From 92c70434b083c5817973790d351dbeaade558229 Mon Sep 17 00:00:00 2001
From: Justin Garrison <justinleegarrison@gmail.com>
Date: Sun, 10 Mar 2024 21:33:54 -0700
Subject: [PATCH] fix: add polkit rules for yubikey

---
 .../org.debian.pcsc-lite.access_card.rules    | 16 +++++++++
 rpmspec/ublue-os-polkit-rules.spec            | 36 +++++++++++++++++++
 2 files changed, 52 insertions(+)
 create mode 100644 files/etc/polkit-1/rules.d/org.debian.pcsc-lite.access_card.rules
 create mode 100644 rpmspec/ublue-os-polkit-rules.spec

diff --git a/files/etc/polkit-1/rules.d/org.debian.pcsc-lite.access_card.rules b/files/etc/polkit-1/rules.d/org.debian.pcsc-lite.access_card.rules
new file mode 100644
index 00000000..eae64542
--- /dev/null
+++ b/files/etc/polkit-1/rules.d/org.debian.pcsc-lite.access_card.rules
@@ -0,0 +1,16 @@
+// allow members of the wheel group to access gpg cards via pcscd service
+// this is needed for access to yubikey devices
+// installation details from https://github.com/drduh/YubiKey-Guide/issues/376
+
+polkit.addRule(function(action, subject) {
+        if (action.id == "org.debian.pcsc-lite.access_card" &&
+                subject.isInGroup("wheel")) {
+                return polkit.Result.YES;
+        }
+});
+polkit.addRule(function(action, subject) {
+        if (action.id == "org.debian.pcsc-lite.access_pcsc" &&
+                subject.isInGroup("wheel")) {
+                return polkit.Result.YES;
+        }
+});
diff --git a/rpmspec/ublue-os-polkit-rules.spec b/rpmspec/ublue-os-polkit-rules.spec
new file mode 100644
index 00000000..2102295a
--- /dev/null
+++ b/rpmspec/ublue-os-polkit-rules.spec
@@ -0,0 +1,36 @@
+Name:           ublue-os-polkit-rules
+Packager:       ublue-os
+Vendor:         ublue-os
+Version:        0.1
+Release:        1%{?dist}
+Summary:        Additional polkit rules
+
+License:        MIT
+URL:            https://github.com/ublue-os/config
+
+BuildArch:      noarch
+Supplements:    systemd-udev
+
+Source0:        ublue-os-polkit-rules.tar.gz
+
+%global sub_name %{lua:t=string.gsub(rpm.expand("%{NAME}"), "^ublue%-os%-", ""); print(t)}
+
+%description
+Adds various polkit rules for improving device support
+
+%prep
+%setup -q -c -T
+
+%install
+tar xf %{SOURCE0} -C %{buildroot}%{_datadir}/%{VENDOR} --strip-components=1
+
+mkdir -p -m0755 %{buildroot}%{_exec_prefix}/polkit-1/rules.d
+
+cp %{buildroot}%{_datadir}/%{VENDOR}/%{sub_name}/etc/polkit-1/rules.d/*.rules %{buildroot}%{_exec_prefix}/polkit-1/rules.d
+
+%files
+%attr(0644,root,root) %{_datadir}/%{VENDOR}/%{sub_name}/etc/polkit-1/rules.d/*.rules
+
+%changelog
+* Sun Mar 10 2024 Justin Garrison <justin@linux.com> - 0.1
+- Add polkit rules for yubikey access