Bug#1060698: [Pkg-auth-maintainers] Bug#1060698: yubioath-desktop: Doesn't see yubikeys anymore.

2024-01-14 Thread Sébastien Noel 

Hi Florian,

Le 2024-01-14 13:51, Florian Schlichting a écrit :

Hi Sébastien,

thank you for the patch. I'm not opposed to applying it. In my
superficial testing, it seems to work well. I'm not a user of
yubioath-desktop, though, and while I can help with an occasional
upload, I don't want to feel responsible for it.

Are you able to keep an eye on yubioath-desktop in Debian and, if
necessary, respond to upcoming issues?


for what it's worth, i have been running yubioath with this patch
for ~11 months, so I would feel confident to ship it in Debian
and take responsibility for it


Do you want to submit your patch upstream, so that we can see what they
think, and other distributions can find your work?


Upstream doesn't seems interested; all they do on github is to tag 
issue/mr

about the old codebase with the 'legacy' label & close the issue.

my patches are available here:
https://github.com/twolife/yubioath-desktop-legacy/


Florian


br,
Sébastien

Bug#1060698: [Pkg-auth-maintainers] Bug#1060698: yubioath-desktop: Doesn't see yubikeys anymore.

2024-01-14 Thread Florian Schlichting 
Hi Sébastien,

On Sat, Jan 13, 2024 at 01:34:44PM +0100, Sébastien Noel wrote:
> On Sat, 13 Jan 2024 11:26:50 +0100 Florian Schlichting
>  wrote:
> >
> > [...]
> > While it might be possible to patch py/yubikey.py to work with the
> > interface changes in current python3-ykman, I doubt this is a
> > sensible thing to do if upstream has decided to abandon
> > the QT version.
> 
> in case you are interested, you can find the patch in attachement

thank you for the patch. I'm not opposed to applying it. In my
superficial testing, it seems to work well. I'm not a user of
yubioath-desktop, though, and while I can help with an occasional
upload, I don't want to feel responsible for it.

Are you able to keep an eye on yubioath-desktop in Debian and, if
necessary, respond to upcoming issues?

Do you want to submit your patch upstream, so that we can see what they
think, and other distributions can find your work?

Florian

Bug#1060698: [Pkg-auth-maintainers] Bug#1060698: yubioath-desktop: Doesn't see yubikeys anymore.

2024-01-13 Thread Sébastien Noel 
On Sat, 13 Jan 2024 11:26:50 +0100 Florian Schlichting
 wrote:
>
> [...]
> While it might be possible to patch py/yubikey.py to work with the
> interface changes in current python3-ykman, I doubt this is a
> sensible thing to do if upstream has decided to abandon
> the QT version.

in case you are interested, you can find the patch in attachement

br,
Sébastien
From 5660af2838fef22b53e9c7c47381755e96dcdc52 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Noel?= 
Date: Sat, 25 Feb 2023 17:59:48 +0100
Subject: [PATCH] Compatibility for ykman 5

---
 py/yubikey.py | 93 ++-
 1 file changed, 84 insertions(+), 9 deletions(-)

diff --git a/py/yubikey.py b/py/yubikey.py
index 592f215..bfec19b 100644
--- a/py/yubikey.py
+++ b/py/yubikey.py
@@ -20,9 +20,7 @@
 
 from fido2.ctap import CtapError
 from fido2.ctap2 import Ctap2, ClientPin, FPBioEnrollment, CredentialManagement, CaptureError
-from ykman.device import scan_devices, list_all_devices, connect_to_device, get_name, read_info
 from ykman.pcsc import list_readers, list_devices as list_ccid
-from ykman.otp import PrepareUploadFailed, generate_static_pw, prepare_upload_key, time_challenge, format_oath_code
 from ykman.settings import AppData
 from ykman.oath import is_hidden, is_steam, calculate_steam
 from ykman.scancodes import KEYBOARD_LAYOUT, encode
@@ -44,6 +42,18 @@
 
 import pyotherside
 
+from ykman import __version__ as ykman_v
+
+if int(ykman_v.split(".")[0] ) > 4:
+from yubikit.support import get_name, read_info
+from ykman.device import list_all_devices, scan_devices
+from ykman.otp import (
+_PrepareUploadFailed as PrepareUploadFailed
+, _prepare_upload_key as prepare_upload_key, generate_static_pw, time_challenge, format_oath_code)
+else:
+from ykman.device import scan_devices, list_all_devices, get_name, read_info
+from ykman.otp import PrepareUploadFailed, generate_static_pw, prepare_upload_key, time_challenge, format_oath_code
+
 
 logger = logging.getLogger(__name__)
 
@@ -193,7 +203,22 @@ def _open_device(self, connection_types=[SmartCardConnection, FidoConnection, Ot
 return dev.open_connection(connection_types[0])
 else:
 raise ValueError('no_device_custom_reader')
-return connect_to_device(self._current_serial, connection_types=connection_types)[0]
+
+if int(ykman_v.split(".")[0] ) > 4:
+devs = list_all_devices(connection_types)
+if len(devs) == 0:
+raise Exception("No YubiKey connected")
+elif len(devs) != 1:
+raise Exception("More than one YubiKey connected")
+dev, info2 = devs[0]
+
+for conn_type in connection_types:
+try:
+return dev.open_connection(conn_type)
+except Exception:
+logger.debug(f"Failed connecting to the YubiKey over {conn_type}", exc_info=True)
+else:
+return connect_to_device(self._current_serial, connection_types=connection_types)[0]
 
 def _open_oath(self):
 if self._reader_filter:
@@ -203,7 +228,16 @@ def _open_oath(self):
 else:
 raise ValueError('no_device_custom_reader')
 
-return connect_to_device(self._current_serial, [SmartCardConnection])[0]
+if int(ykman_v.split(".")[0] ) > 4:
+devs = list_all_devices([SmartCardConnection])
+if len(devs) == 0:
+raise Exception("No YubiKey connected")
+elif len(devs) != 1:
+raise Exception("More than one YubiKey connected")
+dev, info2 = devs[0]
+return dev.open_connection(SmartCardConnection)
+else:
+return connect_to_device(self._current_serial, [SmartCardConnection])[0]
 
 def is_win_non_admin(self):
 return success({'winNonAdmin': self._win_non_admin})
@@ -284,7 +318,39 @@ def _get_version(dev):
 supported_interfaces = interfaces_from_capabilities(
 info.supported_capabilities.get(TRANSPORT.USB))
 
-return {
+if int(ykman_v.split(".")[0] ) > 4:
+  return {
+'name': get_name(info, dev.pid.yubikey_type),
+'version': _get_version(info),
+'serial': info.serial or '',
+'usbAppEnabled': [
+a.name for a in CAPABILITY
+if a in info.config.enabled_capabilities.get(TRANSPORT.USB)],
+'usbAppSupported': [
+a.name for a in CAPABILITY
+if a in info.supported_capabilities.get(TRANSPORT.USB)],
+'nfcAppEnabled': [
+a.name for a in CAPABILITY
+if a in info.config.enabled_capabilities.get(TRANSPORT.NFC, [])],
+'nfcAppSupported': [
+a.name for a in CAPABILITY
+if a in info.supported_capabilities.get(TRANSPORT.NFC, [])],
+

Bug#1060698: [Pkg-auth-maintainers] Bug#1060698: yubioath-desktop: Doesn't see yubikeys anymore.

2024-01-13 Thread Florian Schlichting 
Hi Freagarach,

On Sat, Jan 13, 2024 at 07:40:42AM +0100, Freagarach wrote:
> since yesterday the problem holding back python3-ykman (and related packages) 
> was resolved, I upgraded my system today.
> When trying to use the GUI for yubikeys (this package), my yubikeys were not 
> shown. I could use the terminal (yubikey-manager CLI) to do my tasks.
> 
> It seems that this package relies on a lower version of its dependencies. I 
> can't really test due to the dependency issues that introduces.

apparently, yes. Starting yubioath-desktop from the commandline, I get

$  yubioath-desktop
qrc:/qml/main.qml:305:5: QML Shortcut: Shortcut: Only binding to one of 
multiple key bindings associated with 7. Use 'sequences: [  ]' to bind to 
all of them.
qrc:/qml/main.qml:297:5: QML Shortcut: Shortcut: Only binding to one of 
multiple key bindings associated with 9. Use 'sequences: [  ]' to bind to 
all of them.
Qt Quick Layouts: Detected recursive rearrange. Aborting after two iterations.
Qt Quick Layouts: Detected recursive rearrange. Aborting after two iterations.
"PyOtherSide error: Traceback (most recent call last):\n\n  File 
\"qrc:///py/yubikey.py\", line 23, in \nfrom ykman.device import 
scan_devices, list_all_devices, connect_to_device, get_name, 
read_info\n\nImportError: cannot import name 'connect_to_device' from 
'ykman.device' (/usr/lib/python3/dist-packages/ykman/device.py)\n"
Unhandled PyOtherSide error: Cannot import module: yubikey (Traceback (most 
recent call last):

  File "qrc:///py/yubikey.py", line 23, in 
from ykman.device import scan_devices, list_all_devices, connect_to_device, 
get_name, read_info

ImportError: cannot import name 'connect_to_device' from 'ykman.device' 
(/usr/lib/python3/dist-packages/ykman/device.py)
)
"PyOtherSide error: Traceback (most recent call last):\n\n  File \"\", 
line 1, in \n\nNameError: name 'yubikey' is not defined\n"
Unhandled PyOtherSide error: Function not found: 'yubikey.init' (Traceback 
(most recent call last):

  File "", line 1, in 

NameError: name 'yubikey' is not defined
)
"PyOtherSide error: Traceback (most recent call last):\n\n  File \"\", 
line 1, in \n\nNameError: name 'yubikey' is not defined\n"
Unhandled PyOtherSide error: Function not found: 
'yubikey.controller.check_descriptors' (Traceback (most recent call last):

  File "", line 1, in 

NameError: name 'yubikey' is not defined
)
qml: TypeError: Cannot read property 'success' of undefined undefined
"PyOtherSide error: Traceback (most recent call last):\n\n  File \"\", 
line 1, in \n\nNameError: name 'yubikey' is not defined\n"
Unhandled PyOtherSide error: Function not found: 
'yubikey.controller.is_win_non_admin' (Traceback (most recent call last):

  File "", line 1, in 

NameError: name 'yubikey' is not defined
)
qml: TypeError: Cannot read property 'winNonAdmin' of undefined undefined


> I know there is #1034701, so this report might be considered an escalation of 
> that, but I'm not too comfortable (yet) with Debian policies.

I fear this means the end of yubioath-desktop in Debian, as long as
flutter isn't packaged (see #931793). The "legacy" branch on Github
doesn't seem to have received any commits since the release of version
6.0.0. While it might be possible to patch py/yubikey.py to work with the
interface changes in current python3-ykman, I doubt this is a sensible
thing to do if upstream has decided to abandon the QT version.

Florian