Skip to content

Instantly share code, notes, and snippets.

@giannello

giannello/setup.sh

Last active May 7, 2024 09:47
Show Gist options
  • Save giannello/367b868618950e5687ef344d82d1e204 to your computer and use it in GitHub Desktop.
Save giannello/367b868618950e5687ef344d82d1e204 to your computer and use it in GitHub Desktop.
Download ZIP
Install fprintd-tod with support for Broadcom readers on Debian testing
Raw
setup.sh
#!/usr/bin/env sh
####################################################################
### ____ _____ ____ ___ _ _ _ ___ _ _ _ __ __ ###
### | _ \| ____| __ )_ _| / \ | \ | | / _ \| \ | | | \ \ / / ###
### | | | | _| | _ \| | / _ \ | \| | | | | | \| | | \ V / ###
### | |_| | |___| |_) | | / ___ \| |\ | | |_| | |\ | |___| | ###
### |____/|_____|____/___/_/ \_\_| \_| \___/|_| \_|_____|_| ###
####################################################################
####### _ _ ___ _ _ ____ _ _ _ _ _____ _ _ ########
####### | \ | |/ _ \ | | | | __ )| | | | \ | |_ _| | | | ########
####### | \| | | | | | | | | _ \| | | | \| | | | | | | | ########
####### | |\ | |_| | | |_| | |_) | |_| | |\ | | | | |_| | ########
####### |_| \_|\___/ \___/|____/ \___/|_| \_| |_| \___/ ########
####################################################################
TEMPDIR=$(mktemp -d)
# Install build dependencies
sudo DEBIAN_FRONTEND=noninteractive apt -qq build-dep -y libfprint-2-2
# Clone the closed-source library and firmware
cd "${TEMPDIR}" || exit
git clone --depth=1 --branch jammy git://git.launchpad.net/libfprint-2-tod1-broadcom
cd libfprint-2-tod1-broadcom || exit
sudo cp lib/udev/rules.d/60-libfprint-2-device-broadcom.rules /usr/lib/udev/rules.d/60-libfprint-2-device-broadcom.rules
sudo chown -R root:root /usr/lib/udev/rules.d/60-libfprint-2-device-broadcom.rules
sudo mkdir -p /usr/lib/x86_64-linux-gnu/libfprint-2/tod-1
sudo cp usr/lib/x86_64-linux-gnu/libfprint-2/tod-1/libfprint-2-tod-1-broadcom.so /usr/lib/x86_64-linux-gnu/libfprint-2/tod-1/libfprint-2-tod-1-broadcom.so
sudo chown -R root:root /usr/lib/x86_64-linux-gnu/libfprint-2/tod-1/libfprint-2-tod-1-broadcom.so
sudo cp -r var/lib/fprint/fw /var/lib/fprint/
sudo chown -R root:root /var/lib/fprint/fw
# Clone libfprint, switch to the correct tag, patch and build
# LIBFPRINT_VERSION=$(dpkg-query --showformat='${Version}' --show fprintd | cut -d '-' -f 1)
LIBFPRINT_VERSION=$(dpkg-query --showformat='${Version}' --show libfprint-2-2 | cut -d '-' -f 1 | cut -d ":" -f 2)
cd "${TEMPDIR}" || exit
git clone --branch v${LIBFPRINT_VERSION}+tod1 --depth=1 https://gitlab.freedesktop.org/3v1n0/libfprint.git
cd "${TEMPDIR}"/libfprint || exit
sed -e "/subdir('tests')/s/^/#/g" -i meson.build
sed -e "/subdir('examples')/s/^/#/g" -i meson.build
meson build --prefix=/usr
cd build || exit
meson compile
sudo cp libfprint/tod/libfprint-2-tod.so.1 /usr/lib/x86_64-linux-gnu/libfprint-2-tod.so.1
sudo chown root:root /usr/lib/x86_64-linux-gnu/libfprint-2-tod.so.1
sudo ln -sf /usr/lib/x86_64-linux-gnu/libfprint-2-tod.so.1 /usr/lib/x86_64-linux-gnu/libfprint-2-tod.so
sudo cp libfprint/libfprint-2.so.2 /usr/lib/x86_64-linux-gnu/
sudo chown root:root /usr/lib/x86_64-linux-gnu/libfprint-2.so.2
## Remove file incorrectly copied in a previous revision of this gist
sudo rm -f /usr/lib/x86_64-linux-gnu/libfprint-2/tod-1/libfprint-2-tod.so.1
cd "${TEMPDIR}"
# Configure fprintd to not sleep
sudo mkdir -p /etc/systemd/system/fprintd.service.d
cat > override.conf <<EOF
[Service]
ExecStart=
ExecStart=/usr/libexec/fprintd --no-timeout
EOF
sudo cp override.conf /etc/systemd/system/fprintd.service.d/override.conf
sudo udevadm control --reload-rules
sudo systemctl daemon-reload
sudo systemctl restart fprintd
rm -rf "${TEMPDIR}"
@giannello
Copy link
Author

Unfortunately, fprintd package has been removed from testing since August, though libfprint-2-2 is still there. I had to add stable repo to sources to install fprintd.

Fixed, installing from sid

Branch jammy should be used while cloning the closed source binaries to get the ones compiled against libssl3.

Fixed

build-dep package doesn't exist now, so install the following (extracted from meson.build):

That's not a package, it's an apt command. Anyway, fixed by pointing at libfprint-2-2 as it exists in the testing repo

I used libfprint version (as it is > fprintd ver on testing) in Line 42 with the following command:

dpkg-query --showformat='${Version}' --show libfprint-2-2 | cut -d '-' -f 1 | cut -d ":" -f 2

Fixed!

Line 46 of this gist should be removed else cannot build (gives installed_tests variable failure).

Fixed, we can exclude the examples from this build

After all this, I can enroll using fprintd-enroll and verify using fprintd-verify.

But GDM cannot allow me to login, it has continuous failures and is stuck in a loop so cannot login. Does anyone know a fix for this?

Any log/error you can share?

@siddhpant
Copy link

I somehow missed/dropped libpam-fprintd package somewhere in the process (as the library isn't there in testing either).

After installing it, GDM works fine. Sorry for the noise, and thanks for everything! It works nicely and fast!

@irfanjunaid
Copy link

Hi @giannello Many thanks for this script! I thought I would never get my laptop fingerprint sensor to work in Debian! I was able to register the fingerprints and was able to unlock screen and sudo auths. The setup works in the Debian 12 stable but it's wonky. After reboot, it breaks manytimes randomly. The login screen takes a while to appear(or never forcing to reboot again) and same for the sudo commands. Eventhough we pass the --no-timeout to the binary, it still exits. Trying to run fprintd from console is exiting with some C errors. Shutdown takes a lot of time and I had to press power button to turn off the laptop. When turning on the laptop, I have to reboot 2/3 times for the login screen to appear.

I'm facing this issue now everytime there is a fingerprint auth

sudo[3353]: pam_fprintd(sudo:auth): GetDevices failed: Connection timed out

From Systemd, I saw some errors:

systemd[1]: Starting fprintd.service - Fingerprint Authentication Daemon...
fprintd[1593]: double free or corruption (!prev)
systemd[1]: fprintd.service: Main process exited, code=killed, status=6/ABRT
systemd[1]: fprintd.service: Failed with result 'signal'.
systemd[1]: Failed to start fprintd.service - Fingerprint Authentication Daemon.

systemd[1]: Starting fprintd.service - Fingerprint Authentication Daemon...
systemd[1]: Started fprintd.service - Fingerprint Authentication Daemon.
fprintd[4366]: malloc(): unaligned tcache chunk detected
systemd[1]: fprintd.service: Main process exited, code=killed, status=6/ABRT
systemd[1]: fprintd.service: Failed with result 'signal'.

systemd[1]: Starting fprintd.service - Fingerprint Authentication Daemon...
systemd[1]: Started fprintd.service - Fingerprint Authentication Daemon.
systemd[1]: fprintd.service: Main process exited, code=killed, status=11/SEGV
systemd[1]: fprintd.service: Failed with result 'signal'.

systemd[1]: Starting fprintd.service - Fingerprint Authentication Daemon...
systemd[1]: Started fprintd.service - Fingerprint Authentication Daemon.
systemd[1]: fprintd.service: Main process exited, code=killed, status=7/BUS
systemd[1]: fprintd.service: Failed with result 'signal'.

Restarting the service works for a few minutes and then these issues are back.

@giannello
Copy link
Author

@irfanjunaid I have never tried this on Debian 12 - maybe it ships an old version of fprintd that doesn't work very well with the out-of-tree drivers?

@irfanjunaid
Copy link

irfanjunaid commented May 7, 2024
edited

Yeah, it seems like it has something to do with the fprintd. Everything works perfectly on Ubuntu Noble and Jammy but not in Debian. I will try testing with different versions of the driver and fprintd. Thank you again for this script @giannello 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment