Here is the SRU for Focal.

I have built it successfully with Pbuilder. I installed the resulting
deb and confirmed the program still works as intended: I set up Dejadup
with my Google account, made a back-up there, and restored it.

** Patch added: "40.7-0ubuntu1--40.7-0ubuntu2.diff"
   
https://bugs.launchpad.net/ubuntu/+source/deja-dup/+bug/1973816/+attachment/5595610/+files/40.7-0ubuntu1--40.7-0ubuntu2.diff

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to deja-dup in Ubuntu.
https://bugs.launchpad.net/bugs/1973816

Title:
  Deja Dup's Google support will break in September 2022 for versions <
  43.3

Status in deja-dup package in Ubuntu:
  Fix Committed
Status in deja-dup source package in Focal:
  In Progress
Status in deja-dup source package in Jammy:
  Fix Released
Status in deja-dup package in Debian:
  New

Bug description:
  * Impact

  The method Deja-Dup is using to authentificate to google account will
  stop working in september.

  * Test case

  Configure deja-dup to do backups on a google drive account. After
  confirming the authorization through the web browser it should be
  possible to start the backup.

  Check on the webview that the files are correctly added.

  Restore some data and unsure that's working.

  * Regression potential

  The codepath is used for oauth authentification and integration with
  the system mimetype. Check that the webbrowser auth workflow works as
  expected, testing deb and snap based browsers

  ------------------------------------------

  Hello! I'm the maintainer of Deja Dup. I was recently made aware that
  Google is removing an oauth workflow that Deja Dup uses, in September.

  Here's their blog post about it:
  https://developers.googleblog.com/2022/02/making-oauth-flows-
  safer.html

  Here's the upstream bug about switching to a new oauth flow:
  https://gitlab.gnome.org/World/deja-dup/-/issues/222

  I've released version 43.3 with a new oauth workflow. This basically
  switches us from redirecting the oauth page to a local
  http://localhost:xxxx/ page being served by deja-dup and instead has
  the browser launch a custom URI like
  'com.googlecontent.xxx:/oauth2redirect?code=yyy', which then launches
  deja-dup and gives it the correct oauth token.

  The key differences for packagers is just to note that now deja-dup
  will register itself as a handler for those weird URI schemes (they
  are specific to deja-dup, as they include its client ids for the
  service).

  I think this deserves a backport to all supported releases. I can whip
  up a patch for you in a bit, just wanted to get this registered as an
  issue.

  To be a bit more specific about what will break:
  - Existing users that have already granted deja-dup access to Google will 
continue to work without any issue.
  - In August, users will see a warning on the oauth screen.
  - And then in September, any new attempt to connect deja-dup to Google will 
not work.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/deja-dup/+bug/1973816/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to