Hi Jack, Jack Hill <[email protected]> writes:
> Thanks Mark and Chris for you replies, It's good to know I'm not alone! > On Mon, 28 Oct 2019, Mark H Weaver wrote: > >> It might be a bug, or possibly a side effect of IceCat's changes to >> the default settings compared with upstream Firefox. Here are those >> changes: >> >> https://git.savannah.gnu.org/cgit/gnuzilla.git/tree/data/settings.js?h=68 >> >> As a first step, I would suggest fiddling with those settings that >> IceCat changed, starting with the ones that seem most likely to be >> related. > > I didn't see anything obvious in those settings. Sometimes, a non-obvious setting can cause problems. For example, some websites don't behave correctly if you've set privacy.resistFingerprinting to true. I've also had problems logging into some websites when network.http.referer.spoofSource is set to true. But I've experienced my U2F (the relation to WebAuthn is a bit confusing to me, and I should probably learn more) problem even when these are set to false. >> You might also try bringing up the "Web Console" immediately after the >> failure, either by typing Ctrl-Shift-K or via the "Web Developer" >> submenu of the "Tools" menu. (Press and release 'Alt' by itself to show >> the menu bar). Any errors shown here may give you hints about which >> settings above to fiddle with. > > I haven't had a chance to investigate more yet, and I wouldn't have > known where to start, but now I do, so thanks! When my U2F problem occurs, I've checked the "Web Console". I looked at the messages, mainly. Using the latest IceCat "preview" available in Guix (so, ESR 68), nothing of note is emitted here, unfortunately. > On Sun, 3 Nov 2019, Chris Marusich wrote: > >> I noticed a similar problem a few months ago. It's still an issue. I >> looked into it at the time, but I never found a smoking gun. I may very >> well have missed something. My hope is that by upgrading IceCat to a >> later ESR release, the issue will go away. > > I'm glad it's not just me :) I, too, had hoped that the new ESR would > have solved the problem. > >> If you have a simple set of steps to reproduce the behavior, that would >> be helpful. I never found the time to create a simple reproduction case >> for the issue I observed, which is why I never reported it. > > Unfortunately, I don't have a minimal reproducer now, but did want to > confirm that it was supposed to work before investigating. To reiterate, the specific problem I see is this. I go to a website that uses two-factor authentication. I know it works - with my specific YubiKey token - because the website works fine in Firefox on other systems. But in IceCat 68, when I try to log in, I get a pop-up (modal? not sure what the proper term is) with this error: "Unknown U2F Error" I'm typing that from memory, so it might actually be "Unknown U2F Exception"; I'm not 100% sure. But it's definitely a little window that appears, which says something along those lines, with no additional information. Is this the same problem you see, Jack? I have double checked a lot of things. For example, I double checked the following on my Guix system: - The udev rules from libu2f-host are installed. - My YubiKey token is usable via other mechanisms: - I can load the SSH key stored within it via "ssh-add -s", using the OpenSC PKCS11 library, and I can SSH into machines using it. - I can access the YubiKey via tools such as "ykinfo" and "yubico-piv-tool". - In about:config, security.webauth.u2f is set to true. The big issue for me is that I have no idea how to investigate further. I really wish I could figure out how to extract more information from IceCat, so I could figure out precisely where the problem is occurring, and follow the trail of bread crumbs from there. I have even tried grepping the IceCat source (from "guix build -S icecat") for the string "Unknown U2F Error", but it yields no results. If anyone here can provide advice on how to collect more information about what direction the problem is coming from, I'd really appreciate it. Since I can't find references to that error message in the IceCat 68 source, I'm thinking the error probably comes from something else. Maybe a dependency that IceCat is calling out to, or perhaps even a JavaScript library. Judging by the URLs IceCat loads, I think it might be using some version of the following file to do the U2F logic (IceCat loaded a file named "fidou2f.js", which is why I think this): https://github.com/rcdevs/openotp_authentication_owncloud/blob/master/js/fidou2f.js Any tips to debug this would be welcome, even if it's just a link to some tutorial on how to debug JavaScript that you find useful. I'm a total newbie when it comes to debugging JavaScript in IceCat (Firefox). I'm not even sure the error is coming from this JavaScript, anyway. Tips on how to debugging the non-JS portions of my problem seem more helpful at this point in time, honestly, but any tips would be great. Finally, I have a non-Guix GNU/Linux machine with Firefox, on which this problem does not occur, and I am able to log in correctly using my token (in Firefox). I will try building IceCat 68 from source manually on that distribution. If IceCat works there and I can log successfully, then that would suggest that my Guix system's configuration is somehow incorrect, and the problem is not within IceCat. This may take days or even weeks to complete, since it takes a very long time (hours to days) for me to build IceCat, and I do not have much free time to work on this. But I will try and report back. -- Chris
signature.asc
Description: PGP signature
