U2F does not work in IceCat

Done

Details

3 participants

John Doe
Maxim Cournoyer
Raphaël Mélotte

Owner: unassigned

Submitted by: John Doe

Severity: normal

John Doe wrote on 2 Jan 2021 20:41

Recipients:(name . bug-guix@gnu.org)(address . bug-guix@gnu.org)

Message-ID:gn_7cTM1ikqOoRzLBLy1r_ldz7hM3tf0deNZovokbNQKw4VIz5toV3Z8M3l5ceyqZ5kufdfruV7krS09d5FyQuuwhoRtBX9MzIjqiFrzKgg=@protonmail.com

I've been trying to get U2F to work in IceCat without success with the Nitrokey FIDO2 and FIDO U2F devices. To test 2 websites were used: vault.bitwarden.com and u2f.bin.coffee .

For vault.bitwarden.com, after entering the password, the following error popup appears repeatedly:
"An error has occurred. U2F Error: 1"

For u2f.bin.coffee, when clicking the U2F Register button, the following error appears:
"
Sending request with appId: https://u2f.bin.coffee
{
  "version": "U2F_V2",
  "challenge": "pyvBtAPUygH0mZg4_thmdo_Ltnk"
}

Got response:
{
  "errorCode": 1
}

[FAIL] Imported credential public key
Failures: 1 TODOs: 0
"
A similar error appears for the U2F Sign button.

The same websites work without trouble in ungoogled-chromium as well as Firefox installed in Flatpak and run with the options "flatpak run --user --device=all org.mozilla.firefox".

I have installed the pam-u2f package which includes the libu2f-server and libu2f-host packages.

In /etc/config.scm I have the following configuration to add udev rules for the Nitrokey device:

"
(use-modules (guix download)
             (guix packages)
(use-service-modules security-token)
;; ...
(define %nitrokey-udev-rule
  (file->udev-rule
   "41-nitrokey.rules"
   (let ((version "2019"))
     (origin
      (method url-fetch)
      (uri "https://raw.githubusercontent.com/Nitrokey/libnitrokey/master/data/41-nitrokey.rules")
      (sha256
       (base32 "1j8x9i2ypr6jadpmjbcffk7rjqd3a4x0krqx5hqk7bfgsxzima23"))))))

;; ref. https://lists.gnu.org/archive/html/help-guix/2019-07/msg00051.html
(define %updated-desktop-services
  (modify-services
   %desktop-services
   (udev-service-type config =>
                      (udev-configuration
                       (inherit config)
                       (rules (append (udev-configuration-rules config)
                                      (list %nitrokey-udev-rule)))))))

(operating-system
 ;; ...
 (services
  (append
   (list
    (service xfce-desktop-service-type)
    (set-xorg-configuration
     (xorg-configuration
      (keyboard-layout keyboard-layout))))
   (list
    ;; ...
    (service pcscd-service-type))
   %updated-desktop-services))
 ;; ...
"

Please let me know if there is any additional information I can provide.

John Doe wrote on 3 Jan 2021 18:19

(No Subject)

Recipients:(name . 45613@debbugs.gnu.org)(address . 45613@debbugs.gnu.org)

Message-ID:ajINObAdvYYUK_YKE9TetKsQaLg0PgihufdMYKeL8ohi2WGN44ErcWIKkgaXisaYKJn7P8I4P9bV9s90qZ8cf7OSE0xPgHgAB9lfyMgaYgA=@protonmail.com

Forgot to mention in the original report: The issue is very similar to the following bug: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=38341

Raphaël Mélotte wrote on 11 Oct 2021 16:12

(no subject)

Recipients:(address . 45613@debbugs.gnu.org)

Message-ID:87c35008-8c85-a46b-269d-0aad30731352@mind.be

To me it looks like this bug is now solved.

I remember having the same problem months ago, but today it seems to work fine

(on a foreign distro).

Guix:

---

guix 6eded1a

repository URL: https://git.savannah.gnu.org/git/guix.git

branch: master

commit: 6eded1a04186e3118b293486b038c994e05efedf

---

Icecat:

---

icecat 78.14.0-guix0-preview1 out

/gnu/store/xwzp1lj8b429yc9nbx3nwy1ia9r1sr2x-icecat-78.14.0-guix0-preview1

---

It worked both with https://u2f.bin.coffee/and other services.

Note that I'm "cheating" a little bit though: I'm using an emulated device, not

an actual USB device (but the same emulated device previously didn't work with a

Guix-built icecat).

Maxim Cournoyer wrote on 13 Feb 2023 17:40

Re: bug#45613: U2F does not work in IceCat

Recipients:(name . Raphaël Mélotte)(address . raphael.melotte@mind.be)(address . 45613-done@debbugs.gnu.org)

Message-ID:875yc5fri3.fsf_-_@gmail.com

Hi,

Raphaël Mélotte <raphael.melotte@mind.be> writes:

Toggle quote (25 lines)> To me it looks like this bug is now solved.
>
> I remember having the same problem months ago, but today it seems to
> work fine (on a foreign distro).
>
> Guix:
> ---
>   guix 6eded1a
>     repository URL: https://git.savannah.gnu.org/git/guix.git
>     branch: master
>     commit: 6eded1a04186e3118b293486b038c994e05efedf
> ---
>
> Icecat:
> ---
> icecat                  78.14.0-guix0-preview1  out
> /gnu/store/xwzp1lj8b429yc9nbx3nwy1ia9r1sr2x-icecat-78.14.0-guix0-preview1
> ---
>
> It worked both with https://u2f.bin.coffee/ and other services.
>
> Note that I'm "cheating" a little bit though: I'm using an emulated
> device, not an actual USB device (but the same emulated device
> previously didn't work with a Guix-built icecat).

Thanks for the heads-up.

Closing!

Thanks,

Maxim

Closed

Your comment

This issue is archived.

To comment on this conversation send an email to 45613@debbugs.gnu.org

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date