Skip to content

Instantly share code, notes, and snippets.

@giannello
Last active November 8, 2024 15:10
Show Gist options
  • Save giannello/367b868618950e5687ef344d82d1e204 to your computer and use it in GitHub Desktop.
Save giannello/367b868618950e5687ef344d82d1e204 to your computer and use it in GitHub Desktop.
Install fprintd-tod with support for Broadcom readers on Debian testing
#!/usr/bin/env sh
####################################################################
### ____ _____ ____ ___ _ _ _ ___ _ _ _ __ __ ###
### | _ \| ____| __ )_ _| / \ | \ | | / _ \| \ | | | \ \ / / ###
### | | | | _| | _ \| | / _ \ | \| | | | | | \| | | \ V / ###
### | |_| | |___| |_) | | / ___ \| |\ | | |_| | |\ | |___| | ###
### |____/|_____|____/___/_/ \_\_| \_| \___/|_| \_|_____|_| ###
####################################################################
####### _ _ ___ _ _ ____ _ _ _ _ _____ _ _ ########
####### | \ | |/ _ \ | | | | __ )| | | | \ | |_ _| | | | ########
####### | \| | | | | | | | | _ \| | | | \| | | | | | | | ########
####### | |\ | |_| | | |_| | |_) | |_| | |\ | | | | |_| | ########
####### |_| \_|\___/ \___/|____/ \___/|_| \_| |_| \___/ ########
####################################################################
TEMPDIR=$(mktemp -d)
# Install build dependencies
sudo DEBIAN_FRONTEND=noninteractive apt -qq build-dep -y libfprint-2-2
# Clone the closed-source library and firmware
cd "${TEMPDIR}" || exit
git clone --depth=1 --branch jammy git://git.launchpad.net/libfprint-2-tod1-broadcom
cd libfprint-2-tod1-broadcom || exit
sudo cp lib/udev/rules.d/60-libfprint-2-device-broadcom.rules /usr/lib/udev/rules.d/60-libfprint-2-device-broadcom.rules
sudo chown -R root:root /usr/lib/udev/rules.d/60-libfprint-2-device-broadcom.rules
sudo mkdir -p /usr/lib/x86_64-linux-gnu/libfprint-2/tod-1
sudo cp usr/lib/x86_64-linux-gnu/libfprint-2/tod-1/libfprint-2-tod-1-broadcom.so /usr/lib/x86_64-linux-gnu/libfprint-2/tod-1/libfprint-2-tod-1-broadcom.so
sudo chown -R root:root /usr/lib/x86_64-linux-gnu/libfprint-2/tod-1/libfprint-2-tod-1-broadcom.so
sudo cp -r var/lib/fprint/fw /var/lib/fprint/
sudo chown -R root:root /var/lib/fprint/fw
# Clone libfprint, switch to the correct tag, patch and build
# LIBFPRINT_VERSION=$(dpkg-query --showformat='${Version}' --show fprintd | cut -d '-' -f 1)
LIBFPRINT_VERSION=$(dpkg-query --showformat='${Version}' --show libfprint-2-2 | cut -d '-' -f 1 | cut -d ":" -f 2)
cd "${TEMPDIR}" || exit
git clone --branch v${LIBFPRINT_VERSION}+tod1 --depth=1 https://gitlab.freedesktop.org/3v1n0/libfprint.git
cd "${TEMPDIR}"/libfprint || exit
sed -e "/subdir('tests')/s/^/#/g" -i meson.build
sed -e "/subdir('examples')/s/^/#/g" -i meson.build
meson build --prefix=/usr
cd build || exit
meson compile
sudo cp libfprint/tod/libfprint-2-tod.so.1 /usr/lib/x86_64-linux-gnu/libfprint-2-tod.so.1
sudo chown root:root /usr/lib/x86_64-linux-gnu/libfprint-2-tod.so.1
sudo ln -sf /usr/lib/x86_64-linux-gnu/libfprint-2-tod.so.1 /usr/lib/x86_64-linux-gnu/libfprint-2-tod.so
sudo cp libfprint/libfprint-2.so.2 /usr/lib/x86_64-linux-gnu/
sudo chown root:root /usr/lib/x86_64-linux-gnu/libfprint-2.so.2
## Remove file incorrectly copied in a previous revision of this gist
sudo rm -f /usr/lib/x86_64-linux-gnu/libfprint-2/tod-1/libfprint-2-tod.so.1
cd "${TEMPDIR}"
# Configure fprintd to not sleep
sudo mkdir -p /etc/systemd/system/fprintd.service.d
cat > override.conf <<EOF
[Service]
ExecStart=
ExecStart=/usr/libexec/fprintd --no-timeout
EOF
sudo cp override.conf /etc/systemd/system/fprintd.service.d/override.conf
sudo udevadm control --reload-rules
sudo systemctl daemon-reload
sudo systemctl restart fprintd
rm -rf "${TEMPDIR}"
@johan-osvaldsson-ingka
Copy link

@giannello I just got around to trying it, and it works as expected! I'm running bookworm/sid Debian 6.1.11-1 and kernel 6.1.0-4-amd64

@gamicoulas
Copy link

It did work for me also, except after suspend as reported by others. It required a reboot to get it functioning again...

However with the newest version that I used from the upstream branch:
git clone -b upstream https://git.launchpad.net/libfprint-2-tod1-broadcom
it works flawlessly even after suspend.

Also there is no need for the fix for the wrong firmware version anymore...

@siddhpant
Copy link

siddhpant commented Dec 18, 2023

Unfortunately, fprintd package has been removed from testing since August, though libfprint-2-2 is still there. I had to add stable repo to sources to install fprintd.

Branch jammy should be used while cloning the closed source binaries to get the ones compiled against libssl3.

build-dep package doesn't exist now, so install the following (extracted from meson.build):

meson gtk-doc-tools libgudev-1.0-dev libnss3-dev libgusb-dev libpixman-1-dev libglib2.0-dev libgirepository1.0-dev libcairo2-dev

I used libfprint version (as it is > fprintd ver on testing) in Line 42 with the following command:

dpkg-query --showformat='${Version}' --show libfprint-2-2 | cut -d '-' -f 1 | cut -d ":" -f 2

Line 46 of this gist should be removed else cannot build (gives installed_tests variable failure).

The last echos are also useless now.

(Made these changes in forked gist here, please update this gist.)


After all this, I can enroll using fprintd-enroll and verify using fprintd-verify.

But GDM cannot allow me to login, it has continuous failures and is stuck in a loop so cannot login. Does anyone know a fix for this?

@giannello
Copy link
Author

Unfortunately, fprintd package has been removed from testing since August, though libfprint-2-2 is still there. I had to add stable repo to sources to install fprintd.

Fixed, installing from sid

Branch jammy should be used while cloning the closed source binaries to get the ones compiled against libssl3.

Fixed

build-dep package doesn't exist now, so install the following (extracted from meson.build):

That's not a package, it's an apt command. Anyway, fixed by pointing at libfprint-2-2 as it exists in the testing repo

I used libfprint version (as it is > fprintd ver on testing) in Line 42 with the following command:

dpkg-query --showformat='${Version}' --show libfprint-2-2 | cut -d '-' -f 1 | cut -d ":" -f 2

Fixed!

Line 46 of this gist should be removed else cannot build (gives installed_tests variable failure).

Fixed, we can exclude the examples from this build

After all this, I can enroll using fprintd-enroll and verify using fprintd-verify.

But GDM cannot allow me to login, it has continuous failures and is stuck in a loop so cannot login. Does anyone know a fix for this?

Any log/error you can share?

@siddhpant
Copy link

I somehow missed/dropped libpam-fprintd package somewhere in the process (as the library isn't there in testing either).

After installing it, GDM works fine. Sorry for the noise, and thanks for everything! It works nicely and fast!

@irfanjunaid
Copy link

Hi @giannello Many thanks for this script! I thought I would never get my laptop fingerprint sensor to work in Debian! I was able to register the fingerprints and was able to unlock screen and sudo auths. The setup works in the Debian 12 stable but it's wonky. After reboot, it breaks manytimes randomly. The login screen takes a while to appear(or never forcing to reboot again) and same for the sudo commands. Eventhough we pass the --no-timeout to the binary, it still exits. Trying to run fprintd from console is exiting with some C errors. Shutdown takes a lot of time and I had to press power button to turn off the laptop. When turning on the laptop, I have to reboot 2/3 times for the login screen to appear.

I'm facing this issue now everytime there is a fingerprint auth

sudo[3353]: pam_fprintd(sudo:auth): GetDevices failed: Connection timed out

From Systemd, I saw some errors:

systemd[1]: Starting fprintd.service - Fingerprint Authentication Daemon...
fprintd[1593]: double free or corruption (!prev)
systemd[1]: fprintd.service: Main process exited, code=killed, status=6/ABRT
systemd[1]: fprintd.service: Failed with result 'signal'.
systemd[1]: Failed to start fprintd.service - Fingerprint Authentication Daemon.

systemd[1]: Starting fprintd.service - Fingerprint Authentication Daemon...
systemd[1]: Started fprintd.service - Fingerprint Authentication Daemon.
fprintd[4366]: malloc(): unaligned tcache chunk detected
systemd[1]: fprintd.service: Main process exited, code=killed, status=6/ABRT
systemd[1]: fprintd.service: Failed with result 'signal'.

systemd[1]: Starting fprintd.service - Fingerprint Authentication Daemon...
systemd[1]: Started fprintd.service - Fingerprint Authentication Daemon.
systemd[1]: fprintd.service: Main process exited, code=killed, status=11/SEGV
systemd[1]: fprintd.service: Failed with result 'signal'.

systemd[1]: Starting fprintd.service - Fingerprint Authentication Daemon...
systemd[1]: Started fprintd.service - Fingerprint Authentication Daemon.
systemd[1]: fprintd.service: Main process exited, code=killed, status=7/BUS
systemd[1]: fprintd.service: Failed with result 'signal'.

Restarting the service works for a few minutes and then these issues are back.

@giannello
Copy link
Author

@irfanjunaid I have never tried this on Debian 12 - maybe it ships an old version of fprintd that doesn't work very well with the out-of-tree drivers?

@irfanjunaid
Copy link

irfanjunaid commented May 7, 2024

Yeah, it seems like it has something to do with the fprintd. Everything works perfectly on Ubuntu Noble and Jammy but not in Debian. I will try testing with different versions of the driver and fprintd. Thank you again for this script @giannello 👍

@Belledonne0
Copy link

Looking for running Broadcom Corp. 58200 on Debian 12.
i've Impossible to enroll: GDBus.Error:net.reactivated.Fprint.Error.NoSuchDevice: No devices available
OK on lsusb :Bus 001 Device 005: ID 0a5c:5843 Broadcom Corp. 58200

Thx

@Fffrank
Copy link

Fffrank commented Nov 7, 2024

Yeah, it seems like it has something to do with the fprintd. Everything works perfectly on Ubuntu Noble and Jammy but not in Debian. I will try testing with different versions of the driver and fprintd. Thank you again for this script @giannello 👍

You were able to get the broadcom 58200 0a5c:5843 working on noble using these commands? I know they need to be changed slightly for ubuntu but I haven't had any luck.

@giannello
Copy link
Author

My new laptop does not have this fingerprint reader anymore, so the script is currently unmaintaned.

@Kaloyan501
Copy link

Kaloyan501 commented Nov 8, 2024

Could this script be converted to work on Arch? Also, does it work with 0a5c:5834

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment