FS#76325 - [yubioath-desktop] breaks after yubikey-manager 5.0 update

Attached to Project: Community Packages
Opened by LEVAI Daniel (daniell) - Friday, 28 October 2022, 08:55 GMT
Last edited by Toolybird (Toolybird) - Friday, 04 November 2022, 20:25 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Morten Linderud (Foxboron)
Filipe Laíns (FFY00)
Architecture x86_64
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 9
Private No

Details

Description:
After yubikey-manager update 4.0.9-1 -> 5.0.0-1 yubioath-desktop breaks:
$ yubioath-desktop
Got library name: "/usr/lib/qt/qml/io/thp/pyotherside/libpyothersideplugin.so"
qrc:/qml/main.qml:361:5: QML Shortcut: Shortcut: Only binding to one of multiple key bindings associated with 66. Use 'sequences: [ <key> ]' to bind to all of them.
qrc:/qml/main.qml:353:5: QML Shortcut: Shortcut: Only binding to one of multiple key bindings associated with 4. Use 'sequences: [ <key> ]' to bind to all of them.
qrc:/qml/main.qml:297:5: QML Shortcut: Shortcut: Only binding to one of multiple key bindings associated with 9. Use 'sequences: [ <key> ]' to bind to all of them.
Qt Quick Layouts: Detected recursive rearrange. Aborting after two iterations.
Qt Quick Layouts: Detected recursive rearrange. Aborting after two iterations.
"PyOtherSide error: Traceback (most recent call last):\n\n File \"qrc:///py/yubikey.py\", line 23, in <module>\n from ykman.device import scan_devices, list_all_devices, connect_to_device, get_name, read_info\n\nImportError: cannot import name 'connect_to_device' from 'ykman.device' (/usr/lib/python3.10/site-packages/ykman/device.py)\n"
Unhandled PyOtherSide error: Cannot import module: yubikey (Traceback (most recent call last):

File "qrc:///py/yubikey.py", line 23, in <module>
from ykman.device import scan_devices, list_all_devices, connect_to_device, get_name, read_info

ImportError: cannot import name 'connect_to_device' from 'ykman.device' (/usr/lib/python3.10/site-packages/ykman/device.py)
)
"PyOtherSide error: Traceback (most recent call last):\n\n File \"<string>\", line 1, in <module>\n\nNameError: name 'yubikey' is not defined\n"
Unhandled PyOtherSide error: Function not found: 'yubikey.init' (Traceback (most recent call last):

File "<string>", line 1, in <module>

NameError: name 'yubikey' is not defined
)
"PyOtherSide error: Traceback (most recent call last):\n\n File \"<string>\", line 1, in <module>\n\nNameError: name 'yubikey' is not defined\n"
Unhandled PyOtherSide error: Function not found: 'yubikey.controller.check_descriptors' (Traceback (most recent call last):

File "<string>", line 1, in <module>

NameError: name 'yubikey' is not defined
)
"PyOtherSide error: Traceback (most recent call last):\n\n File \"<string>\", line 1, in <module>\n\nNameError: name 'yubikey' is not defined\n"
Unhandled PyOtherSide error: Function not found: 'yubikey.controller.is_win_non_admin' (Traceback (most recent call last):

File "<string>", line 1, in <module>

NameError: name 'yubikey' is not defined
)
qml: TypeError: Cannot read property 'success' of undefined undefined
qml: TypeError: Cannot read property 'winNonAdmin' of undefined undefined



I haven't spent much time digging into it but seems the python modules/sdk may have changed.


Additional info:
* package version(s)
yubikey-manager 5.0.0-1
yubioath-desktop 5.1.0-3

* config and/or log files etc.
* link to upstream bug report, if any

Steps to reproduce:
Just start yubioath-desktop with updated yubikey-manager.
This task depends upon

Closed by  Toolybird (Toolybird)
Friday, 04 November 2022, 20:25 GMT
Reason for closing:  Fixed
Additional comments about closing:  yubikey-manager 1:4.0.9-1
Comment by Sergio Conde (skgsergio) - Friday, 28 October 2022, 14:47 GMT
According to upstream yubioath-desktop wont support yubikey-manager 5.x until yubioath-desktop 6.x: https://github.com/Yubico/yubikey-manager/issues/523

yubikey-manager update to 5.x also broke yubikey-manager-qt:  FS#76323 
Comment by molec (molec) - Saturday, 29 October 2022, 08:02 GMT
As interim solution (until yubioath-desktop 6 is out), I downgraded yubikey-manager to the latest version 4 I had in pacman cache:

#> sudo pacman -U /var/cache/pacman/pkg/yubikey-manager-4.0.8-1-any.pkg.tar.zst

if you don't have it in cache, get latest yubikey-manager-4 from here: https://archive.archlinux.org/packages/y/yubikey-manager/yubikey-manager-4.0.9-1-any.pkg.tar.zst
Comment by molec (molec) - Saturday, 29 October 2022, 08:02 GMT
Suggestion by yubi dev for arch package maintainers:

"This is a problem with the Arch Linux package, which is not maintained or supported by Yubico. Until they resolve the issue I suggest you use the AppImage provided at https://developers.yubico.com/yubioath-desktop/Releases/. Downgrading to ykman 4 would also be a viable option.

All packages of Yubico Authenticator provided by Yubico have a compatible version of ykman included, and our recommendation is for third party packages to do the same. If this is against packaging guidelines they should at least be limiting dependencies within compatible versions according to Semantic Versioning."
Comment by Michel Koss (MichelKoss1) - Thursday, 03 November 2022, 17:26 GMT
Is there something blocking downgrade of yubikey-manager package? Two packages are broken since last week. I would expect more attention for this issue. Another thing is lack of testing before pushing update.
Comment by Morten Linderud (Foxboron) - Thursday, 03 November 2022, 17:49 GMT
Nothing is blocking the update, I've been busy and forgotten about this bug twice this week.

>Another thing is lack of testing before pushing update.

I tested `ykman` before publishing. I can commit to pushing this to `[community-testing]` instead of directly to `[community]` is anyone is actually committing to testing the yubico related packages.

Regardless, I'll take a quick stab at porting the python script to yubikey-manager 5.x before downgrading the package.
Comment by Michel Koss (MichelKoss1) - Thursday, 03 November 2022, 18:18 GMT
Hm, but you are listed as maintainer of https://archlinux.org/packages/community/x86_64/yubikey-manager-qt/ and you don't intend to test it when you do major update for it's core dependency? This isn't the first time yubico breaks api so 3.x->4 or 4.x->5 should ring the alarm bell.

AFAIK major updates elsewhere (i.e. openssl or llvm) are put on hold in order to ensure they are safe to land in the repos and I believe major updates of yubikey-manager should be treated the same especially when there are just two packages to test.

I don't want to blame anyone and I understand business of maintainers yet I think there is room for improvement for the future in case of yubikey-manager major upgrades.
Comment by Morten Linderud (Foxboron) - Thursday, 03 November 2022, 18:23 GMT
>Hm, but you are listed as maintainer of https://archlinux.org/packages/community/x86_64/yubikey-manager-qt/ and you don't intend to test it when you do major update for it's core dependency?

I don't use yubikey-manager-qt and didn't think much of it.

>AFAIK major updates elsewhere (i.e. openssl or llvm) are put on hold in order to ensure they are safe to land in the repos and I believe major updates of yubikey-manager should be treated the same especially when there are just two packages to test.

openssl and llvm will break entire ecosystems, and a bad update to openssl is going to break pacman.

This update has effectively just broken two GUI clients and the CLI tooling works perfectly fine. Please don't make such comparisons.
Comment by Michel Koss (MichelKoss1) - Thursday, 03 November 2022, 18:49 GMT
This update broke 2 out of 2 clients using it. If there was 50 clients it would break 50. It's the same 100% of broken dependants. ykman is part of yubikey-manger itself so it's not surprise it works. Working openssl command isn't enough to bring in new openssl in the repos.

I made this comparison since you claimed llvm update is blocked on one incompatible package i the repos: https://old.reddit.com/r/archlinux/comments/yc68pp/what_happened_to_llvm_15/itli2r2/

Future yubikey-manger updates should be blocked in similar manner. I think everything was said on this topic.
Comment by Harm Endres (stingA0815) - Thursday, 03 November 2022, 19:02 GMT
Hi folks,

I use this package both privately and for business. Without further consultation with my employer, it is quite reasonable to contribute my work time to test this application, as quite a few employees use this app. If you are interested please let me know how we would like to communicate the testing of a new version. I would be honored to support you and thank you for the work.

Harm

Loading...