FS#58248 - [yubikey-manager] Broken package caused by missing dependence after update to 0.6.1-1

Attached to Project: Community Packages
Opened by Tommy Schmitt (spinka) - Tuesday, 17 April 2018, 12:50 GMT
Last edited by Christian Hesse (eworm) - Monday, 23 April 2018, 17:58 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Christian Hesse (eworm)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

Description:

New upstream release requires python fido2 library[1]

Additional info:

* package version(s): 0.6.1-1

Steps to reproduce:

$ ykman list
Traceback (most recent call last):
File "/usr/bin/ykman", line 6, in <module>
from pkg_resources import load_entry_point
File "/usr/lib/python3.6/site-packages/pkg_resources/__init__.py", line 3088, in <module>
@_call_aside
File "/usr/lib/python3.6/site-packages/pkg_resources/__init__.py", line 3072, in _call_aside
f(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/pkg_resources/__init__.py", line 3101, in _initialize_master_working_set
working_set = WorkingSet._build_master()
File "/usr/lib/python3.6/site-packages/pkg_resources/__init__.py", line 574, in _build_master
ws.require(__requires__)
File "/usr/lib/python3.6/site-packages/pkg_resources/__init__.py", line 892, in require
needed = self.resolve(parse_requirements(requirements))
File "/usr/lib/python3.6/site-packages/pkg_resources/__init__.py", line 778, in resolve
raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'fido2' distribution was not found and is required by yubikey-manager

[1] https://github.com/Yubico/yubikey-manager/releases/tag/yubikey-manager-0.6.1
This task depends upon

Closed by  Christian Hesse (eworm)
Monday, 23 April 2018, 17:58 GMT
Reason for closing:  Fixed
Additional comments about closing:  yubikey-manager 0.6.1-2
Comment by Tommy Schmitt (spinka) - Tuesday, 17 April 2018, 13:24 GMT
The required library is here: https://github.com/Yubico/python-fido2
Perhaps libu2f-host dependence can be dropped.
Comment by Tommy Schmitt (spinka) - Wednesday, 18 April 2018, 09:56 GMT
python-fido2 is available in AUR: https://aur.archlinux.org/packages/python-fido2/ and users confirm that installing it solves issue. It have to be adopted to community. Keep in mind that this issue breaks every app that depend on yubikey-manager.
Comment by Christian Hesse (eworm) - Wednesday, 18 April 2018, 21:41 GMT
The python-fido2 AUR package ships a gpg signature. Can anybody tell my where this is from?
Comment by Michael Moore (mmoore) - Thursday, 19 April 2018, 13:48 GMT
@Christian
It is from Emil Lundberg (emil@yubico.com), 35D27C48F0A08CA47D95398EDB2868F3A95F2781.
See also https://developers.yubico.com/Software_Projects/Software_Signing.html
Comment by Christian Hesse (eworm) - Thursday, 19 April 2018, 14:26 GMT
Yes, I know where or how to get the keys.
The question is where the *signature* file comes from.

The tarball is downloaded from github.com, but there is no signature file.
Comment by Eli Schwartz (eschwartz) - Thursday, 19 April 2018, 17:01 GMT
The AUR maintainer is also a yubico developer, and generates those specifically for the AUR. -_-

I've left a comment on the AUR details page.
Comment by Tommy Schmitt (spinka) - Friday, 20 April 2018, 18:05 GMT
Signature are on github now https://github.com/Yubico/python-fido2/releases/tag/0.3.0

Loading...