Bug#982533: Bug#981804: yubioath-desktop: fails to read yubikey
On Thu, Feb 11, 2021 at 11:37:57AM +0100, nicoo wrote: > Please let me know whether the upcoming version of ykman fixes things for you. PS: Tested locally (to check there's no regression w/ yubioath-desktop or non-Neo hardware) and uploaded. signature.asc Description: PGP signature
Bug#981804: [Pkg-auth-maintainers] Bug#981804: yubioath-desktop: fails to read yubikey
Control: clone -1 -2 Control: reassign -2 yubikey-manager Control: retitle -2 HOTP operations yield extraneous digits in auth code Control: severity -2 important On Thu, Feb 11, 2021 at 04:59:23AM +, Taowa wrote: > Upstream has, as of a few hours ago, released a > fix to yubikey-manager, I suspect nicoo will > upload it tomorrow or some time soon. It is > currently very early morning in their timezone ;). Correct :) Apologies, again, for missing that bug the first time around: it only occurs on Yubikey Neo; as I do not own that specific device, I entirely missed it in my testing. Please let me know whether the upcoming version of ykman fixes things for you. Best, nicoo signature.asc Description: PGP signature
Bug#981804: [Pkg-auth-maintainers] Bug#981804: yubioath-desktop: fails to read yubikey
Responding from my phone since my computer is off and I'm about to sleep, my apologies for the bad formatting. Glad to hear it works! Upstream has, as of a few hours ago, released a fix to yubikey-manager, I suspect nicoo will upload it tomorrow or some time soon. It is currently very early morning in their timezone ;). Taowa 10 Feb 2021 23:50:01 Jason Hernandez : > Hi Taowa, > > Thank you! I tested using the last six digits in the UI and that was accepted > by a login provider (Github). Hopefully upstream fixes this issue quickly. > Let me know if you want me to file a separate bug. I think the severity is > reduced with this workaround. > > Best regards, > Jason Hernandez (he/him) > > > On Wed, Feb 10, 2021 at 10:37 AM Taowa wrote: >> Hello, >> >> Jason Hernandez, 2021-02-10 10:03 -0500: >>> I believe the fix for this bug may be incomplete. >>> This version is generating 9-10 digit codes instead of the standard 6 digit >>> codes on my machine when using the CCID interface with a Yubikey NEO. These >>> 9-10 digit codes fail verification and make the package unusable. >> >> See the upstream bug at [1]. They're aware of the issue and working on a >> fix for it :). >> >> In the meantime, the report seems to suggest that the last six digits of >> the TOTP code generated are valid. If you have a moment, please try it >> and get back to me as to whether that's true. >> >> Thanks, >> Taowa >> >> >> [1] https://github.com/Yubico/yubioath-desktop/issues/693 >> >> -- >> Taowa (they) >> LOC FN35EM
Bug#981804: [Pkg-auth-maintainers] Bug#981804: yubioath-desktop: fails to read yubikey
Hi Taowa, Thank you! I tested using the last six digits in the UI and that was accepted by a login provider (Github). Hopefully upstream fixes this issue quickly. Let me know if you want me to file a separate bug. I think the severity is reduced with this workaround. Best regards, Jason Hernandez (he/him) On Wed, Feb 10, 2021 at 10:37 AM Taowa wrote: > Hello, > > Jason Hernandez, 2021-02-10 10:03 -0500: > > I believe the fix for this bug may be incomplete. > > This version is generating 9-10 digit codes instead of the standard 6 > digit > > codes on my machine when using the CCID interface with a Yubikey NEO. > These > > 9-10 digit codes fail verification and make the package unusable. > > See the upstream bug at [1]. They're aware of the issue and working on a > fix for it :). > > In the meantime, the report seems to suggest that the last six digits of > the TOTP code generated are valid. If you have a moment, please try it > and get back to me as to whether that's true. > > Thanks, > Taowa > > > [1] https://github.com/Yubico/yubioath-desktop/issues/693 > > -- > Taowa (they) > LOC FN35EM >
Bug#982348: Bug#981804: yubioath-desktop: fails to read yubikey
Hi Nicoo, > Being an alpha version is not a bug. This was coordinated with upstream, > who is working to ensure there's a final 4.0 release soon. You might want to talk with release managers about this, not upstream. > Yes, there is a UI bug in yubioath-desktop now (extraneous data getting > displayed), which is getting fixed as we speak. Git commit released I tried to use your git repo, it is a mess, complete mess: - the orig tar ball has no top level directory if you unpack it manually - you cannot do apt-get source followed by dpkg-buildpackage -us -uc -rfakeroot, since source building fails You override the auto_clean target and link setup.py from debian/ to . That works only once, and the change cannot be represented in the source building The only way to build such a package is using dpkg-source -b . You might look into proper packaging practices ... > Exactly as is currently going on: fixing the one remaining bug. > Throwing tantrums and opening spurious Severity: serious bugs is only making a > larger mess. Again, I don't play ping-pong with severities, but this change has broken other software in a serious way. You interpretation may vary, anyway. > Moving to fido2 0.9 and ykman 4.0a1 was a deliberate move: I discussed with > upstream and they moved up their release schedule in order to accomodate the > Debian bullseye release. Again, you should talk to release managers about this, not upstream. I could have packaged Plasma 5.20.90 for bullseye ... that is beta and not alpha ... and still I not even upload it to experimental. > I'm aware the timing isn't ideal, but it's the best that could be done. For what? What is the gain? Anyway, I have fixed it in my personal repo and uploaded fixed ykman packages to my personal repo. For me personally I don't care, I can fix these things myself. But I just hope that bullseye users won't be left out. Enjoy Norbert -- PREINING Norbert https://www.preining.info Fujitsu Research Labs + IFMGA Guide + TU Wien + TeX Live + Debian Dev GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
Bug#981804: [Pkg-auth-maintainers] Bug#981804: yubioath-desktop: fails to read yubikey
Hello, Jason Hernandez, 2021-02-10 10:03 -0500: > I believe the fix for this bug may be incomplete. > This version is generating 9-10 digit codes instead of the standard 6 digit > codes on my machine when using the CCID interface with a Yubikey NEO. These > 9-10 digit codes fail verification and make the package unusable. See the upstream bug at [1]. They're aware of the issue and working on a fix for it :). In the meantime, the report seems to suggest that the last six digits of the TOTP code generated are valid. If you have a moment, please try it and get back to me as to whether that's true. Thanks, Taowa [1] https://github.com/Yubico/yubioath-desktop/issues/693 -- Taowa (they) LOC FN35EM
Bug#981804: yubioath-desktop: fails to read yubikey
Package: yubioath-desktop Version: 5.0.4+post1-1 Followup-For: Bug #981804 X-Debbugs-Cc: saltthefries+deb...@gmail.com Dear Maintainer, I believe the fix for this bug may be incomplete. This version is generating 9-10 digit codes instead of the standard 6 digit codes on my machine when using the CCID interface with a Yubikey NEO. These 9-10 digit codes fail verification and make the package unusable. I am running this on bullseye, with this package manually pulled in from Sid. Please let me know if you would like me to gather some additional information or open a separate bug. Steps to reproduce issue: 1. Open yubioath-desktop 2. Insert Yubikey NEO into USB port 3. Observe OTP codes presented by the application are 9 or 10 digits [expected outcome: 6 digit codes] Additional context (probably not relevant) - this is the output to the terminal when I launch this from an xterm: $ yubioath-desktop Warning: Ignoring XDG_SESSION_TYPE=wayland on Gnome. Use QT_QPA_PLATFORM=wayland to run on Wayland anyway. QSocketNotifier: Can only be used with threads started with QThread Got library name: "/usr/lib/x86_64-linux- gnu/qt5/qml/io/thp/pyotherside/libpyothersideplugin.so" QSGTextureAtlas: texture atlas allocation failed, code=501 Please advise if you would prefer I file a separate bug or need any additional data from my end. Thank you! -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (990, 'testing'), (990, 'stable'), (110, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-3-amd64 (SMP w/4 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages yubioath-desktop depends on: ii libc6 2.31-9 ii libgcc-s1 10.2.1-6 ii libqt5core5a 5.15.2+dfsg-4 ii libqt5gui5 5.15.2+dfsg-4 ii libqt5qml5 5.15.2+dfsg-4 ii libqt5quick5-gles 5.15.2+dfsg-2 ii libqt5quickcontrols2-5 5.15.2+dfsg-2 ii libqt5widgets5 5.15.2+dfsg-4 ii libstdc++6 10.2.1-6 ii pcscd 1.9.0-1 ii python3-yubikey-manager4.0.0~a1-1 ii qml-module-io-thp-pyotherside 1.5.9-2+b3 ii qml-module-qt-labs-platform5.15.2+dfsg-2 ii qml-module-qt-labs-settings5.15.2+dfsg-4 ii qml-module-qtquick-controls5.15.2-2 ii qml-module-qtquick-controls2 5.15.2+dfsg-2 ii qml-module-qtquick-dialogs 5.15.2-2 yubioath-desktop recommends no packages. yubioath-desktop suggests no packages. -- no debconf information
Bug#982348: Bug#981804: yubioath-desktop: fails to read yubikey
Control: severity -1 normal Control: tag -1 + wontfix Norbert, On Tue, Feb 09, 2021 at 02:47:51PM +0900, Norbert Preining wrote: > that looks now really bad considering that > - you packaged an alpha version of yubikey-manager > - the alpha version transitioned to testing Being an alpha version is not a bug. This was coordinated with upstream, who is working to ensure there's a final 4.0 release soon. > - yubioauth-desktop remains broken Yes, there is a UI bug in yubioath-desktop now (extraneous data getting displayed), which is getting fixed as we speak. > - the last properly released version of yubikey-manager is 3.1.2 which > was released bit of 2 weeks ago Since you are so interested in the minutia of packaging the Yubico ecosystem, you could have looked at that release, and saw it only adds a flag marking it as incompatible with fido2 0.9. It would have made little sense to “update” from 3.1.1 to 3.1.2. > How do you plan to clean up this mess, in particular considering that > freeze is immiment? Exactly as is currently going on: fixing the one remaining bug. Throwing tantrums and opening spurious Severity: serious bugs is only making a larger mess. Moving to fido2 0.9 and ykman 4.0a1 was a deliberate move: I discussed with upstream and they moved up their release schedule in order to accomodate the Debian bullseye release. I did so because this lets me get rid of all C dependencies, including a few which have had recurring issues (both packaging and security). > Uploading an alpha version close before freeze deadline wasn't the best > idea I have to say. > > I would suggest reuploading 3.1.2 as 4.0.0~a1+really3.1.2-1 or something > similar. I'm aware the timing isn't ideal, but it's the best that could be done. I would suggest being a little more patient and letting maintainers actually maintain. nicoo signature.asc Description: PGP signature
Bug#981804: yubioath-desktop: fails to read yubikey
Hi yubioath-desktop is now uploaded, but exhibits another bug that adds additional digits at the beginning with (some? all?) older keys. See https://github.com/Yubico/yubioath-desktop/issues/693 According to the issue, this needs to be fixed in ykman, so there is the need to upload a new version of ykman with this fix. Best regards Norbert -- PREINING Norbert https://www.preining.info Fujitsu Research Labs + IFMGA Guide + TU Wien + TeX Live + Debian Dev GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
Bug#981804: yubioath-desktop: fails to read yubikey
Hi. Thanks for identifying and explaining this bug. I tried to workaround by installing older packages but failed. I found out that apt preferences need to be split into two separate files: # /etc/apt/preferences.d/yubikey-manager # Workaround for #981804, delete when fixed Package: python3-ykman python3-yubikey-manager yubikey-manager Pin: version 3.* Pin-Priority: 999 # /etc/apt/preferences.d/python3-fido2 # Workaround for #981804, delete when fixed Package: python3-fido2 Pin: version 0.8.* Pin-Priority: 999 I looked at the changelog to find the previous versions. https://metadata.ftp-master.debian.org/changelogs//main/y/yubikey-manager/testing_changelog => 3.1.1-3 https://metadata.ftp-master.debian.org/changelogs/main/p/python-fido2/testing_changelog => 0.8.1-2 Installing the packages using these versions fails because they were not found: apt install python3-ykman=3.1.1-3 python3-yubikey-manager=3.1.1-3 python3-fido2=0.8.1 Reading package lists... Done Building dependency tree Reading state information... Done E: Version '3.1.1-3' for 'python3-ykman' was not found E: Version '3.1.1-3' for 'python3-yubikey-manager' was not found E: Version '0.8.1' for 'python3-fido2' was not found Can you spot an error here? My workaround for this was to download the packages from the snaphot server and install them using "dpkg -i" http://snapshot.debian.org/package/yubikey-manager/3.1.1-3/ http://snapshot.debian.org/package/python-fido2/0.8.1-2/ -- cheers, Steffen
Bug#981804: yubioath-desktop: fails to read yubikey
yubioath-desktop got a fix that works with both ykman version 3 and verison 4. I have sent a MR on salsa to include the new upstream version (there are also updates in the pristine-tar and upstream branches). I have confirmed that the new version works with both ykman, and after I have updated to the current version of ykman 4 it still continues to work. Please consider uploading this rather soon to get the fix into bullseye. Thanks Norbert -- PREINING Norbert https://www.preining.info Fujitsu Research Labs + IFMGA Guide + TU Wien + TeX Live + Debian Dev GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
Bug#981804: yubioath-desktop: fails to read yubikey
clone 981804 -1 reassign -1 yubikey-manager retitle -1 breaks unrelated software and is alpha version severity -1 serious thanks Hi nicoo, that looks now really bad considering that - you packaged an alpha version of yubikey-manager - the alpha version transitioned to testing - yubioauth-desktop remains broken - the last properly released version of yubikey-manager is 3.1.2 which was released bit of 2 weeks ago How do you plan to clean up this mess, in particular considering that freeze is immiment? Uploading an alpha version close before freeze deadline wasn't the best idea I have to say. I would suggest reuploading 3.1.2 as 4.0.0~a1+really3.1.2-1 or something similar. Best Norbert -- PREINING Norbert https://www.preining.info Fujitsu Research Labs + IFMGA Guide + TU Wien + TeX Live + Debian Dev GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
Bug#981804: yubioath-desktop: fails to read yubikey
Any chance this bug is the root cause of https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982157 ?
Bug#981804: yubioath-desktop: fails to read yubikey
Hi > > > — > > > https://github.com/Yubico/yubioath-desktop/issues/693#issuecomment-773096570 BTW, you should upload the packages with Breaks: yubioauth-desktop (<< whatever.version) to ensure other people don't fall into the same trap. Best Norbert -- PREINING Norbert https://www.preining.info Fujitsu Research Labs + IFMGA Guide + TU Wien + TeX Live + Debian Dev GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
Bug#981804: yubioath-desktop: fails to read yubikey
Hi Nicoo, > > — > > https://github.com/Yubico/yubioath-desktop/issues/693#issuecomment-773096570 Thanks for the info, that helps a lot. I will downgrade for the time being. Thanks for all you work on that! Best Norbert -- PREINING Norbert https://www.preining.info Fujitsu Research Labs + IFMGA Guide + TU Wien + TeX Live + Debian Dev GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
Bug#981804: yubioath-desktop: fails to read yubikey
Hi Norbert, On Thu, Feb 04, 2021 at 08:55:56AM +0900, Norbert Preining wrote: > A flush of updates came in, besides that some yubi package updates, > and this morning the yubioath desktop application does not recognize my > yubikey (4, USB) anymore. No reaction. Yesterday it was still working. My bad, I packaged the new versions of fido2 and yubikey-manager, and didn't think to test yubioath-desktop (as I do not use or maintain it). Upstream is aware of the issue, and will publish a fixed version: > We are working on a new version that will be compatible with the new ykman. > However, it is not fully complete yet. > — https://github.com/Yubico/yubioath-desktop/issues/693#issuecomment-773096570 Thanks for reporting this issue, and bearing with the inconvenience as we fix this. You should be able to work around the issue by installing the older versions of the packages and pinning them like so: # /etc/apt/preferences.d/yubioath-desktop # Workaround for #981804, delete when fixed Package: python3-ykman python3-yubikey-manager yubikey-manager Pin: version 3.* Pin-Priority: 999 Package: python3-fido2 Pin: version 0.8.* Pin-Priority: 999 In advance, thanks for your patience while we fix this. Best, nicoo signature.asc Description: PGP signature
Bug#981804: yubioath-desktop: fails to read yubikey
It seems some Python files got missing, the stderr gives nhandled PyOtherSide error: Cannot import module: yubikey (Traceback (most recent call last): File "qrc:///py/yubikey.py", line 12, in from ykman.descriptor import ( ModuleNotFoundError: No module named 'ykman.descriptor' ) Unhandled PyOtherSide error: Function not found: 'yubikey.init' (Traceback (most recent call last): File "", line 1, in NameError: name 'yubikey' is not defined ... Best Norbert -- PREINING Norbert https://www.preining.info Fujitsu Research Labs + IFMGA Guide + TU Wien + TeX Live + Debian Dev GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
Bug#981804: yubioath-desktop: fails to read yubikey
Package: yubioath-desktop Version: 5.0.4-2 Severity: grave Justification: renders package unusable X-Debbugs-Cc: norb...@preining.info Hi all, A flush of updates came in, besides that some yubi package updates, and this morning the yubioath desktop application does not recognize my yubikey (4, USB) anymore. No reaction. Yesterday it was still working. [~] ykls Reader: Yubico Yubikey NEO OTP+U2F+CCID 00 00 Version: 0.1.3 Thanks Norbert -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.13 (SMP w/4 CPU threads) Kernel taint flags: TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages yubioath-desktop depends on: ii libc6 2.31-9 ii libgcc-s1 10.2.1-6 ii libqt5core5a 5.15.2+dfsg-4 ii libqt5gui5 5.15.2+dfsg-4 ii libqt5qml5 5.15.2+dfsg-3 ii libqt5quick5 5.15.2+dfsg-3 ii libqt5quickcontrols2-5 5.15.2+dfsg-2 ii libqt5widgets5 5.15.2+dfsg-4 ii libstdc++6 10.2.1-6 ii pcscd 1.9.0-1 ii python3-yubikey-manager4.0.0~a1-1 ii qml-module-io-thp-pyotherside 1.5.9-2+b3 ii qml-module-qt-labs-platform5.15.2+dfsg-2 ii qml-module-qt-labs-settings5.15.2+dfsg-3 ii qml-module-qtquick-controls5.15.2-2 ii qml-module-qtquick-controls2 5.15.2+dfsg-2 ii qml-module-qtquick-dialogs 5.15.2-2 yubioath-desktop recommends no packages. yubioath-desktop suggests no packages. -- no debconf information