The app crashes with attached traceback, when a Nitrokey in bootloader mode is entcountered.

Warning: Ignoring XDG_SESSION_TYPE=wayland on Gnome. Use QT_QPA_PLATFORM=wayland to run on Wayland anyway.
Traceback (most recent call last):
  File "/usr/lib64/python3.9/runpy.py", line 197, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "/usr/lib64/python3.9/runpy.py", line 87, in _run_code
    exec(code, run_globals)
  File "/home/user/Projects/nitrokey-app2/nitrokeyapp/__main__.py", line 25, in <module>
    main()
  File "/home/user/Projects/nitrokey-app2/nitrokeyapp/__main__.py", line 21, in main
    GUI(app)
  File "/home/user/Projects/nitrokey-app2/venv/lib64/python3.9/site-packages/nitrokeyapp/gui.py", line 199, in __init__
    self.init_gui()
  File "/home/user/Projects/nitrokey-app2/venv/lib64/python3.9/site-packages/nitrokeyapp/gui.py", line 301, in init_gui
    self.detect_nk3()
  File "/home/user/Projects/nitrokey-app2/venv/lib64/python3.9/site-packages/nitrokeyapp/gui.py", line 240, in detect_nk3
    Nk3Button(
  File "/home/user/Projects/nitrokey-app2/venv/lib64/python3.9/site-packages/nitrokeyapp/nk3_button.py", line 42, in __init__
    self.version = self.device.version()
AttributeError: 'Nitrokey3BootloaderNrf52' object has no attribute 'version'
Exception ignored in: <function Nk3Button.__del__ at 0x7f47c236e1f0>
Traceback (most recent call last):
  File "/home/user/Projects/nitrokey-app2/venv/lib64/python3.9/site-packages/nitrokeyapp/nk3_button.py", line 130, in __del__
    self.tabs.hide()
RuntimeError: wrapped C/C++ object of type Nk3Button has been deleted

Qt5 are EOL (https://en.wikipedia.org/wiki/Qt_version_history)
Only Qt6 are supported without any commercial licence.

Fails to update firmware, app message:

Exception ignored in: <generator object Updater._get_bootloader at 0x7f7a569b29e0>
Traceback (most recent call last):
  File "/home/martin/projects/nitrokey-app2/venv/lib/python3.11/site-packages/nitrokeyapp/pynitrokey_for_gui.py", line 223, in nk3_update
    info_frame.set_text("Failed to update Nitrokey 3.")
RuntimeError: generator ignored GeneratorExit

Right after touching the nitrokey to start the update, it reconnects to the computer with a different idProduct.

[ 5238.198952] usb 1-6: new full-speed USB device number 15 using xhci_hcd
[ 5238.368019] usb 1-6: New USB device found, idVendor=20a0, idProduct=42b2, bcdDevice= 1.02
[ 5238.368025] usb 1-6: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 5238.368028] usb 1-6: Product: Nitrokey 3
[ 5238.368030] usb 1-6: Manufacturer: Nitrokey
[ 5238.505140] hid-generic 0003:20A0:42B2.000E: hiddev100,hidraw9: USB HID v1.11 Device [Nitrokey Nitrokey 3] on usb-0000:05:00.1-6/input1
[ 5238.508052] cdc_acm 1-6:1.2: ttyACM0: USB ACM device
[ 5358.775169] usb 1-6: USB disconnect, device number 15
[ 5359.037111] usb 1-6: new high-speed USB device number 16 using xhci_hcd
[ 5359.178500] usb 1-6: New USB device found, idVendor=20a0, idProduct=42dd, bcdDevice= 3.00
[ 5359.178507] usb 1-6: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 5359.178510] usb 1-6: Product: USB COMPOSITE DEVICE
[ 5359.178511] usb 1-6: Manufacturer: NXP SEMICONDUCTOR INC.
[ 5359.264147] hid-generic 0003:20A0:42DD.000F: hiddev100,hidraw10: USB HID v1.00 Device [NXP SEMICONDUCTOR INC. USB COMPOSITE DEVICE] on usb-0000:05:00.1-6/input0

note USB disconnect, device number 15 , which signals I allowed the Nitrokey to update.

After physically reconnecting the nitrokey, nitropy nk3 test runs successfully, so I presume the nitrokey isn't dead :)

• App not usable on small displays

• Usecases/Devices: Pinephone, Librem 5

• Potential Solutions:

  • reduce minimum app window size
  • make parts collapsible

• MacOS X
• the update starts but never reports done

Automatically copy the generated OTP to the clipboard or provide a button for it, probably using QClipboard.

Depends on:

• #87

(using the single binary linux version)

This is likely a rare case for the end-user, but a busy ctap channel can easily occur during development. The actual issue to solve here is to move the communication with the device into a separate thread to ensure that any errors during communication does not crash the entire app.

example output (directly after starting):

Traceback (most recent call last):
  File "nitrokeyapp/__main__.py", line 20, in <module>
  File "nitrokeyapp/__main__.py", line 16, in main
  File "nitrokeyapp/gui.py", line 149, in __init__
  File "nitrokeyapp/gui.py", line 290, in init_gui
  File "nitrokeyapp/gui.py", line 202, in detect_nk3
  File "pynitrokey/nk3/__init__.py", line 25, in list
  File "pynitrokey/nk3/device.py", line 146, in list
  File "pynitrokey/nk3/device.py", line 73, in __init__
  File "pynitrokey/nk3/admin_app.py", line 71, in status
  File "pynitrokey/nk3/admin_app.py", line 58, in _call
  File "pynitrokey/nk3/device.py", line 133, in _call
  File "fido2/hid/__init__.py", line 216, in call
fido2.ctap.CtapError: CTAP error: 0x06 - CHANNEL_BUSY
[1924370] Failed to execute script '__main__' due to unhandled exception!

When adding the credential, query the PIN and list all credentials. If there is a credential with the same label, abort.

The current binary name nitrokeyapp is very close to the legacy Nitrokey App, nitrokey-app. We should change it to nitrokey-app2. We might also want to change the Python package name (nitrokey_app? nitrokey_app2?) for consistency.

Not sure why it is, but launching the app from the main branch gives me what's in the screenshot.

• confirm PIN when setting the PIN
• change PIN

Most of the code that is currently in Nk3Button should be either be decentralized and moved to other components that update themselves, e. g. the overview tab, or centralized in Gui.

(linux single binary)

Currently the devices are discriminated by their UUID, if this changes due to an update, nitrokey-app2 will show two devices: one with the old UUID, one with the new UUID

As far as I see, pynitrokey/ui still contains some unused files. These should be moved to pynitrokey/bak or deleted.

When closing the application it restarts instead (but the Nitrokey can't be found this 2nd time). Closing it a second time does close it successfully.

When running on a fully updated Fedora 37 Workstation (Wayland)

$ ./nitrokey-app-v2.0.1-x64-linux-binary
./nitrokey-app-v2.0.1-x64-linux-binary: error while loading shared libraries: libz.so.1: failed to map segment from shared object

I see no applicable logs in the journal.

Here is the version of libz.so that is being used:

ls -l /usr/lib64/libz.so.1
lrwxrwxrwx. 1 root root 14 Aug 31  2022 /usr/lib64/libz.so.1 -> libz.so.1.2.12

• KDE Plasma
• dark mode displays white text on white background

./nitrokey-app-v2.0.1-x64-linux-binary vnc
qt.qpa.plugin: Could not load the Qt platform plugin "xcb" in "" even though it was found.
This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem.

Available platform plugins are: eglfs, linuxfb, minimal, minimalegl, offscreen, vnc, wayland-egl, wayland, wayland-xcomposite-egl, wayland-xcomposite-glx, webgl, xcb.

Aborted

There are those of us who don't use wayland because its a trash heap. And in some cases, people even use xenocara, a better version of xorg that has better design.

I don't know if that is why or not, but yeah, just thought I would toss that out there.

I don't know what the specific problem is.

The builds from pyinstaller break during start with the following error.

Traceback (most recent call last):
  File "nitrokeyapp/__main__.py", line 35, in <module>
    main()
  File "nitrokeyapp/__main__.py", line 28, in main
    log_environment()
  File "nitrokeyapp/logger.py", line 46, in log_environment
    logger.info(f"{x} version: {package_version(x)}")
  File "importlib/metadata.py", line 569, in version
  File "importlib/metadata.py", line 542, in distribution
  File "importlib/metadata.py", line 196, in from_name
importlib.metadata.PackageNotFoundError: nitrokeyapp
[638397] Failed to execute script '__main__' due to unhandled exception!

The logger tries to print the package version of *nitrokeyapp`. The metadata of this package is not included in the builds.

During the build process the Makefile should automatically convert all *.ui files to *.py files

It is basically the same as the linux howto but requires the make build-ui step before running the program, perhaps right after make init.

Tested on MacOS Ventura 13.3.1

• Avoid focus changes between the info frame at the bottom and popup dialogs.
• Include extra information from pynitrokey
• Indicate overall progress (e. g. step x of y)

If the update process is aborted and you then remove Nitrokey 3, the button and detail view will not be removed.

For easier maintenance, we should move the tabs from the main window into separate UI files.

"please Touch the Nitrokey 3 until"

capitalization should be fixed

lupe@XXXX:/sw/archive/Nitrokey$ ./nitrokey-app-v2.0.1-x64-linux-binary
kde-open5: /tmp/_MEIvnI6L7/libstdc++.so.6: version `GLIBCXX_3.4.29' not found (required by /lib/x86_64-linux-gnu/libKF5KIOCore.so.5)
kde-open5: /tmp/_MEIvnI6L7/libstdc++.so.6: version `GLIBCXX_3.4.29' not found (required by /lib/x86_64-linux-gnu/libKF5CoreAddons.so.5)
kde-open5: /tmp/_MEIvnI6L7/libstdc++.so.6: version `GLIBCXX_3.4.29' not found (required by /lib/x86_64-linux-gnu/libKF5Service.so.5)
kde-open5: /tmp/_MEIvnI6L7/libstdc++.so.6: version `GLIBCXX_3.4.29' not found (required by /lib/x86_64-linux-gnu/libKF5ConfigWidgets.so.5)
kde-open5: /tmp/_MEIvnI6L7/libstdc++.so.6: version `GLIBCXX_3.4.29' not found (required by /lib/x86_64-linux-gnu/libKF5WindowSystem.so.5)
kde-open5: /tmp/_MEIvnI6L7/libstdc++.so.6: version `GLIBCXX_3.4.29' not found (required by /lib/x86_64-linux-gnu/libKF5ConfigCore.so.5)
kde-open5: /tmp/_MEIvnI6L7/libstdc++.so.6: version `GLIBCXX_3.4.29' not found (required by /lib/x86_64-linux-gnu/libQt5Xml.so.5)

The strange thing is that the error is triggered by a version of libstdc++.so in a somewhat randomly named subdirectory of /tmp. This something that point to malware behavior. Please explain. BTW, please note that the files I'm attaching are from a later run of the Nitrokey App, so the name of the subdirectory differs.

The message above are triggered by clicking the (?) symbol in the App's window. OS is Ubuntu 22.10 (Kinetic Kudu) with up to date patches.

I'm attaching the nitrokey-app2.log and an strace of the run producing the error messages. Since this made me aware that I had forgotten to secure /tmp, I did that. Which prevents the error from occurring:

lupe@alanya:/sw/archive/Nitrokey$ ./nitrokey-app-v2.0.1-x64-linux-binary
./nitrokey-app-v2.0.1-x64-linux-binary: error while loading shared libraries: libz.so.1: failed to map segment from shared object

I'm attaching an strace log for this as well.

Let me repeat that putting executable code in /tmp or /var/tmp and running it from there is a deplorable practice. Please rewrite your code to avoid this.

I have not yet analyzed the straces, so I do not yet know how your code wants to work. I'm glad it pointed me at the lack of security on my /tmp and /var/tmp. Thank you for that!

Reproducer 1:

$ make update-venv
$ ./venv/bin/nitrokeyapp 
Traceback (most recent call last):
  File "/home/robin/reps/nitrokey-app2/./venv/bin/nitrokeyapp", line 5, in <module>
    from nitrokeyapp import main
ImportError: cannot import name 'main' from 'nitrokeyapp' (/home/robin/reps/nitrokey-app2/venv/lib/python3.9/site-packages/nitrokeyapp/__init__.py)

Reproducer 2:

$ pipx install git+https://github.com/Nitrokey/nitrokey-app2
$ nitrokeyapp 
Traceback (most recent call last):
  File "/home/robin/.local/bin/nitrokeyapp", line 5, in <module>
    from nitrokeyapp import main
ImportError: cannot import name 'main' from 'nitrokeyapp' (/home/robin/.local/pipx/venvs/nitrokeyapp/lib/python3.9/site-packages/nitrokeyapp/__init__.py)

For certain monitors the Nitrokey 3 button text is cut off.

OS: Ubuntu

To avoid conflicts between operations, we should disable the main window while an operation is running (GUI.set_busy).

The corresponding Nitrokey button does not disappear when it is removed after the update is cancelled. The update variable must be set to false if the update is cancelled.

nitrokey-app kills itself while updating firmware under a wayland compositor (kwin in my case), after the window becoming unresponsive for a wile.

Running with QT_QPA_PLATFORM=xcb ./venv/bin/nitrokeyapp makes it behave more sanely.

Visually indicate the offending fields in AddSecretDialog.

Devices with firmware version 1.0.0 do not report a UUID. We should detect this and show an error message recommending a firmware upgrade with pynitrokey.

• check if layout and spacing is correct
• improve timeout UI

Fix the style for the current and selected tabs of the main tab widget.

Installation according to the instructions on MacOS X 12.6.3 Monterey does not work. Is this a known issue or expected?

I get the following error message:

(venv) xxxx@xxxx nitrokey-app2 % nitrokeyapp
Traceback (most recent call last):
File "/Users/xxxx/src/nitrokey-app2/venv/bin/nitrokeyapp", line 5, in
from nitrokeyapp.main import main
File "/Users/xxxx/src/nitrokey-app2/venv/lib/python3.9/site-packages/nitrokeyapp/main.py", line 5, in
import nitrokeyapp.ui.resources_rc # noqa: F401
ModuleNotFoundError: No module named 'nitrokeyapp.ui.resources_rc'

% nitropy version
Command line tool to interact with Nitrokey devices 0.4.35
0.4.35

% python --version
Python 3.9.6

% uname -a
Darwin xxxx 21.6.0 Darwin Kernel Version 21.6.0: Mon Dec 19 20:44:01 PST 2022; root:xnu-8020.240.18~2/RELEASE_X86_64 x86_64

Hello!

Please consider Flatpak support for your new Nitro App 2. I think this would be the most accessible way for Linux users to enjoy your software. Flatpak has become the de-facto standard across all Linux distros. I think it'd be really great and I would totally use your app on FlatHub.

Once I start the app, whether from sources or from the binary I get:

Auto configuration failed
139728798517056:error:25FFF06C:DSO support routines:CRYPTO_internal:functionality not supported:dso/dso_lib.c:226:
139728798517056:error:0EFFF06E:configuration file routines:CRYPTO_internal:error loading dso:conf/conf_mod.c:273:module=providers, path=providers
139728798517056:error:0EFFF071:configuration file routines:CRYPTO_internal:unknown module name:conf/conf_mod.c:214:module=providers

Smells like some symbols aren't the ones expected?

The pop-up windows appear in the center of the screen not in the application.

This is what the app looks like:

If the app respects the text color settings, it should also respect the background color settings.

Currently the .py files are not part of the repository and must be generated after checkout using make build-ui, this approach was chosen to avoid checking in generated files.

This approach introduces the drawback that an additional step is needed to run the app. Best case we find a way to use the .ui files directly within python so no additional (make) step is needed ...

• There should be a way to determine the log location for the current run.
• Unhandled exceptions should be caught and shown to the user.
• There should be a helper dialog for submitting a log file if an exception occurred (or triggered manually).

• list OTP credentials
• create and delete OTP credentials
• generate OTP for credential