Closed dustinwilson closed 5 years ago
maximbaz
commented
5 years ago Weird! I'm somewhat thinking of this bug which was raised recently: https://github.com/browserpass/browserpass/issues/302
Could you please try native.pl to make sure the native component alone works correctly? Test on an entry with and without OTP code and see if it throws any exception.
$ /path/to/native.pl /path/to/browserpass '{"action": "get", "entry": "default:github.com"}'
dustinwilson
commented
5 years ago Bingo. Get this when trying to get one with an OTP. Looks like the issue is in twofactor?
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0x1132b18]
goroutine 1 [running]:
github.com/gokyle/twofactor.(*TOTP).OTPCounter(0xc000010500, 0x17)
/private/tmp/browserpass-20190112-61424-137qib2/browserpass-2.0.22/src/github.com/gokyle/twofactor/totp.go:56 +0x28
github.com/gokyle/twofactor.(*TOTP).OTP(0xc000010500, 0x66, 0x11a9100)
/private/tmp/browserpass-20190112-61424-137qib2/browserpass-2.0.22/src/github.com/gokyle/twofactor/totp.go:37 +0x2b
github.com/dannyvankooten/browserpass.parseTotp(0xc000078070, 0x66, 0xc0000be900, 0xedc, 0xc000078070)
/private/tmp/browserpass-20190112-61424-137qib2/browserpass-2.0.22/src/github.com/dannyvankooten/browserpass/browserpass.go:215 +0xce
github.com/dannyvankooten/browserpass.parseLogin(0x11a7ea0, 0xc0000bc110, 0xc0000bc110, 0x11a7ea0, 0xc0000bc110)
/private/tmp/browserpass-20190112-61424-137qib2/browserpass-2.0.22/src/github.com/dannyvankooten/browserpass/browserpass.go:239 +0x427
github.com/dannyvankooten/browserpass.readLoginGPG(0x11a7ea0, 0xc0000bc088, 0x0, 0x0, 0x0)
/private/tmp/browserpass-20190112-61424-137qib2/browserpass-2.0.22/src/github.com/dannyvankooten/browserpass/browserpass.go:186 +0x1ba
github.com/dannyvankooten/browserpass.Run(0x11a7ea0, 0xc0000bc000, 0x11a7ec0, 0xc0000bc008, 0x0, 0x0)
/private/tmp/browserpass-20190112-61424-137qib2/browserpass-2.0.22/src/github.com/dannyvankooten/browserpass/browserpass.go:109 +0x775
main.main()
/private/tmp/browserpass-20190112-61424-137qib2/browserpass-2.0.22/src/github.com/dannyvankooten/browserpass/cmd/browserpass/main.go:27 +0xc1Actually now that I've looked closer I still used a binary made from my homebrew tap (https://github.com/dustinwilson/homebrew-tap/blob/master/browserpass.rb). I thought I'd copied over the premade one from here, but I didn't. The one from here works, but it looks like whatever changes have been made in the meantime in twofactor has broken things.
maximbaz
commented
5 years ago Thanks to Gopkg.lock, when building a specific release using make you are guaranteed to always build exactly the same version of dependencies as I had, even if dependency changed in the meantime. So I'd rather think that how ever homebrew tap was compiling browserpass was not portable, and that's why you had to rebuild or take the premade binary from here.
Anyhow, it seems your issue has been solved. Happy browserpassing π
dustinwilson
commented
5 years ago Thanks. However, I would like to get my Homebrew tap working correctly because it appears to my surprise a few others use it.
I downloaded the source archive and tried to build it manually and ran into the same issues with twofactor. Running dep ensure causes the entire Gopkg.lock file to be rewritten because neither constraint supplied in Gopkg.toml actually does anything. It will download the latest revision from twofactor's repo regardless. However, if I constrain twofactor to the revision that is in the Gopkg.lock file dep doesn't download the newest revision:
[[constraint]]
revision = "bbc82ff8de72400ce39a13077627531d9841ad62"
name = "github.com/gokyle/twofactor"I recommend you using make, specifically make deps and make browserpass-darwinx64. Have a look into CONTRIBUTING.md and Makefile for details, if you have questions, ask π
dustinwilson
commented
5 years ago I did look at the makefile before building. make deps runs yarn followed by dep ensure. I am not building the frontend here, only the binary, so running yarn doesn't make any sense. I just run dep ensure. So, there still is the OTP problem here even if I just run make deps. Your Gopkg.toml file isn't constraining anything and therefore every time dep ensure is run it downloads the latest revisions of everything from their repositories and rewrites Gopkg.lock. The newest revision of twofactor breaks OTP in browserpass on macOS at least, but if you change your Gopkg.toml file to what I suggested above browserpass works fine.
maximbaz
commented
5 years ago Try dep ensure -vendor-only as in master branch. Sorry I forgot it changed since the last release π
dustinwilson
commented
5 years ago Thanks! That works. I know a while back Homebrew (let me be blunt here) moronically rejected browserpass' inclusion in the main repository, but nothing stops us from running our own "tap". Would you be willing to accept a pull request adding instructions on how to install browserpass via homebrew using my tap? I've kept it updated for the past few browserpass updates at least.
maximbaz
commented
5 years ago I would be extremely happy to merge such PR π
General information
Exact steps to reproduce the problem
What should happen?
Credentials automatically inserted into form
What happened instead?
Browserpass failed with "Error: Native Host has Exited" on Chrome and Vivaldi and "Error: undefined" in Firefox.
I haven't had any trouble with browserpass at all, and recently I updated homebrew which updated gnupg and go to 2.2.12 and 1.11.4 respectively. Ever since then I've had difficulties with getting my credentials on sites for which I also have an OTP. If the entry doesn't have an OTP it works just fine.