eliott/Linux-Hello
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4e6bfda5b3ff2d38f3de705e79a20196a099a629
Linux-Hello/TESTING.md
eliott 23230cb745 updating doc
2026-01-15 22:50:18 +01:00

423 lines
8.7 KiB
Markdown
Raw Blame History

# Testing Linux Hello on Your Linux Computer
This guide will help you test Linux Hello on your system. We'll start with safe CLI testing before any system-level installation.
## Prerequisites
### Install Required Packages
**Debian/Ubuntu:**
```bash
sudo apt update
sudo apt install -y \
build-essential \
libpam0g-dev \
v4l-utils \
pkg-config \
libssl-dev
```
**Fedora/RHEL:**
```bash
sudo dnf install -y \
gcc \
make \
pam-devel \
v4l-utils \
pkgconfig \
openssl-devel
```
**Arch Linux:**
```bash
sudo pacman -S \
base-devel \
pam \
v4l-utils \
pkgconf \
openssl
```
### Install Rust
If you don't have Rust installed:
```bash
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source $HOME/.cargo/env
```
---
## Step 1: Build the Project
```bash
# Clone or navigate to the project directory
cd Linux-Hello
# Build in release mode (works on any Linux)
cargo build --release
# Or with ONNX ML support (requires glibc 2.38+ / Ubuntu 24.04+)
cargo build --release --features onnx
```
This will create:
- `target/release/linux-hello` (CLI tool)
- `target/release/linux-hello-daemon` (daemon)
### Build Options
| Build | Command | Requirements |
|-------|---------|--------------|
| Default | `cargo build --release` | Any Linux |
| With ONNX | `cargo build --release --features onnx` | glibc 2.38+ |
| With TPM | `cargo build --release --features tpm` | TPM2 libraries |
---
## Step 2: Test Without Installation (Safest)
You can test most features without installing anything system-wide.
### 2.1 Check Camera Detection
```bash
# Run the CLI tool directly
./target/release/linux-hello status --camera
```
**Expected output:**
- Lists available cameras
- Shows IR camera detection
- May show "No cameras found" if no camera is connected
**Note:** Works even without a camera (will show empty list or use mock).
### 2.2 Test Configuration
```bash
# View default configuration
./target/release/linux-hello config
# View as JSON
./target/release/linux-hello config --json
```
### 2.3 Capture Test Frames (if camera available)
```bash
# Create a test directory
mkdir -p ~/test-frames
# Capture 5 frames
./target/release/linux-hello capture --output ~/test-frames --count 5
```
**Expected:** Creates PNG files in `~/test-frames/` (if camera available).
### 2.4 Test Face Detection (with image file)
```bash
# Test detection on a photo
./target/release/linux-hello detect --image ~/test-frames/frame_000.png --output ~/detected.png
```
**Expected:**
- With ONNX models: Accurate face detection with bounding boxes
- Without ONNX: Basic placeholder detection (unreliable)
---
## Step 3: Test with Daemon (Manual Start)
Before installing system-wide, test the daemon manually:
### 3.1 Start Daemon Manually
```bash
# Create runtime directory
sudo mkdir -p /run/linux-hello
sudo chmod 777 /run/linux-hello # For testing only!
# Start daemon in foreground (to see logs)
sudo ./target/release/linux-hello-daemon
```
**Keep this terminal open** - you'll see daemon logs.
### 3.2 Test Enrollment (in another terminal)
```bash
# In a new terminal, test enrollment
./target/release/linux-hello enroll --label test
```
**Expected:**
- Captures frames from camera
- Runs anti-spoofing checks
- Creates face template
- Stores encrypted in `/var/lib/linux-hello/templates/`
### 3.3 Test Authentication
```bash
# Test authentication
./target/release/linux-hello test
```
**Expected:**
- Captures frame from camera
- Runs face detection
- Compares with enrolled template
- Reports success/failure with confidence score
### 3.4 List Enrolled Templates
```bash
./target/release/linux-hello list
```
---
## Step 4: Full Installation (Optional)
**Warning:** This modifies system PAM configuration. Test in a VM or have a recovery plan.
### 4.1 Build PAM Module
```bash
cd pam-module
make
```
### 4.2 Install Components
```bash
# Install PAM module
sudo make install
# Install daemon and CLI
sudo cp ../target/release/linux-hello-daemon /usr/libexec/
sudo cp ../target/release/linux-hello /usr/bin/
sudo chmod +x /usr/libexec/linux-hello-daemon /usr/bin/linux-hello
# Install systemd service
sudo cp ../dist/linux-hello.service /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl enable linux-hello.service
sudo systemctl start linux-hello.service
# Install D-Bus configuration
sudo cp ../dist/org.linuxhello.Daemon.conf /etc/dbus-1/system.d/
sudo cp ../dist/org.linuxhello.Daemon.service /usr/share/dbus-1/system-services/
# Install configuration
sudo mkdir -p /etc/linux-hello
sudo cp ../dist/config.toml /etc/linux-hello/
```
### 4.3 Configure PAM (CAREFUL!)
**Backup first:**
```bash
sudo cp /etc/pam.d/common-auth /etc/pam.d/common-auth.backup
```
**Edit PAM config:**
```bash
sudo nano /etc/pam.d/common-auth
```
Add at the top:
```
auth sufficient pam_linux_hello.so debug fallback=password
auth required pam_unix.so use_first_pass
```
**Test login:**
- Try logging out and back in
- Face authentication will be attempted first
- Falls back to password if it fails
---
## Step 5: ONNX Model Setup (For Real Face Recognition)
For accurate face recognition, you need ONNX models:
### 5.1 Check System Requirements
ONNX support requires **glibc 2.38+**:
- Ubuntu 24.04 or later
- Fedora 39 or later
- Arch Linux (rolling release)
```bash
# Check your glibc version
ldd --version
```
### 5.2 Download Models
See [models/README.md](models/README.md) for model download instructions.
### 5.3 Build with ONNX
```bash
cargo build --release --features onnx
```
---
## Step 6: Troubleshooting
### Daemon Won't Start
```bash
# Check if socket directory exists
ls -la /run/linux-hello/
# Check daemon logs
sudo journalctl -u linux-hello.service -f
```
### Camera Not Detected
```bash
# List V4L2 devices
v4l2-ctl --list-devices
# Check permissions
ls -la /dev/video*
# May need to add user to video group
sudo usermod -aG video $USER
# Log out and back in
```
### Permission Errors
```bash
# Template storage directory
sudo mkdir -p /var/lib/linux-hello/templates
sudo chmod 755 /var/lib/linux-hello/templates
# Runtime directory
sudo mkdir -p /run/linux-hello
sudo chmod 755 /run/linux-hello
```
### PAM Module Issues
```bash
# Check if module is installed
ls -la /lib/x86_64-linux-gnu/security/pam_linux_hello.so
# Check PAM logs
sudo tail -f /var/log/auth.log
# or
sudo journalctl -f | grep pam
```
### ONNX Linking Errors
If you see errors about `__isoc23_strtoll`:
- Your system has glibc < 2.38
- Use the default build (without `--features onnx`)
- Or upgrade to Ubuntu 24.04+ / Fedora 39+
---
## Step 7: Running Tests
```bash
# Run all tests
cargo test
# Run specific test suites
cargo test --test phase3_security_test
cargo test --test phase2_auth_test
# Run with output
cargo test -- --nocapture
# Run benchmarks
cargo bench -p linux-hello-daemon
```
---
## Step 8: Cleanup (If Needed)
### Remove Installation
```bash
# Stop and disable service
sudo systemctl stop linux-hello.service
sudo systemctl disable linux-hello.service
# Remove PAM module
cd pam-module
sudo make uninstall
# Remove binaries
sudo rm /usr/libexec/linux-hello-daemon
sudo rm /usr/bin/linux-hello
# Remove service file
sudo rm /etc/systemd/system/linux-hello.service
sudo systemctl daemon-reload
# Remove D-Bus files
sudo rm /etc/dbus-1/system.d/org.linuxhello.Daemon.conf
sudo rm /usr/share/dbus-1/system-services/org.linuxhello.Daemon.service
# Restore PAM config
sudo cp /etc/pam.d/common-auth.backup /etc/pam.d/common-auth
```
---
## Safety Recommendations
1. **Test in a VM first** - Don't test on your main system
2. **Keep password fallback** - Always have `fallback=password` in PAM config
3. **Backup PAM configs** - Before modifying `/etc/pam.d/`
4. **Test logout/login** - In a separate session (don't lock yourself out)
5. **Use TPM for production** - Software fallback is for development only
---
## Quick Test Checklist
- [ ] Project builds successfully
- [ ] CLI tool runs (`./target/release/linux-hello status`)
- [ ] Camera enumeration works (or shows empty list)
- [ ] Configuration displays correctly
- [ ] Daemon starts manually
- [ ] Enrollment works (creates template)
- [ ] Authentication test runs
- [ ] Tests pass (`cargo test`)
---
## What Works With/Without ONNX
### Default Build (No ONNX)
- All infrastructure and security features
- Camera capture and IR control
- Anti-spoofing framework
- Template encryption (AES-256-GCM)
- IPC and D-Bus communication
- **Placeholder** face detection/embedding (not accurate)
### With ONNX Models
- Accurate face detection (RetinaFace)
- Accurate face embedding (MobileFaceNet)
- Production-ready face recognition
- Proper anti-spoofing based on real face data
---
**The system is feature-complete.** For production use, build with `--features onnx` on a compatible system and download the ONNX models.
Reference in New Issue View Git Blame Copy Permalink