Must disable YubiKey authentication to install JetPack with sdkmanager

An unfortunate reality of the JetPack installer is that YubiKey authentication has to be disabled for the installation to succeed.

It appears the reason for this is that the JetPack installer (sdkmanager) collects the user’s password at the beginning and then uses it to repeatedly execute processes “sudo”. YubiKey authentication requires user interaction with every creation of a new sudo process in a new bash shell. There is no way to do the input given how sdkmanager works – subsequent sudos will just fail.

Alternatively, sdkmanager could just create one sudo process, giving the user the chance to tap the YubiKey once, and then use this process as a parent for all subsequent operations requiring sudo.

Unknown if launching sdkmanager via sudo would work, but my guess is that may cause other problems.

sdkmanager should NOT be started with sudo. It will cause many other problems.

For example, if sdkmanager needs to run a script, and in this script some functions need sudo privilege, and others don’t. Starting sdkmanager with sudo privilege will cause the whole script to be run with sudo permission. All files created by this script will be owned by root, which is incorrect.

And, even if it did work, it would be bad practice! If the functions that need sudo could be launched from a single sudo process authenticated once at the beginning of an sdkmanager run, then YubiKey authentication (and/or any other multi-factor auth) could remain active on the host machine, which would be preferable.

Hi Michael,

sdkmanager is NOT holding user password in plain text. It is encrypted in memory. When it needs the password, it decrypts the encrypted password and uses the result.

Glad to hear that! Looking forward to compatibility with mutli-factor auth if/when it arrives. I edited out the incorrect part of my comment above.