Bug 254580 - security/py-yubikey-manager: Update to py37-yubikey-manager-4.0.0 does not work
Summary: security/py-yubikey-manager: Update to py37-yubikey-manager-4.0.0 does not work
Status: In Progress
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Vinícius Zavam
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-03-26 14:05 UTC by Nathan Whitehorn
Modified: 2021-04-18 23:56 UTC (History)
2 users (show)

See Also:
egypcio: maintainer-feedback+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Nathan Whitehorn freebsd_committer 2021-03-26 14:05:49 UTC
It looks like it requires a corresponding update to py-fido2, as this happens whenever you try to run it:

$ ykman
Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 583, in _build_master
    ws.require(__requires__)
  File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 900, in require
    needed = self.resolve(parse_requirements(requirements))
  File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 791, in resolve
    raise VersionConflict(dist, req).with_context(dependent_req)
pkg_resources.ContextualVersionConflict: (fido2 0.8.1 (/usr/local/lib/python3.7/site-packages), Requirement.parse('fido2<1.0,>=0.9'), {'yubikey-manager'})

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/bin/ykman", line 6, in <module>
    from pkg_resources import load_entry_point
  File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 3251, in <module>
    @_call_aside
  File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 3235, in _call_aside
    f(*args, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 3264, in _initialize_master_working_set
    working_set = WorkingSet._build_master()
  File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 585, in _build_master
    return cls._build_from_requirements(__requires__)
  File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 598, in _build_from_requirements
    dists = ws.resolve(reqs, Environment())
  File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 786, in resolve
    raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'fido2<1.0,>=0.9' distribution was not found and is required by yubikey-manager
Comment 1 Nathan Whitehorn freebsd_committer 2021-03-31 21:08:16 UTC
Now the fido2 update is in, but the port is still broken:

$ ykman
Traceback (most recent call last):
  File "/usr/local/bin/ykman", line 11, in <module>
    load_entry_point('yubikey-manager==4.0.0', 'console_scripts', 'ykman')()
  File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 489, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 2852, in load_entry_point
    return ep.load()
  File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 2443, in load
    return self.resolve()
  File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 2449, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/usr/local/lib/python3.7/site-packages/ykman/__init__.py", line 29, in <module>
    from .device import (  # noqa
  File "/usr/local/lib/python3.7/site-packages/ykman/device.py", line 52, in <module>
    from .hid import list_otp_devices, list_ctap_devices
  File "/usr/local/lib/python3.7/site-packages/ykman/hid/__init__.py", line 46, in <module>
    raise Exception("Unsupported platform")
Exception: Unsupported platform

Maybe this update can be backed out?
Comment 2 Daniel Shafer 2021-04-06 16:21:14 UTC
py-yubikey-manager is a dependency for yubikey-manager-qt, which last time I tried it did work for me.

I'll reverify it and report back.  But if we roll this back then yubikey-manager-qt will need to be rolled back.
Comment 3 commit-hook freebsd_committer 2021-04-13 15:40:42 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=970206166db81f25eb6c13ec0a5c56b91454b907

commit 970206166db81f25eb6c13ec0a5c56b91454b907
Author:     Vinícius Zavam <egypcio@FreeBSD.org>
AuthorDate: 2021-04-13 15:38:05 +0000
Commit:     Vinícius Zavam <egypcio@FreeBSD.org>
CommitDate: 2021-04-13 15:38:05 +0000

    security/py-yubikey-manager: update 4.0.0 to 4.0.2

      - https://github.com/Yubico/yubikey-manager/blob/4.0.2/NEWS

    PR:             254580
    Reported by:    nwhitehorn@

 security/py-yubikey-manager/Makefile | 2 +-
 security/py-yubikey-manager/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)
Comment 4 Vinícius Zavam freebsd_committer 2021-04-14 07:44:26 UTC
hello there!
port got updated to 4.0.2;
would you try testing it again and report back?

my current testing env got compromised and it's gonna take a while til it's up and running 100% again tho. few more hands/eyes would be appreciated

thanks!
Comment 5 Nathan Whitehorn freebsd_committer 2021-04-14 13:47:13 UTC
Still broken.

The core problem is that yubikey-manager 4.0 and above simply don't support FreeBSD with their HID mode and needs someone to write a FreeBSD backend. The following diff "fixes" the issue by removing support for the HID backend, which means the port is crippled but at least can still work through the PCSC backend:

--- yubikey-manager-4.0.2/ykman/hid/__init__.py 2021-04-12 03:23:08.142234800 -0400
+++ /tmp/__init__.py    2021-04-14 09:44:54.413841000 -0400
@@ -43,10 +43,12 @@
 elif sys.platform.startswith("darwin"):
     from . import macos as backend
 else:
-    raise Exception("Unsupported platform")
+    backend = None
 
-
-list_otp_devices: Callable[[], List[OtpYubiKeyDevice]] = backend.list_devices
+if backend is not None:
+       list_otp_devices: Callable[[], List[OtpYubiKeyDevice]] = backend.list_devices
+else:
+       list_otp_devices: Callable[[], List[OtpYubiKeyDevice]] = lambda: []
 
 
 class CtapYubiKeyDevice(YkmanDevice):
Comment 6 Vinícius Zavam freebsd_committer 2021-04-18 23:56:29 UTC
ACK. thanks for sharing that one; I am going to take care of this one and suggest kind of a MR into upstream as well.

should get back to you ASAP