drduh/YubiKey-Guide

Stale references to nix + other issues

Open

#498 opened on May 5, 2025

View on GitHub
 (6 comments) (1 reaction) (0 assignees)HTML (12,308 stars) (1,249 forks)batch import
help wanted

Description

Here are a couple of issues with the nix component of this guide:

  1. The Build an air-gapped NixOS LiveCD image part of the guide no longer works after moving flake.nix to nix subdirectory. Similar issue with the other commands. Adding ?dir=nix argument to the flake url should solve the problem.
  2. The flake lock file is outdated: it contains drduhConfig which was removed from the flake inputs.

And other issues noticed while following it:

  1. sudo mkdir /mnt/encrypted-storage does not work on NixOS as /mnt is not created by default.
  2. gpg-agent needs to be stopped before using ykman openpgp commands.
  3. Transfer subkeys just doesn't work (gpg: KEYTOCARD failed: Invalid time error). What solved was to run the interactive command manually without --pinentry-mode=loopback
  4. Running save after keytocard makes it annoying to transfer the keys to multiple yubikeys, as they are removed from gnupg. I had to delete all secret keys form my gnupg and re-import the backups. It seems to me like the live NixOS image support is slowly being faded out. Is there a particular reason for this?

Anyways, this was a great guide, thank you to all who contributed to it!

Contributor guide

Tech stack
shell
Domain
documentationsecurity
Issue type
bug
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
half day
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
fresh
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
mostly clear
Prerequisites
Shell experienceNixOS fundamentalsGPG basics
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
60
Research direction
Update the NixOS LiveCD guide to fix stale references: add ?dir=nix to flake URL, update flake.lock to remove drduhConfig, fix /mnt creation, stop gpg agent before ykman, adjust key transfer instructions. See issue #498 for details. Additionally, respond to the maintainer about the future of NixOS support.