search

trustcrypto / python-onlykey

The OnlyKey Python Command-Line Utility is a command line tool targeted towards more advanced users. This can be used for configuration and testing.
https://docs.crp.to/command-line.html
47 stars 23 forks source link

Many errors on Kubuntu after cli installations last step #77

Open dasdirksche opened 5 months ago

dasdirksche commented 5 months ago

Kubuntu 22.04 Kernelversion: 6.5.0-26-generic (64-bit)

I did install the onlykey-cli exactly like explained on docs. After running the last command: udevadm control --reload-rules && udevadm trigger I got thousands of errors When I try for example: onlykey-cli credential ls and skip the PIN (cause I didn't set one) I got: Traceback (most recent call last): File "/home/dirk/.local/bin/onlykey-cli", line 8, in <module> sys.exit(main()) File "/home/dirk/.local/lib/python3.10/site-packages/onlykey/cli.py", line 1196, in main cli() File "/home/dirk/.local/lib/python3.10/site-packages/onlykey/cli.py", line 520, in cli solo.cli.key() File "/usr/lib/python3/dist-packages/click/core.py", line 1128, in __call__ return self.main(*args, **kwargs) File "/usr/lib/python3/dist-packages/click/core.py", line 1053, in main rv = self.invoke(ctx) File "/usr/lib/python3/dist-packages/click/core.py", line 1659, in invoke return _process_result(sub_ctx.command.invoke(sub_ctx)) File "/usr/lib/python3/dist-packages/click/core.py", line 1659, in invoke return _process_result(sub_ctx.command.invoke(sub_ctx)) File "/usr/lib/python3/dist-packages/click/core.py", line 1395, in invoke return ctx.invoke(self.callback, **ctx.params) File "/usr/lib/python3/dist-packages/click/core.py", line 754, in invoke return __callback(*args, **kwargs) File "/home/dirk/.local/lib/python3.10/site-packages/solo/cli/key.py", line 553, in cred_ls cm = client.cred_mgmt(pin) File "/home/dirk/.local/lib/python3.10/site-packages/solo/devices/base.py", line 116, in cred_mgmt token = client.client_pin.get_pin_token(pin) File "/home/dirk/.local/lib/python3.10/site-packages/fido2/ctap2/pin.py", line 260, in get_pin_token resp = self.ctap.client_pin( File "/home/dirk/.local/lib/python3.10/site-packages/fido2/ctap2/base.py", line 728, in client_pin return self.send_cbor( File "/home/dirk/.local/lib/python3.10/site-packages/fido2/ctap2/base.py", line 675, in send_cbor raise CtapError(status) fido2.ctap.CtapError: CTAP error: 0x35 - PIN_NOT_SET When I install the onlykey-app with snap the app starts but will not recognice the key.(Please connect your key). When I open the app in terminal with the prompt 'onlykey-app' I got: Gtk-Message: Failed to load module "colorreload-gtk-module" Gtk-Message: Failed to load module "window-decorations-gtk-module" libGL error: pci id for fd 117: 8086:8a52, driver (null) libGL error: No driver found libGL error: failed to load driver: (null) libGL error: pci id for fd 117: 8086:8a52, driver (null) libGL error: unable to load driver: iris_dri.so libGL error: driver pointer missing libGL error: failed to load driver: iris [4881:4881:0401/195120.984600:ERROR:component_loader.cc(162)] Failed to parse extension manifest. [4881:5007:0401/195120.986384:ERROR:object_proxy.cc(621)] Failed to call method: org.kde.KWallet.isEnabled: object_path= /modules/kwalletd5: org.freedesktop.DBus.Error.AccessDenied: An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.65" (uid=1000 pid=4881 comm="/snap/onlykey-app/7/opt/OnlyKey/nw " label="snap.onlykey-app.onlykey-app (enforce)") interface="org.kde.KWallet" member="isEnabled" error name="(unset)" requested_reply="0" destination="org.kde.kwalletd5" (uid=1000 pid=1054 comm="/usr/bin/kwalletd5 --pam-login 7 8 " label="unconfined") [4881:5007:0401/195120.986400:ERROR:kwallet_dbus.cc(100)] Error contacting kwalletd5 (isEnabled) [4881:5007:0401/195120.986626:ERROR:object_proxy.cc(621)] Failed to call method: org.kde.KLauncher.start_service_by_desktop_name: object_path= /KLauncher: org.freedesktop.DBus.Error.ServiceUnknown: The name org.kde.klauncher was not provided by any .service files [4881:5007:0401/195120.986635:ERROR:kwallet_dbus.cc(72)] Error contacting klauncher to start kwalletd5 [5004:5004:0401/195121.012056:ERROR:sandbox_linux.cc(366)] InitializeSandbox() called with multiple threads in process gpu-process. [5016:5041:0401/195121.103504:ERROR:command_buffer_proxy_impl.cc(124)] ContextResult::kTransientFailure: Failed to send GpuChannelMsg_CreateCommandBuffer. [4881:4993:0401/195121.459676:ERROR:udev_watcher.cc(63)] Failed to begin udev enumeration. shm_open() failed: Permission denied [4881:4994:0401/195129.030975:ERROR:udev_watcher.cc(63)] Failed to begin udev enumeration. Nothing works on Linux. It is frustrating

dasdirksche commented 5 months ago

Sorry. I try to write it more clearly arranged. using the prompt: onlykey-cli credential ls The output is:

Traceback (most recent call last):
  File "/home/dirk/.local/bin/onlykey-cli", line 8, in <module>
    sys.exit(main())
  File "/home/dirk/.local/lib/python3.10/site-packages/onlykey/cli.py", line 1196, in main
    cli()
  File "/home/dirk/.local/lib/python3.10/site-packages/onlykey/cli.py", line 520, in cli
    solo.cli.key()
  File "/usr/lib/python3/dist-packages/click/core.py", line 1128, in __call__
    return self.main(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/click/core.py", line 1053, in main
    rv = self.invoke(ctx)
  File "/usr/lib/python3/dist-packages/click/core.py", line 1659, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/lib/python3/dist-packages/click/core.py", line 1659, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/lib/python3/dist-packages/click/core.py", line 1395, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/lib/python3/dist-packages/click/core.py", line 754, in invoke
    return __callback(*args, **kwargs)
  File "/home/dirk/.local/lib/python3.10/site-packages/solo/cli/key.py", line 553, in cred_ls
    cm = client.cred_mgmt(pin)
  File "/home/dirk/.local/lib/python3.10/site-packages/solo/devices/base.py", line 116, in cred_mgmt
    token = client.client_pin.get_pin_token(pin)
  File "/home/dirk/.local/lib/python3.10/site-packages/fido2/ctap2/pin.py", line 260, in get_pin_token
    resp = self.ctap.client_pin(
  File "/home/dirk/.local/lib/python3.10/site-packages/fido2/ctap2/base.py", line 728, in client_pin
    return self.send_cbor(
  File "/home/dirk/.local/lib/python3.10/site-packages/fido2/ctap2/base.py", line 675, in send_cbor
    raise CtapError(status)
fido2.ctap.CtapError: CTAP error: 0x35 - PIN_NOT_SET

Do I have to set a pin?

dasdirksche commented 5 months ago

Sorry. Me again. if I register a passkey on Linux in Firefox there is no prompt to set a pin. If I register a passkey on windows, there is a prompt to setup a pin. After adding the pin in Windows the onlykey-cli credential ls works now. But why won't Firefox under Linux ask for a pin?

onlykey commented 5 months ago

It's because I think Firefox is using an old version of FIDO-U2F and the other browsers use FIDO2. Yes, a PIN must be set for resident credentials (FIDO2) that are stored on OnlyKey.

dasdirksche commented 5 months ago

Same Firefox Version on both, Linux and Windows.: 124.0.1