kdepim-runtime: use XOAUTH2 SASL plugin from libkgapi #177410
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some mail servers like Gmail [use SASL XOAUTH2 mechanism][1] to authenticate
clients with OAuth token instead of password. Unfortunately, Cyrus SASL
does not have authentication plugin for this mechanism out of the box,
so clients that use this library and want to authenticate at such mail
servers should bring their own plugin for XOAUTH2. KMail (or KDE PIM
in general) have such plugin as [part of LibKGAPI][2], and on FHS systems
LibKGAPI puts its plugin right next to other Cyrus SASL plugins, so it
can be picked up by library automatically. In NixOS, this plugin end up in
other directory, which has no references to it, so `akonadi_imap_resource`
fails with next error message when tries to authenticate at such mail servers:
org.kde.pim.kimap: sasl_client_start failed with: -4 "SASL(-4): no mechanism available: No worthy mechs found"
In result, no mail is fetched (progress bar in KMail is stuck at 0%), and user
after reading logs is left wondering why no worthy mechs were found.
This commit sets `SASL_PATH` environment variable, so Cyrus SASL can find both
its own plugins and one provided by LibKGAPI. With this change, KMail can
successfully fetch mail from Gmail.
[1]: https://developers.google.com/gmail/imap/xoauth2-protocol#the_sasl_xoauth2_mechanism
[2]: https://github.com/KDE/libkgapi/tree/master/src/saslplugin
|
I guess this could be backported to release-22.05 without any problems, works for me on nixos-22.05 channel. |
niknetniko
approved these changes
Jul 22, 2022
|
@ttuegel, hello, can you review this PR please? |
matshch
force-pushed
the
kdepim-sasl-path
branch
from
4cc9710
to
b145771
Compare
|
Double checked with new commit: fix still work, both from |
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
matshch
force-pushed
the
kdepim-sasl-path
branch
from
b145771
to
2ce44be
Compare
unkn
reviewed
Sep 3, 2022
| @@ -23,4 +23,7 @@ mkDerivation { | |||
| pimcommon libkgapi libsecret | |||
| qca-qt5 qtkeychain qtnetworkauth qtspeech qtxmlpatterns | |||
| ]; | |||
| qtWrapperArgs = [ | |||
| "--prefix SASL_PATH : ${lib.makeSearchPath "lib/sasl2" [ cyrus_sasl libkgapi ]}" | |||
There was a problem hiding this comment.
you probably want cyrus_sasl.out here, cyrus_sasl uses the bin output (there's no lib/sasl2 there), which makes all plugins unavailable.
There was a problem hiding this comment.
Yeah, you are right. Will fix it now.
matshch
added a commit
to matshch/nixpkgs
that referenced
this pull request
Sep 9, 2022
In NixOS#177410 `SASL_PATH` was set for kdepim-runtime binaries to allow usage of plugin for XOAUTH2, which is required for some mail servers like Gmail. Unfortunately in that PR wrong output of cyrus_sasl was chosen, fixing it in this PR.
13 tasks
niknetniko
added a commit
to niknetniko/nixpkgs
that referenced
this pull request
Apr 15, 2024
Applies the changes from NixOS#177410 and NixOS#190502 to Plasma 6.
13 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes
Some mail servers like Gmail use SASL XOAUTH2 mechanism to authenticate clients with OAuth token instead of password. Unfortunately, Cyrus SASL does not have authentication plugin for this mechanism out of the box, so clients that use this library and want to authenticate at such mail servers should bring their own plugin for XOAUTH2. KMail (or KDE PIM in general) have such plugin as part of LibKGAPI, and on FHS systems LibKGAPI puts its plugin right next to other Cyrus SASL plugins, so it can be picked up by library automatically. In NixOS, this plugin end up in other directory, which has no references to it, so
akonadi_imap_resourcefails with next error message when tries to authenticate at such mail servers:In result, no mail is fetched (progress bar in KMail is stuck at 0%), and user after reading logs is left wondering why no worthy mechs were found.
This commit sets
SASL_PATHenvironment variable, so Cyrus SASL can find both its own plugins and one provided by LibKGAPI. With this change, KMail can successfully fetch mail from Gmail.This fix is based on discussion in #108480 about means for merging SASL plugins folders from different packages. I think setting
SASL_PATHis the most straightforward way of doing this in Nix, but maybe it should be automated somehow, like it is done withXDG_DATA_DIRSinwrapQtAppsHook. However, I do not know easy way to do so in non-breaking manner, so lets leave it to package maintainers for now.Things done
sandbox = trueset innix.conf? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usageNB:
nixpkgs-reviewtries to build packages that are marked as broken. All non-broken packages build successfully with this changes../result/bin/)nixos/doc/manual/md-to-db.shto update generated release notes