Check for update results in an error

[daddavidw]

The "Check for update" function in KeePass returns an error for this plugin. In the Update check dialog it lists current version ok, but for available version is says "Update check failed. Version information file cannot be downloaded".

[navossoc]

I need more info about your environment. What operational system? Which keepass version?

On Nov 7, 2017 13:20, "David Williams" notifications@github.com wrote:

The "Check for update" function in KeePass returns an error for this plugin. In the Update check dialog it lists current version ok, but for available version is says "Update check failed. Version information file cannot be downloaded".

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/navossoc/KeePass-Yet-Another-Favicon-Downloader/issues/7, or mute the thread https://github.com/notifications/unsubscribe-auth/ACV--nAdA298fwOwC6HawwfkMro8Y2zOks5s0HU7gaJpZM4QU89A .

[daddavidw]

I am using KeePass 2.37 on Linux. I checked the source and it appears there is an 'update file' available, at https://raw.githubusercontent.com/navossoc/KeePass-Yet-Another-Favicon-Downloader/master/VERSION But the format of the file's contents appears incorrect. It currently has what appears to be a signature at the beginning:

:Dj10LnyzaLuyCKTtwYHLh7KAd4C274gztflnPR4UDphmCIZ3cTHcHDX3R9+lJEjuACFmhG5fOSCysKy5DRXbQJrk7hjnKb3Rkj/uUTA+UR7XlcYinsl8tGnr6efO9UIODFsVjmjR0l4/K5Mj3yACva/13++skLA34hG3l8rPNo2Pz5CtQ6Ge413HqC6Dstl1JnHsQhimTmFXfWOOsxVLvqtZGA/xCrbUmKz0Ven0zFuimTrBGEXa1x5dtcxy+IA1TPpZsQkRemV5L8tpCo/k9DqDZ7LLdWR1RQm+BD4HysMbp9SqI5W9Fp7tqywY5IlPGTWhEwOtErb5wNIyBMH0ojkOb3R11Fg+MMgeQlVV8hUQcmGWZZn1Mz9ldOStknDsb8XYFtQcXqustlCzvpead5kaXDW562g65SvKinnFme2pHbzuW92P+vcgRRUublXHt5iG/UB/hsOfXkVcery6JX9MnbF9avWz5RlnJdrNUVNkAj7B5p4dPcb8x+fVqMrcj+a09v+lYTseMjNcWSz+UrSMI5z3tWX4nsZktKwtHqxEEm/Pl4w6CUuU8fXXohWjw9pSg7BMvS8dfbVtzK+h6R/GP3UDgM2d05FsuT+BCAh8Nchi6vhUrKqXQcjSpYLVUBiucPAaX4bI1/5p6HQBPPe2aECGCi2jp3Eg7KLvTa0= Yet Another Favicon Downloader:1.1.0.0 :

From other examples I have seen, it would suffice to have simply : Yet Another Favicon Downloader:1.1.0.0 :

Is the 'signature data' intentional? Required?

[navossoc]

I'm not at the computer right now, but this version file is signed. It's a new feature available since 2.34. https://keepass.info/news/n160611_2.34.html

It ensures you are not being tricked to update to a "fake version" from a malicious part.

There is a mention here too, search for "signing": https://keepass.info/help/v2_dev/plg_index.html

I may have missed something or it is a bug on KeePass for Linux.

On Nov 7, 2017 13:25, "David Williams" notifications@github.com wrote:

I am using KeePass 2.37 on Linux. I checked the source and it appears there is an 'update file' available, at https://raw.githubusercontent.com/navossoc/KeePass-Yet- Another-Favicon-Downloader/master/VERSION But the format of the file's contents appears incorrect. It currently has what appears to be a signature at the beginning:

:Dj10LnyzaLuyCKTtwYHLh7KAd4C274gztflnPR4UDphmCIZ3cTHcHDX3R9+ lJEjuACFmhG5fOSCysKy5DRXbQJrk7hjnKb3Rkj/uUTA+ UR7XlcYinsl8tGnr6efO9UIODFsVjmjR0l4/K5Mj3yACva/13++ skLA34hG3l8rPNo2Pz5CtQ6Ge413HqC6Dstl1JnHsQhimTmFXfWOOsxVLvqtZGA/ xCrbUmKz0Ven0zFuimTrBGEXa1x5dtcxy+IA1TPpZsQkRemV5L8tpCo/k9DqDZ7LLdWR1RQm+ BD4HysMbp9SqI5W9Fp7tqywY5IlPGTWhEwOtErb5wNIyBMH0ojkOb3R11Fg+ MMgeQlVV8hUQcmGWZZn1Mz9ldOStknDsb8XYFtQcXqustlCzvpead5kaXDW5 62g65SvKinnFme2pHbzuW92P+vcgRRUublXHt5iG/UB/hsOfXkVcery6JX9MnbF9avWz5RlnJd rNUVNkAj7B5p4dPcb8x+fVqMrcj+a09v+lYTseMjNcWSz+UrSMI5z3tWX4nsZktKwtHqxEEm/ Pl4w6CUuU8fXXohWjw9pSg7BMvS8dfbVtzK+h6R/GP3UDgM2d05FsuT+ BCAh8Nchi6vhUrKqXQcjSpYLVUBiucPAaX4bI1/5p6HQBPPe2aECGCi2jp3Eg7KLvTa0= Yet Another Favicon Downloader:1.1.0.0 :

From other examples I have seen, it would suffice to have simply : Yet Another Favicon Downloader:1.1.0.0 :

Is the 'signature data' intentional? Required?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/navossoc/KeePass-Yet-Another-Favicon-Downloader/issues/7#issuecomment-342517044, or mute the thread https://github.com/notifications/unsubscribe-auth/ACV--vjBf-cDZW9r19KPzWEi8CNaftdaks5s0HZqgaJpZM4QU89A .

[navossoc]

(I'm splitting the answer, because of the markdown)

Windows is reporting the signature as ok.

@daddavidw I'll make some tests on linux later. Which mono version are you using? Just to make the tests consistent.

So answering your question:

Is the 'signature data' intentional? Required?

It is intentional, but it is not required. It's just an additional security measure.

This is the version file from KeePass: https://www.dominik-reichl.de/update/version2x.txt.gz

[daddavidw]

FWIW I have confirmed it works on windows for me too. I have tried on two versions of Linux, Ubuntu 16.04 and 17.10 (both fail the 'update check'). I have also tried on my Mac machine, and it fails there in the same way.

My version of mono on the 16.04 machine is 4.2.1 (and on 17.10 it is 4.6.2). In detail (for 16.04): $ mono --version Mono JIT compiler version 4.2.1 (Debian 4.2.1.102+dfsg2-7ubuntu4) Copyright (C) 2002-2014 Novell, Inc, Xamarin Inc and Contributors. www.mono-project.com TLS: __thread SIGSEGV: altstack Notifications: epoll Architecture: amd64 Disabled: none Misc: softdebug LLVM: supported, not enabled. GC: sgen

[navossoc]

@daddavidw I took a closer look at the issue.

Seems the problem is the URL used to check the version info, KeePass/Mono doesn't seems to like github too much 😆

If I use this link: https://github.com/navossoc/KeePass-Yet-Another-Favicon-Downloader/raw/master/VERSION

Instead of: https://raw.githubusercontent.com/navossoc/KeePass-Yet-Another-Favicon-Downloader/master/VERSION

Even this link is a redirect (302), it works fine. Weird...

Anyhow, it is scheduled to be fixed on the next release ;)

Thanks for your help.

[navossoc]

@daddavidw I've released version 1.1.1.0, see if it solves your problem. Here it seems ok.

[daddavidw]

Yes, it works. I installed new plugin on both Linux (my 16.04 system) and my Mac machine and after new one was installed then "check for updates" reports "Up to date" at 1.1.1 level (instead of displaying error). I did not re-check Windows :)

[navossoc]

I did check on Windows 10 and Debian 9. Good to know it is working 💃