How to use nitrokey-app in Ubuntu w/ Gnome>3.26


#1

Hello,

I run Ubuntu 18.04 with Gnome 3.28. The official ubuntu repositories have nitrokey-app version 1.2.1-1 which is unusable in Gnome>3.26 since it does not support the tray. So basically, the app in the official ppa is broken (why do they include it in the first place?).

The download page suggests using the nitrokey-team ppa to get the newest version of the app. However, this ppa does not have a release file for bionic. So it can’t be used. This is what you get, even when using apt update --allow-unauthenticated --allow-insecure-repositories:

W: The repository 'http://ppa.launchpad.net/nitrokey-team/ppa/ubuntu bionic Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
E: Failed to fetch http://ppa.launchpad.net/nitrokey-team/ppa/ubuntu/dists/bionic/main/binary-amd64/Packages  404  Not Found [IP: 91.189.95.83 80]

So it seems the nitrokey-team ppa is also broken.

Diggin’ through the forums and the readme on the Github page, I found that there also is an AppImage release, which should be used. The AppImage itself runs fine, just remember to run chmod +x and to execute the file directly.

Still it would be nice to have this information on the Download page, or even offer the AppImage directly on the download page. It did take me some time getting this to run.

Are there any plans to fix the nitrokey-team ppa, so that the app can be installed with apt?

regards


#2

FWIW, nothing works anymore here since I upgraded my distribution from 16.04 to 18 Mate. I’m still searching why, but as I have many other problems I search slowly…
[edit] More exactly : two successibe bubble-announces that the NK storage is now connected, NK app opens twice, once with the ‘unlock’ buttons grayed and once with them active; while I’m typing say encrypted pass there is another bubble annoucing the key is unmounted, and then I get a message saying that mounting was impossible, error -1
The read-only default small volume appears twice on the desktop, and nothing else.
I’m using the appimage, while there may remain residues of the old app or dependences from the repository.


#3

Hi tzkn,

Activating this Gnome extension may work. This is what Ubuntu is using to make icons working for the standard (Gnome based) Desktop. This is btw probably the reason, why it is totally fine for them to include 1.2.1 - it is only not working out-of-the-box on vanilla Gnome :wink:

You are right, thanks for pointing out.
@szszszsz Could you please try to work this out, as soon you have some time (let me know if I can help you).

Kind regards
Alex


#4

Hi!

That might be caused by either autostart or due to a save-session WM feature. Please run killall nitrokey-app in the terminal and run the App again. Please let me know, if that has helped you. Snap image should be the latest version.

That is correct - there is no package for bionic yet, sorry for delay. I hope to have it next week, once I will deal with current blocking tasks. Last time I have tried it, there are issues with the packaging system on launchpad, which makes it less than trivial to have it distributed through this channel. Please use temporarily an alternative - the Snap package.
@nitroalex Could you add information about lack of the package for App 1.3.x to the download page, and recommend Snap instead for the time being?


#5

Thanks szszszsz for this quick reaction!

Snap is the latest. Killall then launching the app then inserting the (storage 2) key results in

  • a bubble indication that the NK is there
  • the app window NOT activating the unlock buttons
  • the app menu actually showing the possibility to unlock
  • when clicked, menu>unlock raises the correct dialog, always with 3 tries left (for the encrypted volume); entering the pass raises the rectangular grey dialog with the rotating picture ‘unlocking…’ then
  • nothing mounts on the filesystem
  • app buttons don’t change, still light greyed and unreachable
  • app menu is updated (encrypted storage seems to be mounted)
  • in some circumstances that I cannot reliably repeat, the small read-only Nitrokey volume mounts, TWICE…

All in all no solution but at least I do get some reaction instead of nothing :slight_smile:
Hervé

[edit]

  • same behavior after creating another user
  • now an extra dialog when attempting to mount the encrypted volume tells me no filesystem is available on that volume (!)
    NK_warning_no_partition

#6

@Herve5
Thank you for the details! I hope it will be solved soon. Could you tell me, what is your Storage firmware version?

Since the issue started to show after the update to 18.04, the main culprit now is OpenSC (which is responsible for pkcs*-tool and opensc-tool commands, as well as e.g. integration of smart card through PKCS#11 interface, but not required for GnuPG). Could you disable it for test purposes? The command is:

sudo systemctl disable pcscd

After running it, please reboot and try again.

To enable it back please use (if you would need it):

sudo systemctl enable pcscd

@nitroalex Could you try to reproduce this for me? Mate 18.04, Storage device, first AppImage, later Snap package (possible remains from previous installations of the package for Ubuntu 16.04).


#7

err, I don’t know how to check this :frowning:

I do :

sudo systemctl disable pcscd
[sudo] (asks password): 
Synchronizing state of pcscd.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable pcscd
insserv: warning: current start runlevel(s) (empty) of script `pcscd' overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `pcscd' overrides LSB defaults (0 1 6).
Removed /etc/systemd/system/sockets.target.wants/pcscd.socket.

reboot

killall nitrokey-app

→ app now does show clickable buttons, and reacts properly when I click “unlock encrypted volum” BUT the volume does not appear in the filesystem. Nor the unencrypted one. Instead, two identical unmounted ‘Nitroke’’ volumes appear, and do mount (twice) if I click on them, so I get twice the small unencrypted volume -but nothing else.
Tried with a second test user, because I do believe my upgrading, from a former. Mate 16 LTS did bork various things, but the behavior stays the same…

Thanks for this impressive support!!
H.


#8

Ah, right - forgot to mention that. Firmware version is listed in the About window of the Nitrokey App. Could you write it here please?

@nitroalex Any ideas regarding doubled mounting? Could you try to reproduce that please, and find a workaround?


#9

Firmware version 0.52 -this I can reach (after a couple of tries where nothing is detected)
App version 1.3.1 , card serial 0050000


#10

Hey,

can you please check if you have the following installed (by just trying to install it):

sudo apt install libhidapi-libusb0 scdaemon pcscd libccid

I played arround with a fresh Ubuntu 18.04 install, and I missed libhidapi-libusb0 first. Probably it is easiest to install the App via apt-get first and then install the snapd, because the repo version will definitly install all dependencies.

@szszszsz Is it possible, that the snap is missing some config to ensure the existence of libhidapi?

Kind regards
Alex


#11

:thinking: this stands against my idea, that it may is libhidapi-libusb0 though. Let’s see.


#12

It seems it was installed, (“0 updated, 0 installed…”) but the command also announced an enormous list of things that seemed no more used and to be purged. Thing is so long that I rather put it on a pastebin, there
Should I clean them up the way it is recommended (sudo apt autoremove)?


#13

I can’t tell you, if it is save or not. At least, I know that this long list is not unusual after a dist-upgrade. Still, I must reject any responsibility for any autoremove :wink: it should be safe in the general case though.

Nevertheless, it probably has nothing to do with the Nitrokey issue we are talking about.

I am currently not sure, how to reproduce this…

Have running the pcscd daemon again? sudo systemctl status pcscd
Can you access the smartcard with GnuPG? gpg --card-status should give you a list of some variables.


#14

@nitroalex
I think that without the pcscd the HID communication is fine. And the only issue left is the double-mounting.
We did have such issue in the past and I hoped you know the workaround already - see Storage#58. Could you check, would it reproduce on your Mate 18 installation and Storage firmware v0.52?

I remember I have ejected both the volumes in the file manager, locked the device and unlocked it again, and it seemed to help. @Herve5 Could you try this?


#15

Okay, I misunderstood. I will try to reproduce again.

What do you mean by 18 Mate? I guessed Ubuntu 18.04. with Mate desktop, right? I am just reassuring because it sounds a bit like Mint Mate 18 which would be something else.


#16

I thought as well it is about Mint (somehow missed the spelling).


#17

Couldn’t reproduce on Ubuntu Mate 18.04


#18

Indeed, I confirm U. 18.04, upgraded (with difficulties) from 16.04. The kernel is more recent though, was 4.18.something then I just updated to the first 4.19.
In fact I am on Ubuntu because that is the way my computer came in the beginning, but would it be better if I was running Mint?
Thank you for this support!
Hervé


#19

I ran
killall nitrokey-pp
launched the appimage (version 1.3.1)
unlock encrypted volume -> after a rather long wait time, only the unencrypted small NK volume mounts, twice
I unmount them (ejecting them seems not possible)
I relock the key, unlock it again
no better…

I see on the terminal I could install version 1.3.2snap4 instead of 1.3.1 : do you think this would be better? Which version would come installed with apt-install?

[edit] I installed the 1.3.2snap (stable) : within the app window, the menus and buttons contradict themselves, in the sense the "unlock’ buttons are not activated whil the menu allows me to unlock.
The two unencrypted volumes now automount spontaneously, not waiting for me to unlock anything else (which is the normal way).
But I then get an alarming window (attached below)Nitrokey%20app%20warning
And still no encrypted volume mounting…

Thank you!
Hervé


#20

little addition to my previous post : I omitted to mention the Nitrokey continues to work perfectly on my office PC, which leads me to think the issue is definitely on my linux system, and happened here when I upgraded from Ubuntu 16 (mate) to 18…