Lock (Gnome) session when removeing solokeys key

0_solokeys_session_lock.md

Setup

0. Make rescue method for solokeys broken.(Recommend)
1. Copy 70-solokeys-access.rules to /etc/udev/rules.d.
2. Reload udev: sudo udevadm control --reload-rules && sudo udevadm trigger
3. Exec sudo apt install pamu2fcfg libpam-u2f
4. Exec mkdir ~/.config/Yubico && pamu2fcfg > ~/.config/Yubico/u2f_keys then push solokeys.
5. Add pam method /etc/pam.d/sudo , /etc/pam.d/gdm-password and so on.
6. Copy gnome_lock_all_sessions to /usr/local/bin.
7. Mark gnome_lock_all_sessions as executable: chmod +x /usr/local/bin/gnome_lock_all_sessions
8. Reload udev: sudo udevadm control --reload-rules && sudo udevadm trigger

70-solokeys-access.rules

ACTION=="add", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", ATTRS{product}=="Solo*", TAG+="uaccess", GROUP="plugdev", KERNEL=="hidraw*", SUBSYSTEM=="hidraw"

ACTION=="remove", SUBSYSTEM=="usb", ENV{PRODUCT}=="483/a2ca/100", RUN+="/usr/local/bin/gnome_lock_all_sessions"

gnome_lock_all_sessions

#!/bin/sh

for bus in /run/user/*/bus; do
  uid=$(basename $(dirname $bus))
  if [ $uid -ge 1000 ]; then
    user=$(id -un $uid)
    export DBUS_SESSION_BUS_ADDRESS=unix:path=$bus
    if su -c 'dbus-send --session --dest=org.freedesktop.DBus --type=method_call --print-reply  /org/freedesktop/DBus org.freedesktop.DBus.ListNames' $user | grep org.gnome.ScreenSaver; then
      su -c 'dbus-send --session --type=method_call --dest=org.gnome.ScreenSaver /org/gnome/ScreenSaver org.gnome.ScreenSaver.Lock' $user
      su -c 'logger "Secure key removed."'
    fi
   fi
done