Goodix Fingerprint Reader on Fedora Linux


Written by

My Dell XPS 9500 has a built in Goodix fingerprint reader, there are drivers for this in Windows but originally the Linux driver didn’t exist.

A driver for Ubuntu has now arrived but there is no Fedora support. The driver is a libfrpint-2-tod driver. Someone has ported the finger print driver into the Arch User Repo as libfprint-2-tod1-xps9300-bin and it reported to work. My work below is derived from both these sources.

The following is my attempt within Fedora Linux 33 (reported to work on Fedora 32 too):

# Install default systemfprintd and libfrint
yum install fprintd fprintd-pam

# Build libfprint and libfprint-tod
git clone https://gitlab.freedesktop.org/3v1n0/libfprint.git
yum install -y gcc gcc-c++ glib glib-devel glibc glibc-devel glib2 glib2-devel libusb libusb-devel nss-devel pixman pixman-devel libX11 libX11-devel libXv libXv-devel gtk-doc libgusb libgusb-devel gobject-introspection gobject-introspection-devel ninja-build
cd libfprint
git checkout tags/v1.90.3+tod1
meson builddir && cd builddir
meson compile
meson install

# Overwrite the system libfprint with our version
cp libfprint/libfprint-2.so.2.0.0 /usr/lib64/
cp libfprint/tod/libfprint-2-tod.so /usr/lib64/
cp libfprint/tod/libfprint-2-tod.so.1 /usr/lib64/

# Get the Goodix libfprint driver/udev rules
wget http://dell.archive.canonical.com/updates/pool/public/libf/libfprint-2-tod1-goodix/libfprint-2-tod1-goodix_0.0.4-0ubuntu1somerville1.tar.gz
tar -xvf libfprint-2-tod1-goodix_0.0.4-0ubuntu1somerville1.tar.gz

# Move the libfprint driver to where we think it should go
mkdir -p /usr/lib/libfprint-2/tod-1/
mkdir -p /usr/local/lib64/libfprint-2/tod-1/
cp libfprint-2-tod1-goodix/usr/lib/x86_64-linux-gnu/libfprint-2/tod-1/libfprint-tod-goodix-53xc-0.0.4.so /usr/lib/libfprint-2/tod-1/
ln -s /usr/lib/libfprint-2/tod-1/libfprint-tod-goodix-53xc-0.0.4.so /usr/local/lib64/libfprint-2/tod-1/libfprint-tod-goodix-53xc-0.0.4.so
sudo chmod 755 /usr/lib/libfprint-2/tod-1/libfprint-tod-goodix-53xc-0.0.4.so
cp libfprint-2-tod1-goodix/lib/udev/rules.d/60-libfprint-2-tod1-goodix.rules /lib/udev/rules.d/
mkdir -p /var/lib/fprint/goodix

# Add some things into the module alias file
cat libfprint-2-tod1-goodix/debian/modaliases >> /lib/modules/$(uname -r)/modules.alias

This should now work with the examples and fprintd-enroll

Enable fingerprint service for use

authselect enable-feature with-fingerprint
authselect apply-changes
systemctl enable fprintd
systemctl start fprintd

Shared Fail2Ban Puppet


Written by

I’ve written a very simple Puppet module for the Shared Fail2Ban system we use at work.

I’ve sanitised and uploaded the module to github under the name Shared Fail2Ban Puppet.

The module is fairly simple and depends on the puppet labs mysql module on puppet forge. It may clash with other peoples fail2ban modules.

The shared installation will install ssh iptables with shared iptables on the clients with an option of mysql or api on the shared fail2ban server. You can however change the files it pushes for your own jails.

re3-nx Linux Audio Fix


Written by

GTA3 build for the Nintendo Switch was recently released but there is an audio issue with the WAV files on some releases, the developers provided a Windows batch script and not a Linux script.

It requires ffpmeg which is typically in your favourite distros package manager.

#!/bin/bash
# www.aboutcher.co.uk

function check_bin() {
  which $1 1>/dev/null 2>&1
  if [[ $? -ne 0 ]]; then
    echo "$1 cannot be found. Please install it or add it to your path. Exiting."
    exit 1
  fi
}

check_bin ffmpeg
check_bin grep

mkdir audio
for file in $(ls | grep wav); do
  ffmpeg -i $file audio/$file
done;

Just copy and paste the code above, save it in the same directory as your GTA audio files and execute it (chmod +x script.sh && ./script.sh)

List NFS Clients on Server


Written by

I was looking for a simple and easy way to view the NFS Clients connected to my NFS Server, there’s many guides on how to view the mounts available and people say to run various client side commands but that doesn’t help for the opposite way.

This is a little Linux bash script to show the currently connected NFS clients to your server; it uses a dig lookup to get the hostname, which may not work if you dont have rDNS for internal addressing.

#!/bin/bash
# A little bash script to show currently connected NFS clients.
# Adam Boutcher - Jul 2020
# IPPP, Durham University

# Function to check that a binary exists
function check_bin() {
  which $1 1>/dev/null 2>&1
  if [[ $? -ne 0 ]]; then
    echo "$1 cannot be found. Please install it or add it to the path. Exiting."
    exit 1
  fi
}

check_bin which
check_bin netstat
check_bin grep
check_bin awk
check_bin echo
check_bin dig

NCLIENTS=$(netstat -plna | grep 2049 | awk '{print $5}' | grep -v "*" | awk -F ":" '{print $1}')
echo ""
echo "NFS clients currently connected:"
for CLIENT in ${NCLIENTS}; do
  CNAME=$(dig +short -x $CLIENT);
  echo - $CLIENT ($CNAME)
done
echo ""
exit 0;

There are other tools available like nfstat to help show other NFS information, specifically for servers use:

nfsatst -s

Fedora Linux LUKS Encryption with TPM Unlock


Written by

Windows has BitLocker, Linux has LUKS as Full Disk Encryption, but by default LUKS doesn’t unlock via the TPM and requires a password.

There are many guides out there that show a very complex setup but for the basic encrypt the root partition and unlock it with a TPM, its actually fairly simple.

The following commands will setup your Fedora Linux (Tested with Fedora 32) LUKS boot volume to unlock automatically with the TPM.

dnf install clevis clevis-dracut clevis-luks
clevis luks bind -d /dev/sda3 tpm2 '{"pcr_ids":"7"}'
dracut -f
reboot

This was tested with non-Secure booting EFI.

These guides were very helpful: