AZLOCO IRC Channel Change

AZLOCO has moved its IRC channel, #ubuntu-us-az, from irc.freenode.net to irc.libera.chat. This has already been accomplished. We will continue to monitor the old channel for a while to assist individuals in migrating to the new channel. The procedure to visit channels that are restricted to registered nicknames remains the same. You need to send a message to Nick Service from the Nick that you want to register. It would look like this: /msg NickServ REGISTER (password) (your email address) Of course you replace (password) with your password and (your email address) with your email address omitting the ( ). This will enable you to enter and carry on a conversation in those channels that are limited to registered nicknames only. It is anticipated that #ubuntu-us-az will convert to that status.

If you had a Ubuntu cloak in freenode,it is not transferable to libera. You must reapply. To obtain a Ubuntu cloak you must first be a Ubuntu member. You must also ensure that your Launchpad profile page contains your new nick from Libera: (your nick) on irc.libera.chat. Then all you have to do is join #ubuntu-irc and ask for a Ubuntu cloak. You must also include a link to your Launchpad profile.

If you are not a Ubuntu member and want a Libera cloak, register your Nick and send this message: /join #libera-cloak and type !cloakme

Our Sunday meetings will be conducted on our new channel beginning with the 06 June 2021 meeting.

Securing GPG keys with a Yubikey security device

I’ve been using my Yubikey for years with Ubuntu SSO, as a 2-factor authentication device.

Recently, I started playing with some of its other capabilities. In particular, I became interested in the OpenPGP capabilities. I spent a couple hours working through this excellent guide on the subject.

The end result: I have a GPG key stored on my hardware key, in the device’s “secure element”. I can sign and decrypt messages/files when the key is inserted into my Ubuntu or Mac systems, and the private key is not stored on the system at all.

A brief summary of the process:

  • Buy a Yubikey. If you want to carry it with you, don’t get the Nano–they’re easy to lose.
  • Install scdaemon to your system. You will also need pinentry
  • Generate the key. You can do on the Yubikey but I recommend doing it on an offline computer or live CD.
  • BACK UP the private key offline. This is important, as the next step is destructive.
  • Move the private key/subkeys to the Yubikey, one at a time. They will be removed from your keyring.
  • Edit gpg-agent.conf and add “pinentry” as described.
  • Edit gpg.conf and add “use-agent” as described.
  • Optional: upload your public key to keyserver.ubuntu.com

To use the key on another system, you will need scdaemon and pinentry, along with the configuration files. I find that I need to import my public key for the system to recognize the private key on my Yubikey. Also, don’t lose your offline backup of your private key. Some functions (like adduid) apparently require you to re-import your private key to your keyring–and the private key cannot be exported from the Yubikey.

Finally, you can use your GPG key in your Yubikey as an SSH private key. See the steps in the guide on Github. If you have any questions, hit me up in #Ubuntu-US-AZ on Freenode.

References:

systemd suspend/resume script

Had a question the other day; a friend’s laptop would lose the trackpad after resume so his solution was to insert the module manually. Well, systemd has systemd-suspend.service which can handle those events. Details in man systemd-suspend.service

Place a script in /lib/systemd/system-sleep/ and make it executable. Any scripts in that directory will be called upon suspend (passing the parameter pre) and will be called again upon resume (passing the parameter post.) A sample script:

#!/bin/sh
if [ "${1}" = "pre" ]; then
# about to suspend …
echo "suspend event at $(date)…" > /tmp/suspend_test
elif [ "${1}" = "post" ]; then
# about to resume …
echo "resume event at $(date) …" >> /tmp/suspend_test
fi

Now, my keyboard backlight settings get saved and restored correctly on suspend/resume.

END