fix(fidohid): set uniq to ASCII string to prevent udev rule failure

[kousu]

psanford/uhid fills the uniq field with 64 random bytes when unset. Binary garbage in HID_UNIQ causes 90-brltty-hid.rules to abort the entire udev transaction for the hidraw device, so fido_id never runs, ID_SECURITY_TOKEN is never set, and uaccess is never granted — leaving /dev/hidraw* inaccessible to the logged-in user.

I'm confused about why this wasn't a problem before? Did psanford/uhid change something? Did systemd? Did Arch?

Digging this out was stupidly deep. Thanks to Claude for the heavy lifting.

Fixes #31

[kousu]

Proof that this works, counterintuitive as the fix may be (this is with modprobe uhid having been run; see #30)

Before

[kousu@laptop linux-id]$ git rev-parse HEAD
0eb01f0ee902f7a7853484b3e50d903b11ff5c15
[kousu@laptop linux-id]$ git status
On branch main
Your branch is up to date with 'origin/main'.

nothing to commit, working tree clean
[kousu@laptop linux-id]$ ./install.sh 
Installing linux-id (auth=pinentry)
Stopping existing linux-id process
Building linux-id from source in /home/kousu/src/pass/linux-id
[sudo] password for kousu: 

linux-id.service status:
------------------------
● linux-id.service - linux-id TPM service
     Loaded: loaded (/usr/lib/systemd/user/linux-id.service; enabled; preset: enabled)
     Active: active (running) since Tue 2026-04-21 02:29:49 EDT; 31ms ago
 Invocation: a86b4eae7a36412eb2d63a7b0f5448ef
       Docs: https://github.com/matejsmycka/linux-id
   Main PID: 33604 ((linux-id))
      Tasks: 2 (limit: 19057)
     Memory: 2.2M (peak: 2.2M)
        CPU: 22ms
     CGroup: /user.slice/user-1000.slice/user@1000.service/app.slice/linux-id.service
             └─33604 "(linux-id)"

Apr 21 02:29:49 laptop systemd[1901]: Started linux-id TPM service.

Installation successful (auth=pinentry). Log out and back in (or reboot)
so the new udev rules and user systemd unit are picked up.

[kousu@laptop linux-id]$ getfacl /dev/hidraw0 
getfacl: Removing leading '/' from absolute path names
# file: dev/hidraw0
# owner: root
# group: root
user::rw-
group::---
other::---

The problem is that root:root user::rw-. It means Firefox doesn't have the right to talk to linux-id.

and https://demo.yubico.com/webauthn-technical/login hangs

After

[kousu@laptop linux-id]$ git checkout hidraw-perms 
Switched to branch 'hidraw-perms'
Your branch is up to date with 'kousu/hidraw-perms'.
[kousu@laptop linux-id]$ git rev-parse HEAD
ccbff6c628122d00fa331e5423e977cb22fc28af
[kousu@laptop linux-id]$ git status
On branch hidraw-perms
Your branch is up to date with 'kousu/hidraw-perms'.

nothing to commit, working tree clean
[kousu@laptop linux-id]$ ./install.sh 
Installing linux-id (auth=pinentry)
Stopping existing linux-id process
Building linux-id from source in /home/kousu/src/pass/linux-id

linux-id.service status:
------------------------
● linux-id.service - linux-id TPM service
     Loaded: loaded (/usr/lib/systemd/user/linux-id.service; enabled; preset: enabled)
     Active: active (running) since Tue 2026-04-21 02:33:17 EDT; 30ms ago
 Invocation: d53e2298eea6491b926913f6dc6e3d4e
       Docs: https://github.com/matejsmycka/linux-id
   Main PID: 34845 ((linux-id))
      Tasks: 1 (limit: 19057)
     Memory: 2.1M (peak: 2.2M)
        CPU: 23ms
     CGroup: /user.slice/user-1000.slice/user@1000.service/app.slice/linux-id.service
             ├─34845 "(linux-id)"
             └─34850 "(sd-pidns-"

Apr 21 02:33:17 laptop systemd[1901]: Started linux-id TPM service.

Installation successful (auth=pinentry). Log out and back in (or reboot)
so the new udev rules and user systemd unit are picked up.
[kousu@laptop linux-id]$ getfacl /dev/hidraw0 
getfacl: Removing leading '/' from absolute path names
# file: dev/hidraw0
# owner: root
# group: input
user::rw-
user:kousu:rw-
group::rw-
mask::rw-
other::---

The fix is that user:kousu:rw-, set via udev's uaccess tag.

https://demo.yubico.com/webauthn-technical/login makes linux-id prompt and auth succeeds: