Nitrokey Start: make udev setup a defined /dev symlink

Hi,

for the Nitrokey Pro I found a neat way to start/stop user systemd services, when the key is connected or disconnected to the computer. Unfortunately this does not work for the Nitrokey Start as it makes use of the fact that the NK Pro also unlike the NK Start sets up as hidraw device.

Any ideas how to do something similar with the NK start. Those would be the “requirements”:

  • Users should be able to setup a user specific systemd service which is started / stopped when the NK Start is connected / disconnected.
  • Should be possible to set it up and modify it without root rights.
1 Like

Hi!

Nice guide! Will check it out.

As for the question, I would use SUBSYSTEM=="USB" instead for the Start model, which should detect it’s insertion/removal. You can peek the events sent on the mentioned actions with udevadm monitor.

I have found a solution now, which is somewhat ugly as it needs to work around a bug in systemd.

ACTION=="add", ENV{ID_SMARTCARD_READER}=="?*", TAG+="systemd", ENV{SYSTEMD_ALIAS}="/sys/subsystem/usb/nitrokey"
ACTION=="remove", SUBSYSTEM=="usb", ENV{PRODUCT}=="20a0/4108/*", TAG+="systemd"
ACTION=="remove", SUBSYSTEM=="usb", ENV{PRODUCT}=="20a0/4211/*", TAG+="systemd

The first line sets up a systemd device unit that a systemd service unit can bind to. Unfortunately to some but in systemd the device remains plugged even though the hardware device gets unplugged. Therefore we need the the remove udev rules, one for the NK Pro and one for the NK start.

I will adjust my gist page.