Black God

How to get Fingerprint reader working in Fedora Linux (Upek 147e:1000 in this case)

Many Business laptop models equipped with Fingerprint Sensor. Though it is not considered as good security system for a laptop login, still some specific applications utilize this feature for identification and authentication.

My Sony laptop VGN-CS15GN/B is having Upek Fingerprint sensor. In this case my OS is Fedora 13 64bit. By default Fedora supports Fingerprint login for some of the models of sensor, not all. My fingerprint is one such unsupported. Its Vendor ID is 147e and Product ID is 1000.

$ lsusb

. . . . . .
Bus 003 Device 002: ID 147e:1000 Upek Biometric Touchchip/Touchstrip Fingerprint Sensor
. . . . . .

$ dmesg

. . . . . .
usb 3-1: new full speed USB device using uhci_hcd and address 2
usb 3-1: New USB device found, idVendor=147e, idProduct=1000
usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
usb 3-1: Product: Fingerprint Sensor
usb 3-1: Manufacturer: TouchStrip
. . . . . .

I am just testing whether my fingerprint sensor is supported out of box in Fedora.

$ fprintd-enroll
list_devices failed: No devices available

As I know it is not supported :-) Let’s start our work now.

I read and understood that the libfprint project, the backend library and kernel module behind fingerprint sensors supports upek devices. But when I checked with upeksonly module code (one which supports UPEK Touchstrip sensor-only models), the supported device table does not list my model 147e:1000. Though it is not supported, I have read some where in intenet, that still it works as “Unknown device”. It is better to patch this module, so that other GUI applications which we are going to use will recognize this sensor without any hassles. This How-To explains the way to get GDM login using fingerprint.

Step-1: Here is the steps to get patched libfprint installed.

$ yum search libfprint
Loaded plugins: presto, refresh-packagekit
============================== Matched: libfprint ==============================
libfprint-devel.i686 : Development files for libfprint
libfprint-devel.x86_64 : Development files for libfprint
libfprint.i686 : Tool kit for fingerprint scanner
libfprint.x86_64 : Tool kit for fingerprint scanner

Now let’s install the dependencies to compile the libfprint.

# yum groupinstall ‘Development Tools’

# yum install kernel-devel libfprint-devel *libusb* *libcrypto* glib2-devel ImageMagick-devel

Download the libfprint from here.

$ tar jxvf libfprint-0.1.0-pre2.tar.bz2

$ cd libfprint-0.1.0-pre2

$ vi libfprint/drivers/upeksonly.c

Add “{ .vendor = 0x147e, .product = 0×1000 },” in the supported devices table declared as shown below.
. . . . . .
static const struct usb_id id_table[] = {
{ .vendor = 0x147e, .product = 0×2016 },
{ .vendor = 0x147e, .product = 0×1000 },
{ 0, 0, 0, },
};
. . . . .

$ ./configure
$ make
$ su -c ‘make install’

Step-2: Now let’s install fingerprint-GUI application.

Let’s install the dependencies first.

$ su -c ‘yum install libQt* libfake* libqca*’

Download the fingerprint-GUI application from here.

$ tar zxvf fingerprint-gui-0.14-x64.tar.gz

$ cd fingerprint-gui-0.14

$ su -c ‘./install.sh’

Password:

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
The following device was found on your system:
Bus 003 Device 002: ID 147e:1000 Upek Biometric Touchchip/Touchstrip Fingerprint Sensor.
A specific proprietary (non opensource) driver “libbsapi.so”
from UPEK Inc. (http://www.upek.com/) is available for this device.
To take full advantage of this device, the installation of this driver
is required. Do you want the install script to copy this driver to
“/usr/lib”? (Yes/no): Yes
Driver “libbsapi.so” was copied to “/usr/lib”.

!!!WARNING!!!
A group named “plugdev” was not found in “/etc/group”.
Please create this group and make all desktop users to members of this group.
Refer to “Install-step-by-step.pdf” for more information.

Fingerprint binaries have been installed.

Step-3: Create a group called “plugdev” and add your desktop user as member of this group. This can be done through System -> Administration -> Users and Groups. Refer the following screenshots for easier steps.

Reboot the system.

Step-4: Ensure that “uinput” module (for fingerprint PAM authentication) loaded.

$ lsmod | grep uinput
uinput 7230 0

Now it’s time to enroll our fingerprint and store. This can be done by System -> Preferences -> Fingerprint GUI. The below screenshots are self explanatory to enroll the fingerprint.

Now we have successfully saved fingerprint a desktop user. You may notice a hang or crash of fingerprint-GUI while testing PAM service in “Settings” tab as shown below.

Step-5: Before solving PAM issue, let’s confirm the working of fingerprint libraries through following command.

$ fingerprint-identifier

It should show a fingerprint animation asking you to swipe your finger to test it against the stored one. The below screenshots are self explanatory.

Since PAM authentication is not yet configured, the following command will fail (not recognizing the user) as shown in screenshot below.

$ su -c ‘fingerprint-plugin’

Step-6: At this stage, we have to configure out authentication mechanism to use fingerprint-GUI’s library instead of default one. This How-To is going to explain only GNOME GDM login screen. Apart from GDM, other authentication scenarios like console login, su, xscreensaver lock are also well explained in PDF document available here. This PDF is available in libfprint source directory also.

Removing the system installed fingerprint plugin for GDM.

$ su -c ‘yum remove gdm-plugin-fingerprint’

Disable fingerprint authentication in System -> Administration -> Authentications as shown below.

Next step is to edit the PAM authentication configuration files.

$ cd /etc/pam.d
$ su -c ‘cp system-auth-ac common-auth.fingerprint’
$ su -c ‘vi common-auth.fingerprint’

Add the following line as first line in common-auth.fingerprint
auth sufficient pam_fingerprint-gui.so debug
And also ensure that try_first_pass is passed as argument to pam_unix.so in this file.

$ su -c ‘vi /etc/pam.d/gdm-password’
Change the line
auth substack password-auth
as
auth substack common-auth.fingerprint

Though the fingerprint-GUI document instructs to issue the following command to disable user browser in GDM screen, it causes login dialog to disappear. So I am skipping the following command!!!!!!

$ su -c ‘gconftool-2 –direct –config-source xml:readwrite:/etc/gconf/gconf.xml.defaults –type bool –set /apps/gdm/simple-greeter/disable_user_list true’

Reboot the system. GDM login does not show fingerprint swipe dialog. When I login as usual with password, I noticed security error alerts. I understood that SELinux does not permit fingerprint module to run during GDM login session. I am getting following security errors.

1. SELinux is preventing /usr/local/bin/fingerprint-helper “create” access to .config

2. SELinux is preventing /usr/libexec/gdm-session-worker “write” access on fingerprint-plugin

3. SELinux is preventing /usr/local/bin/fingerprint-helper ”write” access to fingerprint-plugin

The following is the way to put SELinux in permissive mode to get our job done. I understood that it is not a solution, but this is how I got it working. If some one can comment on how to do it neatly, I will be happy.

$ su -c ‘vi /etc/selinux/config’
Change the line
SELINUX=enforcing
as
SELINUX=permissive

Logout and to check out your GDM login screen. Since we are not able to disable user browser list, you have to select user to login. Then fingerprint swipe dialog displayed. Just swipe and login.

I request your comment and suggestion to improve this HOW-TO.

16 comments for “How to get Fingerprint reader working in Fedora Linux (Upek 147e:1000 in this case)

  1. TuxBe
    January 25, 2013 at 9:43 pm

    Could someone give me a clue on how could I build fingerprint-gui on CentOS 6.3, I cannot find a solution for the problems of polkit-qt that don’t exist for CentOS, I tried to install version 0.99 for Fedora14, but it seems to be too old and the build fails…
    Do someone have an idea to help me ?
    My primary goal is to make my fingerprint-reader work on a Lenovo Thinkpad T530 with CentOS 6.3…
    Any idea would be greatly appreciated !

  2. hangman
    January 25, 2013 at 9:27 am

    Hey, thanks for taking the time to post such a cool tutorial. I’m new to Linux, please bear with me. I’m trying to install this on a 32-bit Fedora 14 system.

    I’m to the last part of Step 2, everything has gone smoothly so far. However, su -c ‘./install.sh’ results in:

    bash: ‘./install.sh’: No such file or directory

    Any recommendation you care to provide is much appreciated.

  3. Alpork3
    March 7, 2012 at 11:10 pm

    Hi
    I have F16 x64 and Bus 004 Device 002: ID 08ff:2810 AuthenTec, Inc. AES2810 :(
    I try do this procedure to work my reader and i;ve got problem
    I’am on step 2 and i download the fingerprint-gui (v.1.03)… when I do make i’ve got strange error

    ../../src/PolkitListener.cpp:162:55: error: no matching function for call to ‘PolkitQt1::Agent::Session::Session(PolkitQt1::Identity*&, QString&, PolkitQt1::Agent::AsyncResult*&)’
    ../../src/PolkitListener.cpp:162:55: note: candidates are:
    /usr/include/polkit-qt-1/PolkitQt1/Agent/../../polkitqt1-agent-session.h:103:14: note: PolkitQt1::Agent::Session::Session(PolkitAgentSession*, QObject*)
    /usr/include/polkit-qt-1/PolkitQt1/Agent/../../polkitqt1-agent-session.h:103:14: note: candidate expects 2 arguments, 3 provided
    /usr/include/polkit-qt-1/PolkitQt1/Agent/../../polkitqt1-agent-session.h:93:5: note: PolkitQt1::Agent::Session::Session(const PolkitQt1::Identity&, const QString&, PolkitQt1::Agent::AsyncResult*, QObject*)
    /usr/include/polkit-qt-1/PolkitQt1/Agent/../../polkitqt1-agent-session.h:93:5: note: no known conversion for argument 1 from ‘PolkitQt1::Identity*’ to ‘const PolkitQt1::Identity&’
    /usr/include/polkit-qt-1/PolkitQt1/Agent/../../polkitqt1-agent-session.h:83:5: note: PolkitQt1::Agent::Session::Session(const PolkitQt1::Agent::Session&)
    /usr/include/polkit-qt-1/PolkitQt1/Agent/../../polkitqt1-agent-session.h:83:5: note: candidate expects 1 argument, 3 provided

    i don’t know what i can do … can You help me :(
    I also try send this command “qmake-qt4 LIBPOLKIT_QT = LIBPOLKIT_QT_1_1″ but after i have still thie error …

    • oltar
      December 19, 2012 at 5:54 am

      Hello,

      Replying to such an old thread may seem like raising the
      dead :-) But since nobody provided an answer to this problem as far as I
      googled, here is what finally worked for me on Ubuntu 12.04:

      qmake-qt4 ‘LIBPOLKIT_QT=LIBPOLKIT_QT_1_1′

      It
      seems that the syntax provided in the README was not 100% correct and
      did not generate a proper ‘-D’ compile option for the Makefile in /fingerprint-gui-1.04/bin/fingerprint-polkit-agent.

      Hope this helps.

      BR,
      Oltar

      • Abhijit
        June 13, 2013 at 11:31 pm

        Hi Oltar,

        Thanks for your suggestion.

        I have successfully compiled fingerprint-gui (version-1.05) in Fedora 18 (64-bit). I needed to patch the source with the
        fingerprint-gui_hacks.txt obtained from ” http://darkblue.homeip.net/fingerprint/Forum/topic.php?TopicId=250 ” and manually edited the make file “…/fingerprint-gui-1.05/bin/fingerprint-polkit-agent/Makefile”

        line 13 changed the flag “-DLIBPOLKIT_QT_1_0″ to “-DLIBPOLKIT_QT_1_1″

        It worked for me.

  4. rob
    September 25, 2011 at 2:18 pm

    I am getting this error after ./configure in the first step.

    checking for inline… inline
    checking whether gcc and cc understand -c and -o together… yes
    checking for pkg-config… /usr/bin/pkg-config
    checking pkg-config is at least version 0.9.0… yes
    checking for LIBUSB… configure: error: Package requirements (libusb-1.0 >= 0.9.1) were not met:

    No package ‘libusb-1.0′ found

    Consider adjusting the PKG_CONFIG_PATH environment variable if you
    installed software in a non-standard prefix.

    Alternatively, you may set the environment variables LIBUSB_CFLAGS
    and LIBUSB_LIBS to avoid the need to call pkg-config.
    See the pkg-config man page for more details.

    [root@localhost libfprint-0.1.0-pre2]#

    Any tips?

    • rob
      September 29, 2011 at 10:51 am

      I stumbled around and resolved that issue, but I have been looking a while for this crypto package and have had no luck. Openssl.so.10 is updated, everything seems to be updated, but I just can’t find this package it is looking for. I am running fedora 15

      checking for pkg-config… /usr/bin/pkg-config
      checking pkg-config is at least version 0.9.0… yes
      checking for LIBUSB… yes
      checking for CRYPTO… configure: error: Package requirements (“libcrypto”) were not met:

      No package ‘libcrypto’ found

      Consider adjusting the PKG_CONFIG_PATH environment variable if you
      installed software in a non-standard prefix.

      Alternatively, you may set the environment variables CRYPTO_CFLAGS
      and CRYPTO_LIBS to avoid the need to call pkg-config.
      See the pkg-config man page for more details.

  5. Madhuhodigere
    September 20, 2011 at 5:24 pm

    hey i am facing problem in fedora 13……..while instalng whatever u have told………..i have now installed all liberaries………….after executing the install.sh…i am getting the below error……….
    Missing binary ./bin/fingerprint-gui/fingerprint-gui. Please compile or use the tarball with precompiled binaries for your architecture.
    Aborting installation.
    plz help me out…………….

  6. debasish
    September 19, 2011 at 10:21 am

    I get the following error when i run the install.sh script of fingerprint-gui

    Missing binary ./bin/fingerprint-gui/fingerprint-gui. Please compile or use the tarball with precompiled binaries for your architecture.
    Aborting installation.

    Please help

    • Anonymous
      September 19, 2011 at 7:28 pm

      Can you please be specific on where did you downloaded and steps you followed. It looks like you haven’t compiled or partially

      • Madhuhodigere
        September 20, 2011 at 5:28 pm

        hey even i am geting the error…..plz can u tell me the links where u have downloaded if your………sucessful in the installation……………
        Missing binary ./bin/fingerprint-gui/fingerprint-gui. Please compile or use the tarball with precompiled binaries for your architecture.
        Aborting installation.

  7. Huy
    April 3, 2011 at 3:35 pm

    I’m sorry Black God but would you please check the link to download the fingerprint GUI or upload this package to other link. I can not download this package (in Apr 03 2011).
    Thank you for your great works so far and it’s really important with newbies of linux like me.

  8. Miguel
    August 14, 2010 at 12:13 am

    Hi

    I have come up to the step 4, in Mandriva 2010.1, when I try to check the fingerprint, he says to me that it does not have permissions the libusb to write in the device. I give him permissions by means of:

    #chmod a+rwx /dev/bus/usb/003/001

    that is the path that it indicates and the problem is not solved.

    My reader of fingerprints is equal with the only difference of that UPEK 147e:2016.

    Thanks advanced

    Miguel

    • August 14, 2010 at 12:19 am

      The installation script expects a group called “plugdev”. If it is not there, create it and add your user in this group. You may have to restart (not necessary really, but still)

  9. macuva
    August 4, 2010 at 12:28 am

    I did everything to start using fingerprint reader.. and it works. I have only one problem – on GDM screen I have to type my password, although after swipe it seems to be entered automatically… have no idea how to login fingeprint-only

    • August 4, 2010 at 1:01 am

      Hi macuva, ensure that you have replaced password authentication with fingerprint in the following steps.

      $ su -c ‘vi /etc/pam.d/gdm-password’
      Change the line
      auth substack password-auth
      as
      auth substack common-auth.fingerprint

Leave a Reply

Your email address will not be published. Required fields are marked *