update udev rules

[pythcoiner]

I recently hit a connectivity issue w/ my mk4 on archlinux after an OS update.

My understanding of this thread that seems related is:

• systemd < 258 were silently ignoring GROUP="plugdev" on systems that don't have plugdev group (like archlinux)
• from systemd 258 recently released, it does not ignore anymore, thus systems that were working w/ coldcard previously but that dont have a plugdev group cannot access to the hid interface anymore.

archlinux advice to use TAG+="uaccess" restricting access to logged-in users rather than a group.

all others signing devices vendor that I've checked uses combinations of TAG+="uaccess" + TAG+="udev-acl" (seems to be kept for compatibilty w/ older systems) + (inline) SUBSYSTEM=="usb"

This PR apply the same scheme

[scgbckbone]

looking good! thanks

I'll test few different targets before moving on with this

[pythcoiner]

sure, I've only machines running archlinux, but I can try few others distros on vms w/ usb passthrough

[pythcoiner]

I've been reported that SUBSYSTEM=="usb" seems problematic in some configs, so likely to be dropped

[algotechio]

I ran into the same problem that systemd as of version 258 does not allow udev rules set permissions with a custom group (source).

sudo journalctl | grep udev  
Dec 02 21:59:32 x systemd-udevd[1108]: /etc/udev/rules.d/21-jade.rules:1 Group 'plugdev' is not a system group, ignoring.
Dec 02 21:59:32 x systemd-udevd[1108]: /etc/udev/rules.d/51-trezor.rules:11 Group 'plugdev' is not a system group, ignoring.
Dec 02 21:59:32 x systemd-udevd[1108]: /etc/udev/rules.d/51-trezor.rules:12 Group 'plugdev' is not a system group, ignoring.
Dec 02 21:59:32 x systemd-udevd[1108]: /etc/udev/rules.d/51-trezor.rules:15 Group 'plugdev' is not a system group, ignoring.
Dec 02 21:59:32 x systemd-udevd[1108]: /etc/udev/rules.d/51-trezor.rules:16 Group 'plugdev' is not a system group, ignoring.
Dec 02 21:59:32 x systemd-udevd[1108]: /etc/udev/rules.d/51-trezor.rules:17 Group 'plugdev' is not a system group, ignoring.

Keepkey and Jade that also use the non-system group plugdev will have this problem.

I was able to fix it with the following /etc/udev/rules.d/51-coinkite.rules:

SUBSYSTEMS=="usb", ATTRS{idVendor}=="d13e", ATTRS{idProduct}=="cc10", TAG+="uaccess"
KERNEL=="hidraw*", ATTRS{idVendor}=="d13e", ATTRS{idProduct}=="cc10", TAG+="uaccess"

I was not familiar with the uaccess and concerned about the security. As per chatgpt:

 Why TAG+="uaccess" is safe

uaccess does NOT give permission to all users.

It gives temporary access only to the active, logged-in local user session, enforced by systemd-logind.
Meaning:

    ✔ Only the user physically logged in (TTY or graphical session) gets access
    ✔ SSH sessions do not get access
    ✔ Other users on the system do not get access
    ✔ If you log out → access is revoked
    ✔ Only that user gets ACLs on the device, not global permissions

This is actually less permissive than the old plugdev group, where:

    Everyone in the group always had access
    Even remote users
    Even background sessions
    No automatic revocation

With uaccess, everything is controlled by session ownership, not group membership.

As people upgrade to new versions of Linux OSs with systemd v258, it will break the connectivity to wallets. There are not so many references about this problem.

[scgbckbone]

@pythcoiner your diff (with or without inline SUBSYSTEM=="usb") does not work on my machine with systemd < 258

$ uname -a 
Linux xxxx 6.14.0-36-generic #36~24.04.1-Ubuntu SMP PREEMPT_DYNAMIC <date> x86_64 x86_64 x86_64 GNU/Linux
$ systemctl --version 
systemd 255 (255.4-1ubuntu8.10)

@algotechio version works ok:

SUBSYSTEMS=="usb", ATTRS{idVendor}=="d13e", ATTRS{idProduct}=="cc10", TAG+="uaccess"
KERNEL=="hidraw*", ATTRS{idVendor}=="d13e", ATTRS{idProduct}=="cc10", TAG+="uaccess"

@pythcoiner can you verify above works for you too ?