Comments (3)
I pushed a commit that should fix builds on CMake < 3.16, which also should make CMake in buster compile with no changes. Will work on getting buster-backports instructions into the wiki and builds into apt.mgbowen.dev.
from windows-fido-bridge.
My suggestion is for the documentation (Wiki?) and other related things (Like the apt repository) to mention and support the possibility of installing a supported version of SSH from backports instead of upgrading the entire system to Bullseye for one piece of software.
Fully agree! Thanks for the heads up, I didn't realize OpenSSH was in buster-backports. I'll work on updating the wiki with instructions on how to use it and creating a separate distribution for buster-backports in apt.mgbowen.dev.
erisa@Tuturu:~$ sudo apt install windows-fido-bridge windows-fido-bridge-skapiv5 windows-fido-bridge-skapiv7 [...] The following packages have unmet dependencies: windows-fido-bridge-skapiv5 : Depends: openssh-client (< 1:8.4) but 1:8.4p1-2~bpo10+1 is to be installed Depends: libc6 (>= 2.30) but 2.28-10 is to be installed Depends: libgcc-s1 (>= 3.0) but it is not installable Depends: libstdc++6 (>= 9) but 8.3.0-6 is to be installed Conflicts: windows-fido-bridge-skapiv7 but 1.1.0 is to be installed windows-fido-bridge-skapiv7 : Depends: libc6 (>= 2.30) but 2.28-10 is to be installed Depends: libgcc-s1 (>= 3.0) but it is not installable Depends: libstdc++6 (>= 9) but 8.3.0-6 is to be installed Conflicts: windows-fido-bridge-skapiv5 but 1.1.0 is to be installed
That this command didn't work is expected. windows-fido-bridge-skapiv5 and windows-fido-bridge-skapiv7 conflict with each other because you can't install both at the same time. I set it up this way given you'll only ever have one (official) OpenSSH version installed via apt and a single installation of OpenSSH only supports a single sk-api version. Unfortunately, it's not possible for an OpenSSH SK middleware to support multiple sk-api versions in a single library.
My intention with the separate skapi packages was to allow for sudo apt install windows-fido-bridge
to install the correct version windows-fido-bridge-skapi package automatically, but I think because you're trying to install the bullseye debs on a buster installation, it fails due to the issues that apt printed: among other newer libraries, the windows-fido-bridge library depends on libc6 >= 2.30, but buster only has 2.28, even with the buster-backports repo set up (you can at the top right of libc6's info page that buster-backports does not provide an updated version of libc6, which makes sense given AFAIK it's somewhat of a dangerous/intrusive upgrade). Building packages targeting buster-backports should resolve the issue.
That said, if the automatic selection fails, manually specifying the correct skapi package that goes with your OpenSSH version in addition to windows-fido-bridge itself should still work. For example, on a system with OpenSSH 8.4, this should work assuming the correct dependencies are available:
sudo apt install windows-fido-bridge windows-fido-bridge-skapiv7
But ideally I'd like to fix the auto selection if it's broken.
dpkg: error processing archive /home/erisa/windows-fido-bridge/build/windows-fido-bridge-skapiv7_1.1.0_amd64.deb (--unpack): parsing file '/var/lib/dpkg/tmp.ci/control' near line 4: field name 'windows-fido-bridge' must be followed by colon
In this case, this error happens when subsequent lines in a multi-line Description field aren't indented with a single space. From my own experimentation with CMake in buster vs. CMake in bullseye, it looks like something related to how the package description variable value is parsed changed between 3.13 (the version in buster) and 3.18 (the version in bullseye). A package built with CMake in bullseye produces the following (correct) Description field:
Description: an OpenSSH security key middleware for WSL (skapi version selection shim)
windows-fido-bridge is an OpenSSH security key middleware that allows you
to use a FIDO2/U2F security key (e.g. a YubiKey) to SSH into a remote server
from WSL.
A package built with CMake in buster produces the following (incorrect) Description field:
Description: an OpenSSH security key middleware for WSL (skapi version selection shim)
windows-fido-bridge is an OpenSSH security key middleware that allows you
to use a FIDO2/U2F security key (e.g. a YubiKey) to SSH into a remote server
from WSL.
Notice how only the final line is properly indented. If you're curious, you can show the contents of the control file of a deb file using dpkg-deb -I "$deb_file_path"
.
On your buster machine, could you try applying the following patch and running make package
again?
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 1792537..b45efe2 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -119,8 +119,8 @@ set(CPACK_DEBIAN_REAL_DEB_GROUP_PACKAGE_NAME "windows-fido-bridge-skapiv${SK_API
set(CPACK_COMPONENT_REAL_DEB_GROUP_DESCRIPTION "\
an OpenSSH security key middleware for WSL (for OpenSSH sk-api v${SK_API_VERSION}) \
-\nwindows-fido-bridge is an OpenSSH security key middleware that allows you \
-\nto use a FIDO2/U2F security key (e.g. a YubiKey) to SSH into a remote server \
+\n windows-fido-bridge is an OpenSSH security key middleware that allows you \
+\n to use a FIDO2/U2F security key (e.g. a YubiKey) to SSH into a remote server \
\n from WSL.")
# Only install in a deb
@@ -173,8 +173,8 @@ set(CPACK_DEBIAN_VERSION_SELECTION_SHIM_GROUP_PACKAGE_NAME "windows-fido-bridge"
set(CPACK_COMPONENT_VERSION_SELECTION_SHIM_GROUP_DESCRIPTION "\
an OpenSSH security key middleware for WSL (skapi version selection shim) \
-\nwindows-fido-bridge is an OpenSSH security key middleware that allows you \
-\nto use a FIDO2/U2F security key (e.g. a YubiKey) to SSH into a remote server \
+\n windows-fido-bridge is an OpenSSH security key middleware that allows you \
+\n to use a FIDO2/U2F security key (e.g. a YubiKey) to SSH into a remote server \
\n from WSL.")
# Only install in a deb
I'll also look into either making the description parsing consistent between CMake versions or, in the worst case, add a conditional to modify the description strings depending on the CMake version.
I'm usually busy during the week, but I'll see if I can find time; if not, I should be able to work on these issues over the weekend.
Unfortunately I don't know enough about the project or Debian packaging to begin to work this out myself, I hope my information helps in some way.
It was helpful, the detailed bug report is greatly appreciated!
from windows-fido-bridge.
That all makes sense, thank you for the explanation!
I can confirm applying that patch fixes make package
and installing the debs on buster with ssh from backports.
I realise now that installing both sk packages wouldn't work, that's my mistake, I was experimenting with different things (Like pulling in the packages it said was missing), apparently i missed the part where it said "or".
Should be good to go with new packages targeting buster from what I can see!
I'm usually busy during the week, but I'll see if I can find time; if not, I should be able to work on these issues over the weekend.
That's alright, there isn't any real rush!
from windows-fido-bridge.
Related Issues (20)
- signing failed for ECDSA-SK: invalid format HOT 2
- Ed25519 Support HOT 5
- Create a new release HOT 2
- fatal error: span: No such file or directory HOT 4
- Cmake compile options SK_API_VERSION syntax HOT 2
- Resident Keys Support? HOT 7
- Support tunneling over remote desktop
- Windows Hello support HOT 1
- Using the bridge on Windows 11 is slow HOT 3
- FIDO fails when requests to confirm on ssh, but works fine for ssh-keygen HOT 1
- Provider "libwindowsfidobridge.so" dlopen failed: Exec format error HOT 1
- Not being prompted to enter pin to connect to a remote ssh server
- implements unsupported version 0x00070000 (supported: 0x00090000) HOT 11
- Missing dependencies on WSL based on ubuntu HOT 1
- Doesn't work anymore after upgrading WSL to 22.04 HOT 1
- [Feature Request] Support OpenSSH 9.1 HOT 1
- Strip debug data from dll
- Cannot do ssh signing HOT 1
- signing failed for ECDSA-SK - requested feature not supported HOT 1
- Failed to parse attestation object HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from windows-fido-bridge.