search

Yubico / yubioath-flutter

Yubico Authenticator for Desktop (Windows, macOS and Linux) and Android
https://developers.yubico.com/yubioath-flutter/
Apache License 2.0
981 stars 134 forks source link

The Yubico Authenticator 7.0.0 does not work on RHEL 8 and derivatives #1567

Open hadrabap opened 3 months ago

hadrabap commented 3 months ago

The Yubico Authenticator 7.0.0 does not work on RHEL 8 and derivatives Linux distribution due to failure of authenticator-helper.

The root cause is that helper/_internal/libpython3.12.so.1.0 is compiled on newer distribution with newer GLIBC.

[opc@sws yubico-authenticator-7.0.0-linux]$ ldd $( find . -type f \( -perm /a+x -o -name '*.so*' \) ) 2>&1 | grep -v '=>' | grep 'not found' 
./helper/_internal/libpython3.12.so.1.0: /lib64/libpthread.so.0: version `GLIBC_2.30' not found (required by ./helper/_internal/libpython3.12.so.1.0)
./helper/_internal/libpython3.12.so.1.0: /lib64/libm.so.6: version `GLIBC_2.29' not found (required by ./helper/_internal/libpython3.12.so.1.0)

To fix this, the provided binaries should be compiled at most on RHEL 8-like Linux distribution or any other still supported LTS glibc-based distro with glibc version <= 2.28 (e.g. Oracle Linux 7).

Based on this listening (Oracle Linux 7):

[opc@gateway yubico-authenticator-7.0.0-linux]$ ldd $( find . -type f \( -perm /a+x -o -name '*.so*' \) ) 2>&1 | grep -v '=>' | grep 'not found'
./authenticator: /lib64/libstdc++.so.6: version `GLIBCXX_3.4.21' not found (required by /home/opc/xx/yubico-authenticator-7.0.0-linux/./lib/liblocal_notifier_plugin.so)
./helper/_internal/cryptography/hazmat/bindings/_rust.abi3.so: /lib64/libc.so.6: version `GLIBC_2.28' not found (required by ./helper/_internal/cryptography/hazmat/bindings/_rust.abi3.so)
./helper/_internal/cryptography/hazmat/bindings/_rust.abi3.so: /lib64/libc.so.6: version `GLIBC_2.18' not found (required by ./helper/_internal/cryptography/hazmat/bindings/_rust.abi3.so)
./helper/_internal/cryptography/hazmat/bindings/_rust.abi3.so: /lib64/libc.so.6: version `GLIBC_2.25' not found (required by ./helper/_internal/cryptography/hazmat/bindings/_rust.abi3.so)
./helper/_internal/libbsd.so.0: /lib64/libc.so.6: version `GLIBC_2.25' not found (required by ./helper/_internal/libbsd.so.0)
./helper/_internal/libcrypto.so.1.1: /lib64/libc.so.6: version `GLIBC_2.25' not found (required by ./helper/_internal/libcrypto.so.1.1)
./helper/_internal/libpython3.12.so.1.0: /lib64/libpthread.so.0: version `GLIBC_2.30' not found (required by ./helper/_internal/libpython3.12.so.1.0)
./helper/_internal/libpython3.12.so.1.0: /lib64/libm.so.6: version `GLIBC_2.29' not found (required by ./helper/_internal/libpython3.12.so.1.0)
./helper/_internal/libpython3.12.so.1.0: /lib64/libc.so.6: version `GLIBC_2.28' not found (required by ./helper/_internal/libpython3.12.so.1.0)
./helper/_internal/libpython3.12.so.1.0: /lib64/libc.so.6: version `GLIBC_2.25' not found (required by ./helper/_internal/libpython3.12.so.1.0)
./helper/_internal/libpython3.12.so.1.0: /lib64/libc.so.6: version `GLIBC_2.26' not found (required by ./helper/_internal/libpython3.12.so.1.0)
./helper/_internal/libpython3.12.so.1.0: /lib64/libc.so.6: version `GLIBC_2.27' not found (required by ./helper/_internal/libpython3.12.so.1.0)
./helper/_internal/libX11.so.6: /lib64/libc.so.6: version `GLIBC_2.26' not found (required by ./helper/_internal/libX11.so.6)
./helper/_internal/libexpat.so.1: /lib64/libc.so.6: version `GLIBC_2.25' not found (required by ./helper/_internal/libexpat.so.1)
./helper/_internal/libstdc++.so.6: /lib64/libc.so.6: version `GLIBC_2.18' not found (required by ./helper/_internal/libstdc++.so.6)
./lib/liblocal_notifier_plugin.so: /lib64/libstdc++.so.6: version `GLIBCXX_3.4.21' not found (required by ./lib/liblocal_notifier_plugin.so)

I suspect the Yubico Authenticator 7.0.0 is not build on RHEL 7-like distros, which is a shame, as it is currently the oldest supported LTS distro. Oracle Linux 7 is supported even longer. Another way how to handle versions of key components is to follow recommendations of VFX Reference Platform.

Distribution details:

[opc@sws yubico-authenticator-7.0.0-linux]$ cat /etc/os-release 
NAME="Oracle Linux Server"
VERSION="8.9"
ID="ol"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="8.9"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Oracle Linux Server 8.9"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:oracle:linux:8:9:server"
HOME_URL="https://linux.oracle.com/"
BUG_REPORT_URL="https://github.com/oracle/oracle-linux"

ORACLE_BUGZILLA_PRODUCT="Oracle Linux 8"
ORACLE_BUGZILLA_PRODUCT_VERSION=8.9
ORACLE_SUPPORT_PRODUCT="Oracle Linux"
ORACLE_SUPPORT_PRODUCT_VERSION=8.9

[opc@sws yubico-authenticator-7.0.0-linux]$ dnf info --installed glibc
Installed Packages
Name         : glibc
Version      : 2.28
Release      : 236.0.1.el8_9.13
Architecture : i686
Size         : 5.0 M
Source       : glibc-2.28-236.0.1.el8_9.13.src.rpm
Repository   : @System
From repo    : local-ol8_baseos_latest
Summary      : The GNU libc libraries
URL          : http://www.gnu.org/software/glibc/
License      : LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL
Description  : The glibc package contains standard libraries which are used by
             : multiple programs on the system. In order to save disk space and
             : memory, as well as to make upgrading easier, common system code is
             : kept in one place and shared between programs. This particular package
             : contains the most important sets of shared libraries: the standard C
             : library and the standard math library. Without these two libraries, a
             : Linux system will not function.

Name         : glibc
Version      : 2.28
Release      : 236.0.1.el8_9.13
Architecture : x86_64
Size         : 6.4 M
Source       : glibc-2.28-236.0.1.el8_9.13.src.rpm
Repository   : @System
From repo    : local-ol8_baseos_latest
Summary      : The GNU libc libraries
URL          : http://www.gnu.org/software/glibc/
License      : LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL
Description  : The glibc package contains standard libraries which are used by
             : multiple programs on the system. In order to save disk space and
             : memory, as well as to make upgrading easier, common system code is
             : kept in one place and shared between programs. This particular package
             : contains the most important sets of shared libraries: the standard C
             : library and the standard math library. Without these two libraries, a
             : Linux system will not function.
AdamVe commented 3 months ago

Hello, thank you for reporting the issue. I reproduced the error with CentOS 7 and tried some quick workarounds, such as default build of Yubico Authenticator from sources / installation of Flathub’s flatpak / rebuilt flatpak locally, none of which sadly works. I am taking this back to discuss with the team and will keep you informed.