Kube flatpak: SASL(-4): no mechanism available: No worthy mechs found
Closed, ResolvedPublic

Description

Seems to be a flatpak only issue.

Depending on the distro, one of the following can be used to check available plugins:

pluginviewer -c
saslpluginviewer -c

In my case it yields:

[I] ⋊> ~ on master ⨯ pluginviewer -c                                                                                                                   13:44:34
Installed and properly configured SASL (client side) mechanisms are:
  SCRAM-SHA-1 GSSAPI GSS-SPNEGO DIGEST-MD5 EXTERNAL CRAM-MD5 PLAIN LOGIN ANONYMOUS
Available SASL (client side) mechanisms matching your criteria are:
  SCRAM-SHA-1 GSSAPI GSS-SPNEGO DIGEST-MD5 EXTERNAL CRAM-MD5 PLAIN LOGIN ANONYMOUS
List of client plugins follows
Plugin "scram" [loaded],        API version: 4
        SASL mechanism: SCRAM-SHA-1, best SSF: 0
        security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|MUTUAL_AUTH
        features: PROXY_AUTHENTICATION|CHANNEL_BINDING
Plugin "gssapiv2" [loaded],     API version: 4
        SASL mechanism: GSSAPI, best SSF: 56
        security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
        features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN
Plugin "gssapiv2" [loaded],     API version: 4
        SASL mechanism: GSS-SPNEGO, best SSF: 56
        security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
        features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN|SUPPORTS_HTTP
Plugin "digestmd5" [loaded],    API version: 4
        SASL mechanism: DIGEST-MD5, best SSF: 128
        security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH
        features: PROXY_AUTHENTICATION|NEED_SERVER_FQDN|SUPPORTS_HTTP
Plugin "EXTERNAL" [loaded],     API version: 4
        SASL mechanism: EXTERNAL, best SSF: 0
        security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_DICTIONARY
        features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
Plugin "crammd5" [loaded],      API version: 4
        SASL mechanism: CRAM-MD5, best SSF: 0
        security flags: NO_ANONYMOUS|NO_PLAINTEXT
        features: SERVER_FIRST
Plugin "plain" [loaded],        API version: 4
        SASL mechanism: PLAIN, best SSF: 0
        security flags: NO_ANONYMOUS|PASS_CREDENTIALS
        features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
Plugin "login" [loaded],        API version: 4
        SASL mechanism: LOGIN, best SSF: 0
        security flags: NO_ANONYMOUS|PASS_CREDENTIALS
        features: SERVER_FIRST
Plugin "anonymous" [loaded],    API version: 4
        SASL mechanism: ANONYMOUS, best SSF: 0
        security flags: NO_PLAINTEXT
        features: WANT_CLIENT_FIRST
cmollekopf moved this task from New to Confirmed on the Kube: Bugs board.Jul 31 2017, 7:47 PM

Suggestion from Dan:

The SASL plugin is likely installed to the /app prefix, so you need to set
SASL_PATH env variable to point to /app/usr/lib(64)/sasl2 first, then to the
default location and all should work.

I've added the SASL_PATH variable to the flatpak definition file, somebody will have to try whether this has any effect. Alternatively "flatpak run" takes a --env=VAR=VALUE option that could be used to override the value.

apol added a comment.Aug 2 2017, 2:25 PM

I've triggered a build with your commits in, we'll see what happens.

export SASL_PATH=/usr/lib/sasl2/ fixed the problem. I've committed the corresponding fix to the flatpak repo.

While it worked once, I can't reproduce it now =(

Proof:

Log:     {770feb9b-4ea5-44ab-a79e-1122961e1e30}.org.kde.pim.kimap2 : "Socket connected."
Log:     {770feb9b-4ea5-44ab-a79e-1122961e1e30}.org.kde.pim.kimap2 : "Starting with tls"
Log:     {770feb9b-4ea5-44ab-a79e-1122961e1e30}.org.kde.pim.kimap2 : "Capabilities updated:  (\"IMAP4rev1\", \"LITERAL+\", \"ID\", \"ENABLE\", \"ACL\", \"RIGHTS=kxten\", \"QUOTA\", \"NAMESPACE\", \"UIDPLUS\", \"NO_ATOMIC_RENAME\", \"UNSELECT\", \"CHILDREN\", \"MULTIAPPEND\", \"BINARY\", \"CATENATE\", \"CONDSTORE\", \"ESEARCH\", \"SORT\", \"SORT=MODSEQ\", \"SORT=DISPLAY\", \"SORT=UID\", \"THREAD=ORDEREDSUBJECT\", \"THREAD=REFERENCES\", \"ANNOTATEMORE\", \"ANNOTATE-EXPERIMENT-1\", \"METADATA\", \"LIST-EXTENDED\", \"LIST-STATUS\", \"LIST-MYRIGHTS\", \"WITHIN\", \"QRESYNC\", \"SCAN\", \"XLIST\", \"XMOVE\", \"MOVE\", \"SPECIAL-USE\", \"CREATE-SPECIAL-USE\", \"URLAUTH\", \"URLAUTH=BINARY\", \"X-NETSCAPE\", \"MUPDATE=mupdate://mupdate.mykolab.com/\", \"AUTH=PLAIN\", \"AUTH=LOGIN\", \"SASL-IR\", \"X-QUOTA=STORAGE\", \"X-QUOTA=MESSAGE\", \"X-QUOTA=X-ANNOTATION-STORAGE\", \"X-QUOTA=X-NUM-FOLDERS\", \"IDLE\")"
Warning: {770feb9b-4ea5-44ab-a79e-1122961e1e30}.org.kde.pim.kimap2 : "sasl_client_start failed with: -4"
Warning: {770feb9b-4ea5-44ab-a79e-1122961e1e30}.imapserverproxy    : Job failed:  "SASL(-4): no mechanism available: No worthy mechs found" KIMAP2::LoginJob
Warning: {770feb9b-4ea5-44ab-a79e-1122961e1e30}.synchronizer       : Synchronization failed:  Error:  1 Msg:  "SASL(-4): no mechanism available: No worthy mechs found"
Warning: {770feb9b-4ea5-44ab-a79e-1122961e1e30}.synchronizer       : Error during sync:  Error:  1 Msg:  "SASL(-4): no mechanism available: No worthy mechs found"
Log:     {770feb9b-4ea5-44ab-a79e-1122961e1e30}.synchronizer       : All requests processed.
Synchronization complete!
Log:     {770feb9b-4ea5-44ab-a79e-1122961e1e30}.listener           : "Dropped connection: PID: 59 ResourceAccess: 13880000" QLocalSocket(0xb49de0)
chrigi flatpak-kde-applications $Log:     {770feb9b-4ea5-44ab-a79e-1122961e1e30}.main               : Exiting:  "{770feb9b-4ea5-44ab-a79e-1122961e1e30}"

chrigi flatpak-kde-applications $echo $SASL_PATH
/app/usr/lib/sasl2;/usr/lib/sasl2
chrigi flatpak-kde-applications $export SASL_PATH=/usr/lib/sasl2/
chrigi flatpak-kde-applications $sinksh sync {770feb9b-4ea5-44ab-a79e-1122961e1e30}
Log:     sinksh.store              : Synchronizing all resource matching:  Query [""] << Id: ""
  Filter: QHash()
  Ids: ("{770feb9b-4ea5-44ab-a79e-1122961e1e30}")
  Sorting: ""
  Requested: ()
  Parent: ""
  IsLive: false
  ResourceFilter: Filter(QHash())

Log:     sinksh.store              : Synchronizing  "{770feb9b-4ea5-44ab-a79e-1122961e1e30}" Query [""] << Id: ""
  Filter: QHash()
  Ids: ()
  Sorting: ""

Log:     {770feb9b-4ea5-44ab-a79e-1122961e1e30}.main : Starting:  "{770feb9b-4ea5-44ab-a79e-1122961e1e30}" "sink.imap"
Log:     {770feb9b-4ea5-44ab-a79e-1122961e1e30}.synchronizer : All requests processed.
Log:     {770feb9b-4ea5-44ab-a79e-1122961e1e30}.synchronizer : Synchronizing:  Query ["folder"] << Id: ""
  Filter: QHash()
  Ids: ()
  Sorting: ""

Log:     {770feb9b-4ea5-44ab-a79e-1122961e1e30}.org.kde.pim.kimap2 : "Socket connected."
Log:     {770feb9b-4ea5-44ab-a79e-1122961e1e30}.org.kde.pim.kimap2 : "Starting with tls"
Log:     {770feb9b-4ea5-44ab-a79e-1122961e1e30}.org.kde.pim.kimap2 : "Capabilities updated:  (\"IMAP4rev1\", \"LITERAL+\", \"ID\", \"ENABLE\", \"ACL\", \"RIGHTS=kxten\", \"QUOTA\", \"NAMESPACE\", \"UIDPLUS\", \"NO_ATOMIC_RENAME\", \"UNSELECT\", \"CHILDREN\", \"MULTIAPPEND\", \"BINARY\", \"CATENATE\", \"CONDSTORE\", \"ESEARCH\", \"SORT\", \"SORT=MODSEQ\", \"SORT=DISPLAY\", \"SORT=UID\", \"THREAD=ORDEREDSUBJECT\", \"THREAD=REFERENCES\", \"ANNOTATEMORE\", \"ANNOTATE-EXPERIMENT-1\", \"METADATA\", \"LIST-EXTENDED\", \"LIST-STATUS\", \"LIST-MYRIGHTS\", \"WITHIN\", \"QRESYNC\", \"SCAN\", \"XLIST\", \"XMOVE\", \"MOVE\", \"SPECIAL-USE\", \"CREATE-SPECIAL-USE\", \"URLAUTH\", \"URLAUTH=BINARY\", \"X-NETSCAPE\", \"MUPDATE=mupdate://mupdate.mykolab.com/\", \"AUTH=PLAIN\", \"AUTH=LOGIN\", \"SASL-IR\", \"X-QUOTA=STORAGE\", \"X-QUOTA=MESSAGE\", \"X-QUOTA=X-ANNOTATION-STORAGE\", \"X-QUOTA=X-NUM-FOLDERS\", \"IDLE\")"
Log:     {770feb9b-4ea5-44ab-a79e-1122961e1e30}.imapserverproxy    : Found mailbox:  "INBOX" ("\\noinferiors", "\\hasnochildren") \Noselect false  sub:  true
Log:     {770feb9b-4ea5-44ab-a79e-1122961e1e30}.imapserverproxy    : Found mailbox:  "10" ("\\hasnochildren") \Noselect false  sub:  false
Log:     {770feb9b-4ea5-44ab-a79e-1122961e1e30}.imapserverproxy    : Found mailbox:  "Calendar" ("\\haschildren") \Noselect false  sub:  true

Turns out the fix only works with "--devel" for the devel runtime

chrigi flatpak-kde-applications $ls /usr/lib/sasl2/
libanonymous.so        libcrammd5.so        libdigestmd5.so        libotp.so        libplain.so        libsasldb.so        libscram.so
libanonymous.so.3      libcrammd5.so.3      libdigestmd5.so.3      libotp.so.3      libplain.so.3      libsasldb.so.3      libscram.so.3
libanonymous.so.3.0.0  libcrammd5.so.3.0.0  libdigestmd5.so.3.0.0  libotp.so.3.0.0  libplain.so.3.0.0  libsasldb.so.3.0.0  libscram.so.3.0.0
chrigi flatpak-kde-applications $pluginviewer
bash: pluginviewer: command not found
chrigi flatpak-kde-applications $~/pluginviewer -c
/home/chrigi/pluginviewer: error while loading shared libraries: libdb-5.3.so: cannot open shared object file: No such file or directory
chrigi flatpak-kde-applications $exit
exit
[I] ⋊> ~/d/flatpak-kde-applications on master ⨯ flatpak run --command=bash org.kde.kube                                                                15:21:50
bash: kde4-config: command not found
bash: /usr/share/cdargs/cdargs-bash.sh: No such file or directory
chrigi flatpak-kde-applications $ls /usr/lib/sasl2/
libanonymous.so.3      libcrammd5.so.3      libdigestmd5.so.3      libotp.so.3      libplain.so.3      libsasldb.so.3      libscram.so.3
libanonymous.so.3.0.0  libcrammd5.so.3.0.0  libdigestmd5.so.3.0.0  libotp.so.3.0.0  libplain.so.3.0.0  libsasldb.so.3.0.0  libscram.so.3.0.0

Looks like a couple of symlinks are missing.

This seems to be a bug in org.freedesktop.Platform.

cmollekopf assigned this task to apol.Aug 2 2017, 9:36 PM
apol added a comment.Aug 3 2017, 12:12 AM

Reported on Flatpak upstream: https://github.com/flatpak/flatpak/issues/947

I checked libsasl2 code, it looks for files that end with .so.

apol closed this task as Resolved.Mon, Sep 4, 11:16 PM

The issue has been fixed upstream and the runtimes rebuilt.

apol added a comment.Mon, Sep 4, 11:16 PM

Oh, also I tested it and I confirm it works for me.