Difference between revisions of "Code/enable-fingerprint-reader"

From ThinkWiki
Jump to: navigation, search
 
(Replaced content with "delete")
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
#!/bin/bash
+
delete
# Install UPEK fingerprint reader driver and associated software on Linux systems.
 
# Source: http://thinkwiki.org/wiki/Script_for_enabling_the_fingerprint_reader
 
 
 
set -e -E -x -u  # verbose, abort if anything fails
 
 
 
WHERE=/opt/bioapi
 
PASSWD_ENROLLS=0  # should "passwd" do fingerprint enrollment (always)?
 
 
 
########################################
 
# Install (patched) bioapi:
 
 
 
mkdir -p $WHERE
 
wget -N http://www.qrivy.net/~michael/blua/bioapi/bioapi-latest.tar.bz2
 
wget -N -O bioapi-c++.patch 'http://cvs.pld-linux.org/cgi-bin/cvsweb/SOURCES/bioapi-c++.patch?rev=1.3'
 
sha1sum --check <<EOF
 
932425e847449e9612c6894dcbaf44630aecfc13  bioapi-latest.tar.bz2
 
a838e9ab9bcad9c146856d41135460e7ac29a4ec  bioapi-c++.patch
 
EOF
 
tar xjf bioapi-latest.tar.bz2
 
pushd bioapi-1.2.2
 
patch -i ../bioapi-c++.patch -p1
 
./configure --with-Qt-dir=no --prefix=$WHERE
 
make
 
make install
 
install -m644 include/bioapi_util.h $WHERE/include/bioapi_util.h
 
install -m644 include/installdefs.h $WHERE/include/installdefs.h
 
install -m644 imports/cdsa/v2_0/inc/cssmtype.h $WHERE/include/cssmtype.h
 
chmod o-w $WHERE/var/bioapi
 
popd
 
 
 
########################################
 
# Tell ldconfig about bioapi libraries:
 
 
 
[ -d /etc/ld.so.conf.d ] || { echo "Unsupported distribution: no /etc/ld.so.conf.d directory."; exit 1; }
 
echo $WHERE/lib > /etc/ld.so.conf.d/bioapi.conf
 
ldconfig
 
ldconfig -p | grep -q bioapi || { echo "ldconfig doesn't see bioapi"; exit 1; }
 
 
 
########################################
 
# Install UPEK driver:
 
 
 
wget -N http://www.upek.com/support/download/TFMESS_BSP_LIN_1.0.zip
 
sha1sum --check <<EOF
 
c73466b5c3b26415b300d5c5ffb76deaefadeb32  TFMESS_BSP_LIN_1.0.zip
 
EOF
 
mkdir -p driver
 
pushd driver
 
unzip ../TFMESS_BSP_LIN_1.0.zip
 
PATH="$PATH:$WHERE/bin" sh install.sh $WHERE/lib/
 
cd NonGUI_Sample
 
perl -i -pe 'print "#include <stdlib.h>\n//DISABLED: " if m!^#include "port/bioapi_port.h"$!'  main.c
 
gcc -o Sample main.c -I$WHERE/include -L$WHERE/lib -lbioapi100 -DUNIX -DLITTLE_ENDIAN
 
install Sample -m755 $WHERE/bin/upek-NonGUI_Sample
 
popd
 
 
 
SERIAL=`$WHERE/bin/BioAPITest | sed -ne "/Fingerprint/{n;n;s/^.*: \(.\{9\}\)\(.\{4\}\)\(.\{4\}\)\(.\{4\}\)\(.*\)/\1-\2-\3-\4-\5/gp}"`
 
 
 
########################################
 
# Install (patched) pam_bioapi:
 
 
 
wget -N http://www.qrivy.net/~michael/blua/pam_bioapi/pam_bioapi-latest.tar.bz2
 
wget -N http://badcode.de/downloads/fingerprint.patch
 
sha1sum --check <<EOF
 
a0bdf3436e55f7dc8b4795243f08a4c9b399dec8  pam_bioapi-latest.tar.bz2
 
619254a5bcd3acb8bf1d72b15ea69bfe00f0f064  fingerprint.patch
 
EOF
 
tar xjvf pam_bioapi-latest.tar.bz2
 
pushd pam_bioapi-0.2.1
 
patch -p0 < ../fingerprint.patch
 
CPPFLAGS="-I$WHERE/include" LDFLAGS="-L$WHERE/lib" ./configure --prefix=$WHERE
 
make
 
make install
 
ln -vfs $WHERE/lib/security/pam_bioapi.so* /lib/security/
 
popd
 
 
 
########################################
 
# Install pamtester:
 
 
 
wget http://mesh.dl.sourceforge.net/sourceforge/pamtester/pamtester-0.1.2.tar.gz
 
sha1sum --check <<EOF
 
33bcc610d7f208b50a0a23c144bdbd1e2cae4ac6  pamtester-0.1.2.tar.gz
 
EOF
 
tar xzvf pamtester-0.1.2.tar.gz
 
pushd pamtester-0.1.2
 
./configure --prefix=$WHERE
 
make
 
make install
 
popd
 
 
 
########################################
 
# Configure pam to use pam_bioapi:
 
 
 
grep -Eq 'Fedora Core release [45]|Red Hat Enterprise Linux AS release 4' \
 
  /etc/redhat-release || { echo \
 
  "I don't know how to configure PAM on this distribution.
 
  See: http://thinkwiki.org/wiki/How_to_enable_the_fingerprint_reader#Configuring_pam";
 
  exit 1; }
 
 
 
PAMFILE=/etc/pam.d/system-auth
 
if ! grep -q 'pam_bioapi\.so' $PAMFILE; then
 
  perl -i -pe '
 
    if (!$a && m/^auth.*pam_unix\.so/) {$a=1; print
 
      "auth        sufficient    pam_bioapi.so '$SERIAL' /etc/bioapi/pam/\n"}
 
    ' $PAMFILE
 
  if [ $PASSWD_ENROLLS == 1 ]; then
 
    perl -i -pe '
 
      if (!$p && m/^password/) {$p=1; print
 
        "password    required      pam_bioapi.so '$SERIAL' /etc/bioapi/pam/\n"}
 
      ' $PAMFILE
 
  fi
 
fi
 
 
 
########################################
 
# USB permissions (set now and add to startup):
 
 
 
RC_FILE=/etc/rc.local
 
SET_PERMS=$WHERE/bin/set_fingerprint_perms
 
 
 
cat > $SET_PERMS <<'EOF'
 
#!/bin/bash
 
# Make fingerprint reader USB device world-writable:
 
chmod -R a+X /proc/bus/usb
 
chmod 666 /proc/bus/usb/`/sbin/lsusb | sed -ne "/0483:2016/s/Bus\ \(.*\)\ Device\ \(.*\):\ .*/\1\/\2/p"`
 
EOF
 
chmod 755 $SET_PERMS
 
 
 
$SET_PERMS
 
 
 
[ -e $RC_FILE ] || { echo "No $RC_FILE, can't handle this distribution."; exit 1; }
 
if ! grep -q 0483:2016 $SET_PERMS; then
 
  echo $SET_PERMS >> $RC_FILE
 
fi
 
 
 
########################################
 
# Enroll:
 
 
 
mkdir -p /etc/bioapi/pam/$SERIAL
 
pushd /etc/bioapi/pam/$SERIAL
 
read -p "Now enroll your Unix accounts, including root (press Enter to start, then 'e' to enroll)."
 
$WHERE/bin/upek-NonGUI_Sample
 
popd
 
 
 
########################################
 
# Done:
 
 
 
set +x
 
cat<<EOF
 
 
 
Success.
 
* To test the fingerprint-enabled PAM login, run this as root:
 
  $WHERE/bin/pamtester -v login USERNAME authenticate
 
* Add the following command to your resume-from-suspend script:
 
  $SET_PERMS
 
 
 
EOF
 

Latest revision as of 16:30, 5 August 2011

delete

Retrieved from "https://www.thinkwiki.org/w/index.php?title=Code/enable-fingerprint-reader&oldid=52645"