Build test fails on opensuse 15.4: 40 - testpasskeys (Failed) about keepassxc HOT 10 CLOSED

Well, "the game is afoot" as Sherlock Holmes would say. I'll tear things apart here. Let's go ahead and close this build bug as that is fixed. This openSUSE 15.4 install needs to be wiped and moved to Tumbleweed, but I've avoided the 2 days of config tweaks and re-setup of build environments, etc.. until now.

Thanks again for the discussion and help.

from keepassxc.

You need to update your botan library. I also don't trust a repos source code delivery, so you should also build directly from our source code.

from keepassxc.

Let me try that!

(side note) Oddly, the keepassxc-cli doesn't seem impacted, but using the GUI to generate TOTP codes does.

I'll report back after botan update.

from keepassxc.

Are you by chance using Botan2? Might be a difference in signature encoding between Botan2 and Botan3.

#ifdef WITH_XC_BOTAN3
            Botan::PK_Signer signer(
                privateKey, *randomGen()->getRng(), "EMSA1(SHA-256)", Botan::Signature_Format::DerSequence);
#else
            Botan::PK_Signer signer(privateKey, *randomGen()->getRng(), "EMSA1(SHA-256)", Botan::DER_SEQUENCE);
#endif

from keepassxc.

I had botan 2.18 libraries installed (libbotan and libbotan-devel) the way openSUSE splits them up. I updated to 2.19, and the build went fine:

Wrote: /home/david/rpmbuild/SRPMS/keepassxc-2.7.8-Virt.150400.1.1.src.rpm
Wrote: /home/david/rpmbuild/RPMS/x86_64/keepassxc-2.7.8-Virt.150400.1.1.x86_64.rpm
Wrote: /home/david/rpmbuild/RPMS/noarch/keepassxc-lang-2.7.8-Virt.150400.1.1.noarch.rpm

This caught me by complete surprise. I had even opened a support request with Archlinux gitlab support because the TOTP I was getting from keepassxc 2.7.6 just stopped working a few weeks ago. I'm glad I decided to build 2.7.8 that uncovered this issue. The GUI and CLI were giving 2 different TOTPs -- I'm still not sure I have my head wrapped completely around how that can happen.

But the upgrade of the botan libraries from 2.18 to 2.19 solved this build issue.

This bug can be closed unless you would like more info which I'm happy to provide. Either way, thank you for your help!

WAIT, GUI and CLI still giving different TOTP??

Here is the bizarre part. With 2.7.6 and now with the fresh 2.7.8 with the GUI, I get the following TOTP (times the same to the second):

176393

Now from the CLI, I get a completely different TOTP, e.g.

$ keepassxc-cli show -t ~/.config/xxxxx.kdbx -k ~/.config/xxxxx.key "/Internet Sites/accounts/GitLab - Archlinux"
Enter password to unlock /home/david/.config/xxxxx.kdbx:
103475

The CLI TOTP is correct, the GUI generated one is not.

What other lib could be messing this up?

from keepassxc.

are you sure you are pulling the same entry? could also be that your CLI environment has the wrong time zone specified.

from keepassxc.

Oh yes, I'm very sure I'm pulling the same entry, same database, I've watched the countdown and tried this 10 times. This is really odd. I only have one "GitLab - Archlinux" entry in the database, so there is no chance the CLI and GUI are using different entries. Really strange. And this just started a few weeks to a month ago.

I've also tested with a backup of the database (byte-for-byte identical) same results there. I've done this stuff for more than 2 decades and this one I don't have an explanation for? What else makes sense to check?

Now I have NOT rebooted since changing libbotan -- so if that is cached/held in memory that may be it. Give me a sec.

from keepassxc.

Botan isn't involved in TOTP generation, only two ingredients to that cake: Secret Code and Time. You must have a disparity in the time of your CLI environment and the time of your desktop. Check your environment variables.

from keepassxc.

Hmmm... I couldn't think of a better test than a terminal and xclock, but time is the same:

Glad to know it's a 2-part recipe, but how could I be screwing it up? Any environment var in particular? LOCALE and zoneinfo are correct.

from keepassxc.

hmmm I am at a loss, it is the same code between GUI and CLI

from keepassxc.