From unknown Fri Jun 13 06:09:31 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#38341 <38341@debbugs.gnu.org> To: bug#38341 <38341@debbugs.gnu.org> Subject: Status: webauthn support? Reply-To: bug#38341 <38341@debbugs.gnu.org> Date: Fri, 13 Jun 2025 13:09:31 +0000 retitle 38341 webauthn support? reassign 38341 gnuzilla submitter 38341 Chris Marusich severity 38341 normal thanks From debbugs-submit-bounces@debbugs.gnu.org Sat Nov 23 01:14:52 2019 Received: (at submit) by debbugs.gnu.org; 23 Nov 2019 06:14:53 +0000 Received: from localhost ([127.0.0.1]:55779 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iYOgy-0003F9-61 for submit@debbugs.gnu.org; Sat, 23 Nov 2019 01:14:50 -0500 Received: from lists.gnu.org ([209.51.188.17]:35389) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iYOgq-0003Eu-Rv for submit@debbugs.gnu.org; Sat, 23 Nov 2019 01:14:41 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:56185) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iYOgp-0006Kf-MQ for bug-gnuzilla@gnu.org; Sat, 23 Nov 2019 01:14:40 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_20,FREEMAIL_FROM autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iYOgo-0007UR-Ik for bug-gnuzilla@gnu.org; Sat, 23 Nov 2019 01:14:39 -0500 Received: from mail-pg1-x52e.google.com ([2607:f8b0:4864:20::52e]:46366) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1iYOgo-0007TF-B0 for bug-gnuzilla@gnu.org; Sat, 23 Nov 2019 01:14:38 -0500 Received: by mail-pg1-x52e.google.com with SMTP id r18so4461885pgu.13 for ; Fri, 22 Nov 2019 22:14:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=6sPXk4rjcGB/G/IOLP/ThkTp/mQt9swuBELdJnZY91M=; b=YOi1MrpAxehuWEPH61y0Pj8ukrnb6z8OxwNnlCsKFX13avjMVipoW69w9cc6EMpf8m 9XYtxB/Sy4iQznDAHa2qIPrE+FhrzIyhloW5HuVy2xjV9Ey/qpScyvEqflihIk1p+z8a elnMrvXc3tb2DxgOzMzeY4XjCY6A0vqJmEW/+XLmjSmFeehrONHGl1RhJMr2quHAkulK wy+xweCpCy9q1vuvWYoWids1RuXvm2s+z+unrntYybNGnLtpnpP4fQtdrsRnlAhw1kEE OQNyFNMHEKErtrVMyOmw5TYJCqj/cTur+/BirT07NRdlDsQ/DF+AYS6Q5PV9kGmnxDg+ RRqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=6sPXk4rjcGB/G/IOLP/ThkTp/mQt9swuBELdJnZY91M=; b=co2epQNjzOvWrhsaf72Um+WUy+y0kSR8j5ak/kx685u2HVt1Z/zM6rvFkeE6yMBSIp rwMmJeBK1qhJt/Me/wsQJD/8R+qtQzw13WZRGe2mgeKRRFtuWpJ/kiAEMOmWgG03XbUN F+MqBIhrpJlL6DQHEj8pdNS69vfzVUMN/0l1c7g12pOB4rbFQ2g1QBxJeh5rfjqMvxox xU6r5AmNeoy6lJPUHTNf5xsi1RhmUsbfflv0tXyZ4AU2/DqP0hNthzZ0yW7yikWDlUoj uNPV42NlU8vYzIDaSCx7QyObIJCXhI73Q1qPbSgyLW3QA9fnU6/10sOSj5jstkKr4dUj DJ+g== X-Gm-Message-State: APjAAAXGa+G1C7RdQVBhRdKCzOL8r5SVjJy1NEI3kAn24IvdEnPNLu7q u8aGwR8p9LxIwoWfXQfcjXZWHyHf X-Google-Smtp-Source: APXvYqy88KhvGQLgUyqDwlH+/G6SKu27JpIDi8wZRZezp1GHNR23PqhyrG5qrJsosAAdLB1IjY+KdQ== X-Received: by 2002:a63:4441:: with SMTP id t1mr19671606pgk.179.1574489676239; Fri, 22 Nov 2019 22:14:36 -0800 (PST) Received: from garuda.local ([2601:601:9d80:25b2:28ff:ed79:ffa:afc1]) by smtp.gmail.com with ESMTPSA id j20sm9267103pff.182.2019.11.22.22.14.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Nov 2019 22:14:34 -0800 (PST) From: Chris Marusich To: Jack Hill Subject: Re: webauthn support? References: <87h83k4ha2.fsf@gmail.com> <87a78vpwah.fsf@gmail.com> Date: Fri, 22 Nov 2019 22:14:30 -0800 In-Reply-To: <87a78vpwah.fsf@gmail.com> (Chris Marusich's message of "Sat, 16 Nov 2019 09:26:30 -0800") Message-ID: <87sgmfyv95.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4864:20::52e X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit Cc: Mark H Weaver , bug-gnuzilla@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Chris Marusich writes: > I have a non-Guix GNU/Linux machine with Firefox, on which this > problem does not occur, and I am able to log in correctly using my > token (in Firefox). I will try building IceCat 68 from source > manually on that distribution. I have successfully built IceCat using the Guix preview source (guix build -S icecat) on a foreign GNU/Linux distro. Things I noticed: =2D When IceCat 68 is built from source on this foreign distro (without using any software from Guix to do the build), the built IceCat 68 works. The "Unknown U2F Error" does not occur. This means that the system is configured correctly to allow me to use my security token, and IceCat is built correctly to use it. =2D However, on the same foreign distro, when I install IceCat 68 from Guix, it doesn't work. I get an "Unknown U2F Error". =2D Reminder: Firefox also works on this foreign distro. The "Unknown U2F Error" does not occur. This suggests a bug in the Guix IceCat 68 packaging, but not the IceCat 68 source built by Guix. For example, perhaps the Guix package definition for IceCat 68 lacks a required runtime dependency for this use case. I will see if I can figure it out. I think I will look into the configuration/build logs/logic to see if we're missing a dependency that is required for webauthn, U2F, PKCS11, or some other hardware token thing. I also think it might be productive to experiment using strace to see if I can determine any differences in what's going on between the good case and the bad case. If anyone has any advice about how to determine what code is actually emitting the "Unknown U2F Error", that would really help me narrow down the possibilities quite a bit. =2D-=20 Chris --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAl3YzkYACgkQ3UCaFdgi Rp2G/g//cvynvKyKP0ZkOOAlDMZqqU5+ZurxrchZ7hDbjhCWUtEAfoPMheG/nUsX cGNq2d0Krp5MCp+GyA2XSEe99ovufgKqRjvoXg633Qdsd+tTmMBHIxrZqya10PF/ 5FCB/kxsjLkuIxlovsMmROHvpSMgLezU+Kp+78Mb26SODXG5whOAWRkGBYGcsdly ApvXwFZ/JXFdcojz6UA08sd1qrkT1JActRpWGww+SixE+nc5lSolOdvpJ1Grd5Vi /Ku7ww58QnyAo4bmjBGDqm8/QMzx2yNdSpknmUZkekypezC4tomMkvwQuU8iU3gm PJPMI5Cy3ghY3acgwqQ/JAilExPAAyI5oXxhcgHOsdwaU8DvwT5Z4aP0vL67vpXS 2gyo0pKerFi3RxUBG5KkRpnydHOsix7i44veuNSCb7IzH4e4Ppflk9fDr1R2lE4i q0oV5WRgHZhhmZDqm4pzPQXoyt74R4XHzWToSP3TK8Gd7G7cOBJZY6/vm9ItuZfa k9W70+FPHGr8LN9x5Df7RFvZxG7VVMmMljukKXd5c13zeg4WIRHgRHN59itoEY/2 bzI8FKTs4HIpt1fyeDO6gdER5a1oBqbkIgrBJR7akB4xETU1Z/Ln/KeLC3XwYF0N hx0Smb5QRepOsc1v5CGXOHGp/3VBuvL8sVkMJ/x70vHvTfAFGVE= =MsWA -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sat Nov 23 11:10:30 2019 Received: (at submit) by debbugs.gnu.org; 23 Nov 2019 16:10:30 +0000 Received: from localhost ([127.0.0.1]:57648 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iYXzR-0005g3-Tv for submit@debbugs.gnu.org; Sat, 23 Nov 2019 11:10:30 -0500 Received: from lists.gnu.org ([209.51.188.17]:51647) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iYXzO-0005ft-9D for submit@debbugs.gnu.org; Sat, 23 Nov 2019 11:10:26 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:57524) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iYXzN-0001j3-4o for bug-gnuzilla@gnu.org; Sat, 23 Nov 2019 11:10:26 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iYXzM-00065y-3X for bug-gnuzilla@gnu.org; Sat, 23 Nov 2019 11:10:25 -0500 Received: from minsky.hcoop.net ([104.248.1.95]:57974) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1iYXzL-00065f-W4 for bug-gnuzilla@gnu.org; Sat, 23 Nov 2019 11:10:24 -0500 Received: from marsh.hcoop.net ([45.55.52.66]) by minsky.hcoop.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1iYXzK-0001ma-SV; Sat, 23 Nov 2019 11:10:22 -0500 Date: Sat, 23 Nov 2019 11:10:22 -0500 (EST) From: Jack Hill X-X-Sender: jackhill@marsh.hcoop.net To: Chris Marusich Subject: Re: webauthn support? In-Reply-To: <87sgmfyv95.fsf@gmail.com> Message-ID: References: <87h83k4ha2.fsf@gmail.com> <87a78vpwah.fsf@gmail.com> <87sgmfyv95.fsf@gmail.com> User-Agent: Alpine 2.20 (DEB 67 2015-01-07) MIME-Version: 1.0 Content-Type: multipart/mixed; BOUNDARY="925712948-104048584-1574525422=:11560" X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 104.248.1.95 X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit Cc: Mark H Weaver , bug-gnuzilla@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --925712948-104048584-1574525422=:11560 Content-Type: text/plain; format=flowed; charset=UTF-8 Content-Transfer-Encoding: 8BIT On Fri, 22 Nov 2019, Chris Marusich wrote: > Chris Marusich writes: > I have successfully built IceCat using the Guix preview source (guix > build -S icecat) on a foreign GNU/Linux distro. Things I noticed: > > - When IceCat 68 is built from source on this foreign distro (without > using any software from Guix to do the build), the built IceCat 68 > works. The "Unknown U2F Error" does not occur. This means that the > system is configured correctly to allow me to use my security token, > and IceCat is built correctly to use it. > > - However, on the same foreign distro, when I install IceCat 68 from > Guix, it doesn't work. I get an "Unknown U2F Error". > > - Reminder: Firefox also works on this foreign distro. The "Unknown U2F > Error" does not occur. Great work. What dependencies did you have to provide on the non-Guix system? […] > If anyone has any advice about how to determine what code is actually > emitting the "Unknown U2F Error", that would really help me narrow down > the possibilities quite a bit. I don't know if this will be helpful, but as I understand webauthn, browsers provide a new JavaScript API for interacting with security tokens. I suspect that the error is being generated some code the browser calls a JavaScript program it has loaded calls that API. The text may not be in the IceCat source, but presented by the JavaScript program in response to and error in its API call. I was thinking, but haven't had the time, to set up my own webauthn-using app, so I can control the JavaScript. That's my best guess at least, but it could be wrong, so don't let me lead you astray :) Best, Jack --925712948-104048584-1574525422=:11560-- From debbugs-submit-bounces@debbugs.gnu.org Mon Dec 02 00:46:58 2019 Received: (at 38341) by debbugs.gnu.org; 2 Dec 2019 05:46:58 +0000 Received: from localhost ([127.0.0.1]:36974 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ibeXy-0004vx-8i for submit@debbugs.gnu.org; Mon, 02 Dec 2019 00:46:58 -0500 Received: from mail-pg1-f169.google.com ([209.85.215.169]:40942) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ibeXw-0004vh-0u for 38341@debbugs.gnu.org; Mon, 02 Dec 2019 00:46:56 -0500 Received: by mail-pg1-f169.google.com with SMTP id k25so1954658pgt.7 for <38341@debbugs.gnu.org>; Sun, 01 Dec 2019 21:46:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=jDZH1+Vt2/5IMpaVbXfjz99BmTEL33+cyTDHWX1v55E=; b=iOlwVT3k5iqQNxL3hNjq+kWRoOG4d1SJ+g2b3Tij5UlKsSBX/oPCtURZR9IizSm6aJ Yy6psN7LeY2f+s2MdOXWVoqpoT2Ht8ROh2Q3cfYLVmsQPlPIY7x7KRpy7z00IFf34KAZ yn9D/WlaNAwxWHc6o97Z13XvfawyOQkPlIoJem3pHsy9LS9jW/s4o92EcZC3WHWwrQkH g6joeDblKbI07PubCg7tFO+L1ncOChlX7aXrlajWEbYSipTmYAtJoZOa4PLRPiWUwHJ2 0vL2hoS7rQyWf6uzEaHL/vGm2JXm0VcjKYQ3nVqGg1cxeUSjT8jmSbSUX9R7fiuWJ0hh k5SA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=jDZH1+Vt2/5IMpaVbXfjz99BmTEL33+cyTDHWX1v55E=; b=o9Jvxmv7CRAxhgoI5JPI4hww1/QJHHWVWA1cJJHqfNepIMtYD9PtdAYa/Rmb6TodTP XXpP1gX0wHjWBlGzLFMdXYLkHbJC+IM67pcoRN+LxwNJNd/Eu+RgAVmuX7oeIvCHqTaZ Exz24v38aCsJQ2T/jHoKNCvnMVuJjOQLQg/3GBmsWqroi2eiaBQZnVHTopSJPmcojbtA XdVk+yJuJcIlAJVtaQAIkgO1DU1Zy1XZtpcWJTaS6tqauZ497kRcLAT9edf7lGVbA4Uh 4mYAoGywWSM1dYWWAjpTpPt0WNO+xCDP/Ms897v7AJn/7QhpQ3uEzlIQ9kn5Y6c0BPQ4 J1zw== X-Gm-Message-State: APjAAAVyRaL9T+ESJVu/M6+u9A5Qv6ytYRnrYL5rDsTmdgOmMoaSsF7D cZQkZczsn5V337E8WaVbWhpRw+jq X-Google-Smtp-Source: APXvYqwGWdUm3iXdmSorXe/3evtinHkDySTE4ta6+m7VZZE03tqWgXM0uPmyAJsSNl98GY9QKUzO1A== X-Received: by 2002:a62:e709:: with SMTP id s9mr67275495pfh.190.1575265609709; Sun, 01 Dec 2019 21:46:49 -0800 (PST) Received: from garuda.local ([2601:601:9d80:25b2::f11]) by smtp.gmail.com with ESMTPSA id c68sm15567786pfc.156.2019.12.01.21.46.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 01 Dec 2019 21:46:48 -0800 (PST) From: Chris Marusich To: 38341@debbugs.gnu.org Subject: Re: webauthn support? References: <87h83k4ha2.fsf@gmail.com> <87a78vpwah.fsf@gmail.com> <87sgmfyv95.fsf@gmail.com> Date: Sun, 01 Dec 2019 21:46:43 -0800 In-Reply-To: (Jack Hill's message of "Sat, 23 Nov 2019 11:10:22 -0500 (EST)") Message-ID: <87fti3cm9o.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 38341 Cc: Mark H Weaver , Jack Hill X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi Jack and Mark, It seems I unintentionally created this new bug report in Debbugs (38341) by emailing bug-gnuzilla@gnu.org. Sorry about that; I'll try not to do that again going forward. Since the bug report was created in the middle of our discussion, I'll reproduce some of the original discussion so the context is clear. The original report was from Jack Hill: https://lists.gnu.org/archive/html/bug-gnuzilla/2019-10/msg00013.html Jack Hill writes: > Hi IceCat folks, > > What's the status of webauthn support? When using firefox esr 68 on > Debian or ungoogled-chromium on GNU Guix, sites that use webauthn seem > to work: the led color changes on my usb token, I press the button, > and the webauthn exchange happens. However using icecat > 68.2.0-guix0-preview1 (thanks Mark!), the led on my token never > changes color and sites either report that step to have failed or say > it is not supported by my browser. I replied describing a similar problem: https://lists.gnu.org/archive/html/bug-gnuzilla/2019-11/msg00029.html Chris Marusich writes: > To reiterate, the specific problem I see is this. I go to a website > that uses two-factor authentication. I know it works - with my specific > YubiKey token - because the website works fine in Firefox on other > systems. But in IceCat 68, when I try to log in, I get a pop-up (modal? > not sure what the proper term is) with this error: > > "Unknown U2F Error" > > I'm typing that from memory, so it might actually be "Unknown U2F > Exception"; I'm not 100% sure. But it's definitely a little window that > appears, which says something along those lines, with no additional > information. Is this the same problem you see, Jack? > > I have double checked a lot of things. For example, I double checked > the following on my Guix system: > > - The udev rules from libu2f-host are installed. > > - My YubiKey token is usable via other mechanisms: > > - I can load the SSH key stored within it via "ssh-add -s", using > the OpenSC PKCS11 library, and I can SSH into machines using it. > > - I can access the YubiKey via tools such as "ykinfo" and > "yubico-piv-tool". > > - In about:config, security.webauth.u2f is set to true. > > The big issue for me is that I have no idea how to investigate further. > I really wish I could figure out how to extract more information from > IceCat, so I could figure out precisely where the problem is occurring, > and follow the trail of bread crumbs from there. I have even tried > grepping the IceCat source (from "guix build -S icecat") for the string > "Unknown U2F Error", but it yields no results. If anyone here can > provide advice on how to collect more information about what direction > the problem is coming from, I'd really appreciate it. > > Since I can't find references to that error message in the IceCat 68 > source, I'm thinking the error probably comes from something else. > Maybe a dependency that IceCat is calling out to, or perhaps even a > JavaScript library. Judging by the URLs IceCat loads, I think it might > be using some version of the following file to do the U2F logic (IceCat > loaded a file named "fidou2f.js", which is why I think this): > > https://github.com/rcdevs/openotp_authentication_owncloud/blob/master/js/= fidou2f.js > > Any tips to debug this would be welcome, even if it's just a link to > some tutorial on how to debug JavaScript that you find useful. I'm a > total newbie when it comes to debugging JavaScript in IceCat (Firefox). > I'm not even sure the error is coming from this JavaScript, anyway. > Tips on how to debugging the non-JS portions of my problem seem more > helpful at this point in time, honestly, but any tips would be great. > > Finally, I have a non-Guix GNU/Linux machine with Firefox, on which this > problem does not occur, and I am able to log in correctly using my token > (in Firefox). I will try building IceCat 68 from source manually on > that distribution. So, that is the context for the current bug report. Jack Hill writes: > What dependencies did you have to provide on the non-Guix system? I build IceCat on Ubuntu 19. I basically did this: Build the source: guix pull --commit=3Dc07bc1d2ca1029b89c807cc6e62e4c099aebedbd guix build -S icecat This produces the following file: /gnu/store/zw9rrbash7d484f2jnash79fbidxw07n-icecat-68.2.0-guix0-preview3.= tar.xz That file's SHA512 hash is: 4cb509f59d2141e1311c054ed7df200597a068dbd868ed043053f4dce6429f199a4aa56a9= 9917e57bfa60ab9f1bd5d1b0af26bdf283a4d65532cc285e9d5e83f Install the following packages using apt (e.g., "apt install cargo"): autoconf2.13 build-essential cargo clang curl libdbus-glib-1-2 libgtk-2-0 libgtk2.0-dev libpango1.0-0 libpango1.0-dev libpulse-dev nasm nodejs rustc yasm Using the apt-provided cargo, install cbindgen: cargo install cbindgen Extract the zw9rrbash7d484f2jnash79fbidxw07n-icecat-68.2.0-guix0-preview3.tar.xz file somewhere. Then build IceCat by running commands similar to this: mkdir objdir cd objdir srcdir=3D../icecat-68.2.0-guix0-preview3 $srcdir/configure --with-l10n-base=3D$srcdir/l10n make Hopefully, this works for you. It took me a couple days of on-and-off trial and error to get everything right. In particular, it seems you need to use the apt-provided cargo to install cbindgen. I tried installing cargo, rustc, and cbindgen using apt, but the build will failed because cbindgen was too old. I also tried installing cargo and rustc via rustup, and then I used the rustup-provided cargo to install cbindgen, but the build failed for mysterious reasons while attempting to compile xpcom_macros. When I tried installing cargo and rustc via apt, and then used the apt-provided cargo to install cbindgen, the build succeeded. My guess is that rustup gave me a rust that was too recent, so it broke the build. Various other problems occurred before I successfully built IceCat. Mostly they seemed to be missing dependencies, or dependencies using the wrong version. For example, in addition to the rust confusion in the previous paragraph, the IceCat build system expects to use autoconf2.13 specifically. I originally tried using Ubuntu's default autoconf package, but it failed. You'll probably need to repeat the "configure" and "make" invocations a few times to flush out such errors. Based on my notes, it seems I invoked "configure" at least 18 times, and "make" at least 5 times. Hopefully if you install the dependencies like I suggest above, you won't have to go through quite so many iterations. Of course, if you use Guix, you won't have to go through that pain! :-) >> If anyone has any advice about how to determine what code is >> actually emitting the "Unknown U2F Error", that would really help me >> narrow down the possibilities quite a bit. > > I don't know if this will be helpful, but as I understand webauthn, > browsers provide a new JavaScript API for interacting with security > tokens. I suspect that the error is being generated some code the > browser calls a JavaScript program it has loaded calls that API. The > text may not be in the IceCat source, but presented by the JavaScript > program in response to and error in its API call. I was thinking, but > haven't had the time, to set up my own webauthn-using app, so I can > control the JavaScript. Jack, does your error come with a specific message of any kind? Does it occur when using the Guix-built IceCat preview? Does it occur when you build it manually on a non-Guix GNU/Linux system, following a procedure like the one I describe above? =2D-=20 Chris --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAl3kpUMACgkQ3UCaFdgi Rp1rRQ//XV6pm4v2Es42LNguI7OlwgeahGA5jVR2uFCMIrX2qdp7rePkmpEavNkF odhO6NEjUfajYWGCa5gkjb5RpxPAzD+EBabae5cfKhMUb73xEYZ0Ljp/MIZRrEjQ iOmLSI3l7VWwH4vv5oqupdTs40nhXy1AmPiasektnB1unEFWl0Mq9vu7Lhhl5yBQ f3KsO3dpoXz4GNQ7stPk3APVXU7meMoC0ISe/5vy3K+zUQbaL1+NmpWFFEBagTQG e+GME3gJ85D+H+f5L8GwmLSBS7PNvvr+s+pXzbeeKrxsj1T0Yu57hHtp9MbQEHex 2agEWRNCLeO43rPCFkIC/0Jsy8z/6/risKVPZYb8a50OX0tOTQC4TWb1oOvXMFZL Te/QJefG/oZZQngFCXSPfJXXqsATwqBrwZKF9hnkWmABaAN8e6XFwfPaSajSvN9Y ozcuzbczBG3Co+J4E1uafPW1zaRhKMezDItiuTYC2atDcxJNYsQzpNd50xVz2NbC 0Li+c1JcfTj58y+4+Kj1MHmnWNm/chcQMAZW44IvA49uYvapf9eqEz6rdAucS20V LAaFZSQwB20p9XeXHCZ2rVlph/+Z6yDOQ7S6B3d0hE0rX2APfgYu1Dzq4N4cGEes kK28vUGgJEqKG8tlEd5y4675TQEztWM+FmcXPAMIosl+99uY2Wk= =hdKR -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Mon Dec 02 17:11:37 2019 Received: (at 38341) by debbugs.gnu.org; 2 Dec 2019 22:11:37 +0000 Received: from localhost ([127.0.0.1]:39073 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ibtur-0002MG-7a for submit@debbugs.gnu.org; Mon, 02 Dec 2019 17:11:37 -0500 Received: from minsky.hcoop.net ([104.248.1.95]:44946) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ibtup-0002M1-OA for 38341@debbugs.gnu.org; Mon, 02 Dec 2019 17:11:36 -0500 Received: from marsh.hcoop.net ([45.55.52.66]) by minsky.hcoop.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1ibtuk-0007Qm-1E; Mon, 02 Dec 2019 17:11:30 -0500 Date: Mon, 2 Dec 2019 17:11:29 -0500 (EST) From: Jack Hill X-X-Sender: jackhill@marsh.hcoop.net To: Chris Marusich Subject: Re: webauthn support? In-Reply-To: <87fti3cm9o.fsf@gmail.com> Message-ID: References: <87h83k4ha2.fsf@gmail.com> <87a78vpwah.fsf@gmail.com> <87sgmfyv95.fsf@gmail.com> <87fti3cm9o.fsf@gmail.com> User-Agent: Alpine 2.20 (DEB 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 38341 Cc: Mark H Weaver , 38341@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) On Sun, 1 Dec 2019, Chris Marusich wrote: >> I'm typing that from memory, so it might actually be "Unknown U2F >> Exception"; I'm not 100% sure. But it's definitely a little window that >> appears, which says something along those lines, with no additional >> information. Is this the same problem you see, Jack? Yes, this is a similar to what I see. On one site, I see this message: "Security key authentication failed." On another site, I don't get an error message, but can't make it past the "Security device authentication page". The hardware token I'm using is a solokey, which as an LED that changes color when the computer has asked it to do something and I need to press the button. When webauthn doesn't work the LED color never changes. > Jack, does your error come with a specific message of any kind? Does it > occur when using the Guix-built IceCat preview? Does it occur when you > build it manually on a non-Guix GNU/Linux system, following a procedure > like the one I describe above? The error occurs using the Guix-built Icecat preview. I have tried building the preview by hand on Fedora 31, but have not gotten it to successfully build yet. One error seems to be: """ Some errors have detailed explanations: E0119, E0204. For more information about an error, try `rustc --explain E0119`. error: could not compile `style`. """ I tried to follow your build instructions with rust and cargo from the (in this case) Fedora repositories, and cbindgen form `cargo install`. Perhaps the Fedora rust is too new? """ $ rustc --version rustc 1.39.0 """ Some musings: I didn't see any u2f-related dependencies to satisfy before starting the build (I wondered if the Guix package was missing an input). The C++ compiler being used was clang++. I think g++ is being used on Guix. Best, Jack