Re: Problems with Gnome Authenticator 2FA

2023-02-26 Thread Gary Johnson 
Wojtek Kosior  writes:

> I recall keepassxc, beside being a password manager (and one I am
> satisfied with), can also generate authentication codes :)
>
> guix show keepassxc

Thanks, Wojtek! I was able to use keepassxc to create a TOTP code for
Gitlab 2FA.

I wonder if anyone is planning on fixing the broken GNOME Authenticator
package though?

Cheers,
  Gary

-- 
GPG Key ID: C4FBEDBD
Use `gpg --search-keys trac...@disroot.org' to find me
Protect yourself from surveillance: https://emailselfdefense.fsf.org
===
()  ascii ribbon campaign - against html e-mail
/\  www.asciiribbon.org   - against proprietary attachments

Why is HTML email a security nightmare? See https://useplaintext.email/

Please avoid sending me MS-Office attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

Re: Problems with Gnome Authenticator 2FA

2023-02-26 Thread Eugen Stan 

On 23.02.2023 01:00, Wojtek Kosior via wrote:

guix show keepassxc


Hi,

keepassxc is quite nice.
I am using the Debian version, not the guix version.

Most services supporting TOTP conforming with RFC also have a plain text 
2FA setup code (besides the normal QR setup code) .


keepassxc also has a browser extension named keepassxc-browser 
https://github.com/keepassxreboot/keepassxc-browser .


It does not seem to be packaged in guix.


Good luck,
--
Eugen Stan
begin:vcard
fn:Eugen Stan
n:Stan;Eugen
email;internet:eugen.s...@netdava.com
tel;cell:+40720898747
x-mozilla-html:FALSE
url:https://www.netdava.com
version:2.1
end:vcard

Re: Problems with Gnome Authenticator 2FA

2023-02-23 Thread Luis Felipe 
Hi Gary,

For what it's worth, I see the same error you see when I run 


guix shell authenticator -- authenticator

I'm using Guix System 2b1383c with GNOME as the desktop environment.



publickey - luis.felipe.la@protonmail.com - 0x12DE1598.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

Re: Problems with Gnome Authenticator 2FA

2023-02-22 Thread Wojtek Kosior via 
> Hi Guix,
> 
>   I'm being required to setup a 2FA application to create
> one-time-passwords for a self-managed Gitlab instance. The wrinkle is
> that I don't own a smartphone. Up until now I've been able to use 2FA
> over SMS for most systems I interact with, but Gitlab doesn't support
> this option. Instead, there is a hard requirement on using a dedicated
> application for this purpose. The recommended choices are Google
> Authenticator and Microsoft Authenticator for either iOS or Android.
> Again, I don't have access to either of these operating systems, nor do
> I want to use these proprietary applications for (what should be) such a
> basic task.
> 
> In digging through the Guix package list, I found `authenticator`:

Hi Gary!

I recall keepassxc, beside being a password manager (and one I am
satisfied with), can also generate authentication codes :)

guix show keepassxc

Good luck with your task!

Wojtek


pgpoTjfvJD78n.pgp
Description: OpenPGP digital signature

Problems with Gnome Authenticator 2FA

2023-02-22 Thread Gary Johnson 
Hi Guix,

  I'm being required to setup a 2FA application to create
one-time-passwords for a self-managed Gitlab instance. The wrinkle is
that I don't own a smartphone. Up until now I've been able to use 2FA
over SMS for most systems I interact with, but Gitlab doesn't support
this option. Instead, there is a hard requirement on using a dedicated
application for this purpose. The recommended choices are Google
Authenticator and Microsoft Authenticator for either iOS or Android.
Again, I don't have access to either of these operating systems, nor do
I want to use these proprietary applications for (what should be) such a
basic task.

In digging through the Guix package list, I found `authenticator`:

==
name: authenticator
version: 3.32.2
outputs:
+ out: everything
systems: x86_64-linux
dependencies: desktop-file-utils@0.26 gettext-minimal@0.21 glib@2.70.2 
gobject-introspection@1.66.1 gsettings-desktop-schemas@41.0 gtk+@3.24.30 
libhandy@0.0.13
+ libsecret@0.20.5 pkg-config@0.29.2 python-beautifulsoup4@4.11.1 
python-pillow@9.2.0 python-pyfavicon@0.1.1 python-pygobject@3.40.1 
python-pyotp@2.7.0
+ python-pyzbar@0.1.8 python@3.9.9 yoyo-migrations@7.2.0 zbar@0.23.90
location: gnu/packages/gnome.scm:10394:2
homepage: https://gitlab.gnome.org/World/Authenticator/
license: GPL 3+
synopsis: Two-factor authentication application built for GNOME  
description: Authenticator is a two-factor authentication (2FA) application 
built for the GNOME desktop environment.
+ 
+ Features:
+ 
+* QR code scanner
+ 
+* Beautiful UI
+ 
+* Huge database of more than 560 supported services
+ 
+* Keep your PIN tokens secure by locking the application with a password
+ 
+* Automatically fetch an image for services using their favicon
+ 
+* The possibility to add new services
==

It looks like a reasonable FOSS option, so I tried it out via `guix
shell`:

```
$ guix shell authenticator -- authenticator
```

Unfortunately, I just get a program crash and a stacktrace:

==
Traceback (most recent call last):
  File 
"/gnu/store/wj5xf38czxxm0jh6lvc5zxy8c7zfg5d3-authenticator-3.32.2/lib/python3.9/site-packages/Authenticator/application.py",
 line 59, in do_startup
self._setup_actions()
  File 
"/gnu/store/wj5xf38czxxm0jh6lvc5zxy8c7zfg5d3-authenticator-3.32.2/lib/python3.9/site-packages/Authenticator/application.py",
 line 142, in _setup_actions
Keyring.get_default().connect("notify::can-be-locked",
  File 
"/gnu/store/wj5xf38czxxm0jh6lvc5zxy8c7zfg5d3-authenticator-3.32.2/lib/python3.9/site-packages/Authenticator/models/keyring.py",
 line 49, in get_default
Keyring.instance = Keyring()
  File 
"/gnu/store/wj5xf38czxxm0jh6lvc5zxy8c7zfg5d3-authenticator-3.32.2/lib/python3.9/site-packages/Authenticator/models/keyring.py",
 line 44, in __init__
self.props.can_be_locked = self.is_password_enabled() and 
self.has_password()
  File 
"/gnu/store/wj5xf38czxxm0jh6lvc5zxy8c7zfg5d3-authenticator-3.32.2/lib/python3.9/site-packages/Authenticator/models/keyring.py",
 line 136, in is_password_enabled
state = Secret.password_lookup_sync(schema, {}, None)
gi.repository.GLib.GError: g-dbus-error-quark: The name org.freedesktop.secrets 
was not provided by any .service files (2)
Traceback (most recent call last):
  File 
"/gnu/store/wj5xf38czxxm0jh6lvc5zxy8c7zfg5d3-authenticator-3.32.2/lib/python3.9/site-packages/Authenticator/application.py",
 line 77, in do_activate
window = Window.get_default()
  File 
"/gnu/store/wj5xf38czxxm0jh6lvc5zxy8c7zfg5d3-authenticator-3.32.2/lib/python3.9/site-packages/Authenticator/widgets/window.py",
 line 70, in get_default
Window.instance = Window()
  File 
"/gnu/store/wj5xf38czxxm0jh6lvc5zxy8c7zfg5d3-authenticator-3.32.2/lib/python3.9/site-packages/Authenticator/widgets/window.py",
 line 55, in __init__
self.init_template('Window')
TypeError: () takes 0 positional arguments but 1 was given
==

The line that stuck out to me was this one:

```
gi.repository.GLib.GError: g-dbus-error-quark: The name
org.freedesktop.secrets was not provided by any .service files (2)
```

A little web searching led me to understand that I need to have the
`gnome-keyring` daemon running. (I wish that had been in the package
documentation.)

Okay, so I reviewed the Guix manual, and I found this info:

==
 -- Variable: gnome-keyring-service-type
 This is the type of the service that adds the GNOME Keyring
 (https://wiki.gnome.org/Projects/GnomeKeyring).  Its value is a
 ‘gnome-keyring-configuration’ object (see below).

 This service adds the ‘gnome-keyring’ package to the system profile
 and extends PAM with entries using