Open apburgess opened 2 years ago
Hey,
Could you launch through the terminal with the --log-level DEBUG
flag at the end? It should give more information.
Launched with
/Applications/YubiKey\ Manager.app/Contents/MacOS/ykman-gui --log-level DEBUG
and got
qt.qpa.fonts: Populating font family aliases took 91 ms. Replace uses of missing font family "Roboto" with one that exists to avoid this cost.
qml: Cannot import module: yubikey (Traceback (most recent call last):
File "qrc:///py/yubikey.py", line 17, in <module>
import ykman.logging_setup
File "/Applications/YubiKey Manager.app/Contents/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/ykman/logging_setup.py", line 29, in <module>
from ykman.util import get_windows_version
File "/Applications/YubiKey Manager.app/Contents/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/ykman/util.py", line 29, in <module>
from cryptography.hazmat.primitives import serialization
File "/Users/adrian/Library/Python/3.9/lib/python/site-packages/cryptography/hazmat/primitives/serialization/__init__.py", line 15, in <module>
from cryptography.hazmat.primitives.serialization.base import (
File "/Users/adrian/Library/Python/3.9/lib/python/site-packages/cryptography/hazmat/primitives/serialization/base.py", line 9, in <module>
from cryptography.hazmat.primitives.asymmetric.types import (
File "/Users/adrian/Library/Python/3.9/lib/python/site-packages/cryptography/hazmat/primitives/asymmetric/types.py", line 7, in <module>
from cryptography.hazmat.primitives.asymmetric import (
File "/Users/adrian/Library/Python/3.9/lib/python/site-packages/cryptography/hazmat/primitives/asymmetric/dsa.py", line 10, in <module>
from cryptography.hazmat.primitives.asymmetric import (
File "/Users/adrian/Library/Python/3.9/lib/python/site-packages/cryptography/hazmat/primitives/asymmetric/utils.py", line 6, in <module>
from cryptography.hazmat.bindings._rust import asn1
ImportError: dlopen(/Users/adrian/Library/Python/3.9/lib/python/site-packages/cryptography/hazmat/bindings/_rust.abi3.so, 0x0002): tried: '/Users/adrian/Library/Python/3.9/lib/python/site-packages/cryptography/hazmat/bindings/_rust.abi3.so' (mach-o file, but is an incompatible architecture (have 'arm64', need 'x86_64'))
)
qml: Function not found: 'yubikey.init_with_logging' (Traceback (most recent call last):
File "<string>", line 1, in <module>
NameError: name 'yubikey' is not defined
It continues after that, but looked like repetition.
I see. I tried on a Mac with Apple Silicon and it works. In your case it looks like YubiKey Manager is using your local installation of Python when looking up the cryptography package, for example:
File "/Users/adrian/Library/Python/3.9/lib/python/site-packages/cryptography/(...)"
seems to do just that. Perhaps you can try updating your local cryptography package. Another solution might be to set the PYTHONHOME
or PYTHONPATH
variables, to make sure the correct Python is used. You want the Python in the YubiKey Manager.app
I'm not sure updating the local cryptography package will work as it will remain the same arch (I think that's the problem it's having with the cryptography package it's picking up?). I'll try though.
I've noticed another issue where it seemed it was picking up the wrong python installation -- is it worth having the software warn about this?
(Also, would having an Apple Silicon native version of the software help? Albeit it would still presumably be picking up external python packages.)
Ok, I've tried the path thing, I'm not sure if I set the variables correctly but it keeps reaching out to the system installation for cryptography -- is it possible this is because there isn't a copy included in the app bundle (that I can see -- not a python expert).
I was trying
PYTHONHOME=/Applications/YubiKey\ Manager.app/Contents/Frameworks/Python.framework/Versions/3.9
You need to check under site-packages
, which is in the directory you took that screenshot.
Could you try setting PYTHONPATH
? Try pointing it to site-packages
. Most likely it will be something like this /Applications/YubiKey\ Manager.app/Contents/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages
. If that does not work, try playing around a bit with that path. Maybe it should be shorter.
Thanks, that seems to have fixed it. Could the app be updated so it doesn't let the system installation interfere?
It should be possible. We can look into it for the next release(s). Thanks for the suggestion!
Just ran into this as well, would be awesome to see this fixed, maybe utilizing a virtual environment going forward or just exporting the variables as needed for that invocation?
Until then, I'll share a little helper function I use to extract the correct python variables and run YubiKey Manager:
#######################################
# Launch yubikey with the current python environment variables set for the
# application.
#######################################
yubikey-manage() {
local yubikey_mngr_base_path=/Applications/YubiKey\ Manager.app/Contents
local python_base_path="${yubikey_mngr_base_path}"/Frameworks/Python.framework/Versions
local python_version
# Find where the current symlink points to for yubikey's env
python_version="$(readlink -f "${python_base_path}"/Current)"
# Get the version number off the end of the path for python
python_version="${python_version##*/}"
PYTHONHOME="${python_base_path}/Current" \
PYTHONPATH="${python_base_path}/Current/lib/python${python_version}/site-packages" \
"${yubikey_mngr_base_path}/MacOS/ykman-gui" --log-level DEBUG
}
Expects bash
or zsh
.
Same as #328 , I have added my logs there.
This just happened to me with a brand new YubiKey 5Ci on MacOS 13.1, MacBook Pro M1 Max. I ended up "fixing" it with the PYTHONPATH trick. Would be good to get this resolved in the app.
FYI I created a tiny wrapper script to automate launching the YubiKey manager on MacOS with the correct environment: https://github.com/nckroy/yubiman-wrapper
@treatybreaker solution works, huge thumbs up him for that, but.
8 months later and bug is still there. Is it time to fix it, Yubico folks? It's payed security product btw.
Hey! 1.2.5 has just been released, and contains some fixes related to this. Please test it out and see if it resolves your issue.
1.2.5 macOS 13.3.1 (intel)
Same issue.
I have the same issue with 1.25 on Windows 10 and with the app image version on Kubuntu 22.10. Will try to fix it via the suggestions in this post.
Experiencing the same thing, app built from source on Fedora 39 according to instructions in doc/development.adoc
. (minor detail -- it calls for a prereq package qt5-devel
which does not exist.) The program builds successfully and I can run it from the source tree (ykman-gui/ykman-gui
), but it just sits there waiting for me to insert my key. It doesn't detect either one I've tried.
According to all other indications, keys are detected and functioning normally -- I can log in to websites via webauthn, I can use the Yubico demo pages, playground site, etc. I can see the key in lsusb
and I can see insertions and removals in the syslog. As far as I can tell, it's only the Manager application that can't see my keys.
It's not showing my key either on Fedora 40Beta. Installed with sudo dnf install yubikey-manager-qt
. It's version 1.2.5
The CLI is working:
> ykman list
YubiKey FIPS (4.4.5) [OTP+FIDO+CCID] Serial: 12864557
[I] [11:24:54] zoid ~ 0
> ykman-gui --log-level DEBUG
kf.i18n: KLocalizedString: Using an empty domain, fix the code. msgid: "&Yes" msgid_plural: "" msgctxt: "@action:button"
kf.i18n: KLocalizedString: Using an empty domain, fix the code. msgid: "&No" msgid_plural: "" msgctxt: "@action:button"
qrc:/qml/main.qml:96:5: QML Shortcut: Shortcut: Only binding to one of multiple key bindings associated with 4. Use 'sequences: [ <key> ]' to bind to all of them.
I have the same issue that @manualdidact and @JohnAZoidberg in Fedora (installed from the Fedora repos)
ykman
detects the keysyubikey-personalization-gui
detects the keysykman-gui
don't workSame issue reported in #357
Same error here with arch :
orjawell@archX13 ~> ykman-gui --log-level DEBUG
Warning: Ignoring XDG_SESSION_TYPE=wayland on Gnome. Use QT_QPA_PLATFORM=wayland to run on Wayland anyway.
"PyOtherSide error: No module named 'yubikey'"
qml: Cannot import module: yubikey (No module named 'yubikey')
"PyOtherSide error: Traceback (most recent call last):\n\n File \"<string>\", line 1, in <module>\n\nNameError: name 'yubikey' is not defined\n"
qml: Function not found: 'yubikey.init_with_logging' (Traceback (most recent call last):
File "<string>", line 1, in <module>
NameError: name 'yubikey' is not defined
)
"PyOtherSide error: Traceback (most recent call last):\n\n File \"<string>\", line 1, in <module>\n\nNameError: name 'yubikey' is not defined\n"
qml: Function not found: 'yubikey.controller.refresh' (Traceback (most recent call last):
File "<string>", line 1, in <module>
NameError: name 'yubikey' is not defined
)
After upgrading from Ubuntu 23.10 to 24.04, I have the same problem. THIS IS REALLY BAD as I need the authenticator app to access crucial services.
How can this be fixed?
@h-2 Are you commenting in the correct repo? YubiKey Manager GUI is not an authenticator app, maybe you want https://github.com/Yubico/yubioath-flutter instead?
It affects ykman-gui, as well, but I just saw that it is also being tracked downstream: https://bugs.launchpad.net/ubuntu/+source/yubioath-desktop/+bug/2067197
Unfortunately the package for yubioath-desktop is VERY outdated (5.x). The latest version of Yubico Authenticator is 7.0, and we recommend you download it directly from here: https://github.com/Yubico/yubioath-flutter/releases
As for YubiKey Manager GUI, we also recommend that you instead use Yubico Authenticator 7 which is a much newer and more capable tool.
Thanks for pointing this out. The new version works. I guess Ubuntu is just outdated :(
Unfortunately the package for yubioath-desktop is VERY outdated (5.x). The latest version of Yubico Authenticator is 7.0, and we recommend you download it directly from here: https://github.com/Yubico/yubioath-flutter/releases
As for YubiKey Manager GUI, we also recommend that you instead use Yubico Authenticator 7 which is a much newer and more capable tool.
Thanks for this information, I was trying to get yubikey-manager-qt working on fedora 40 and hitting the same bug
Steps to reproduce
Launch the app.
Expected result
Being able to interact with software to configure the keys.
Actual results
After launching the app, it just displays the "Insert your YubiKey" screen and doesn't recognise either of the keys.
Other info
ykman (CLI) 4.0.8 installed from MacPorts can see the keys and work with them. I can see this in the console app (but don't know if it's relevant):
default 15:15:46.456978+0100 kernel AMFI: constraint violation /private/var/folders/tr/jlgtdj9x2x5_72n5dlfx1h_r0000gn/T/AppTranslocation/6A5D5AC5-D643-4178-918D-933D108CEDD2/d/YubiKey Manager.app/Contents/Frameworks/Python.framework/Versions/3.9/lib/python3.9/lib-dynload/_blake2.cpython-39-darwin.so has entitlements but is not a main binary