevich (Kranzes) | The darwin box is using the MacOS provided openssh. | 15:02:54 |
| Lily Foster | yeah, so we could presumably switch it to use the nixpkgs openssh, no? | 15:03:18 |
| Lily Foster | or am i misunderstanding what you're saying | 15:03:24 |
| Ilan Joselevich (Kranzes) | Yeah | 15:03:28 |
| Ilan Joselevich (Kranzes) | If you can help figure this out | 15:03:35 |
| Ilan Joselevich (Kranzes) |
replacing ssh with Homebrew's will break integrations with keychain etc, so that's why I'm not doing it.
| 15:04:21 |
| Ilan Joselevich (Kranzes) | replacing it completely can have some problems with launchctl and keychain | 15:04:44 |
| Ilan Joselevich (Kranzes) | Oh someone says that this entire problem was fixed in MacOS Venture | 15:06:05 |
| Ilan Joselevich (Kranzes) | * Oh someone says that this entire problem was fixed in MacOS Ventura | 15:06:07 |
| Lily Foster | looks like support would need to be added to nix-darwin, yeah: https://github.com/LnL7/nix-darwin/issues/627 | 15:06:15 |
| Ilan Joselevich (Kranzes) | Do you know what version we're running on? | 15:06:16 |
| Lily Foster | lily@darwin03> sw_vers ~
ProductName: macOS
ProductVersion: 13.6.1
BuildVersion: 22G313
``
| 15:06:56 |
| Lily Foster | * lily@darwin03> sw_vers
ProductName: macOS
ProductVersion: 13.6.1
BuildVersion: 22G313
| 15:07:06 |
| Ilan Joselevich (Kranzes) | That's ventura | 15:07:29 |
| Ilan Joselevich (Kranzes) | hmmm | 15:07:32 |
| Ilan Joselevich (Kranzes) | Well you got access now the the machine, can you check supported keys and such | 15:07:59 |
| Ilan Joselevich (Kranzes) | I have no way of fixing this myself without access | 15:08:08 |
| Ilan Joselevich (Kranzes) | 
Download image.png | 15:10:05 |
| Ilan Joselevich (Kranzes) | Ok nvm | 15:10:06 |
| Ilan Joselevich (Kranzes) | 
Download image.png | 15:12:12 |
| Ilan Joselevich (Kranzes) | durrr | 15:12:13 |
| Lily Foster | In reply to @kranzes:matrix.org
sent an image. "fixed" | 15:12:28 |
| Ilan Joselevich (Kranzes) | "Fixed" | 15:12:35 |
| Ilan Joselevich (Kranzes) | lol | 15:12:48 |
