Please backport Gnucash with --enable-hbci

Just to be clear... hcbi is an online banking protocol used by residents of Germany.

Is this what you are looking for? If you are looking for making online banking downloads for another country, you might want to check the information at http://www.gnucash.org/ and on the gnucash-users mailing list.

I saw (and responded to) your note on the GnuCash-Users email list. I think it might be best to put clarifying links, etc. in this bug request since it's specific to Ubuntu, and maybe we can get it sorted out here.

Ok, so I tried a while back with the hardy beta to compile gnucash with hbci-enable with no luck.

(I should point out that --enable-hbci flag is the name of the gnucash feature for all online banking (OFX, HBCI, etc.). I guess the code was originally written for HBCI, but was later extended to all different kinds of online banking. So I use OFX here in the US, but need --enable-hbci)

In any case, here is an overview of the problem:

1) gnucash uses libaqbanking for online stuff
2) libaqbanking uses libgwenhywfar as an abstraction layer
3) libgwenhywfar used openssl, which wasn't packaged.

So a request went in to the authors of libgwenhywfar to use gnutls instead of openssl.

Problem is, gnutls support was added in gwenhywfar 3.0, which is backwards incompatible.
aqbanking 3.4 is written against gwenhywfar 3.0, but aqbanking 3.4 is backwards incompatible.

So gnucash still uses aqbanking 2.2, so even though gwenhywfar added support for gnutls, gnucash can't use it yet.

So before hardy, it wasn't much of a problem, because all of the versions of these libraries were packaged. So you could download libaqbanking16-dev, enable support for ofx, and recompile the package. Easy using dpkg-buildpackage. For example, see the instructions http://wiki.gnucash.org/wiki/Debian

The problem now with hardy is that the correct version of aqbanking is no longer packaged. gnucash needs libaqbanking16 and libaqbanking16-dev. But those packages were dropped from hardy, and are available only for edgy through gutsy. Thus the gnucash package can not be recompiled.

A while back, I tried a whole lot of things, like installing the packages from gutsy on hardy and putting the packages on hold, downloading the libraries directly and bypassing packages, etc. This had a problem with the wrong versions of libgwen I think. Right now, I have the gnucash package I built on gutsy installed and on hold (is an old version). I never was able to build gnucash (with OFX enabled) on hardy.

I have also considered trying to help upgrade gnucash to use aqbanking 3.4 (then this issue disappears, since aqbanking 3.4 is packaged perfectly in debian and ubuntu now...)
http://wiki.gnucash.org/wiki/AqBanking3_Porting

Actually, in 3) I said openssl wasn't packaged. Actually, openssl is packaged, but libaqbanking could not be linked against it because it would be a GPL violation.
http://www.gnome.org/~markmc/openssl-and-the-gpl.html

But now in hardy, as I mentioned, it is even worse because the needed packages are no longer available

Is this actually a duplicate of Bug 5973 ?

Thanks John. That's a good summary. I've experienced the same problems trying to compile gnucash with --enable-hbci on Hardy. I actually did get it to compile by downloading the relevant Gutsy packages manually and setting hold flags in apt like you described. However, I realized that I don't like that solution, since apt, aptitude, and synaptic all use different hold mechanisms (I was still getting notifications from gnome update notifier that I should update various packages).

Now I'm trying to do it over again using /etc/apt/preferences and pinning. I think that will work better. I'll post again if I get it to work.

Tommy - this is very similar to Bug 5973, except that as John explained, there are now additional significant obstacles to enabling hbci/ofx support in Hardy. In prior versions of Ubuntu, you could just follow the instructions here: http://wiki.gnucash.org/wiki/Debian and build your own package.

Well, I got gnucash and libaqbanking to compile as described at http://wiki.gnucash.org/wiki/Debian. However, I can't get ofxdirect online banking to work. After putting in my username and trying to download my account list, I get prompted for the password, but I always get an OFX: General Error message. Frustrating. It could be a problem with my OFX configuration in Gnucash, but after the way I mixed in all those Gutsy packages, I'll never be sure.

If you'd like to try to compile it the way I did, here's how I did it:
 - add gutsy main and universe to your sources.list
 - add the following entries to /etc/apt/preferences (you will probably have to create it)
Package: libaqbanking16
Pin: release a=gutsy
Pin-Priority: 1001

Package: libaqbanking16-dev
Pin: release a=gutsy
Pin-Priority: 1001

Package: libaqbanking-data
Pin: release a=gutsy
Pin-Priority: 1001

Package: libaqdtaus3
Pin: release a=gutsy
Pin-Priority: 1001

Package: libaqgeldkarte4
Pin: release a=gutsy
Pin-Priority: 1001

Package: libaqhbci10
Pin: release a=gutsy
Pin-Priority: 1001

Package: libcbanking16
Pin: release a=gutsy
Pin-Priority: 1001

Package: libchipcard2-0c2
Pin: release a=gutsy
Pin-Priority: 1001

Package: libg2banking2
Pin: release a=gutsy
Pin-Priority: 1001

Package: libgwenhywfar38
Pin: release a=gutsy
Pin-Priority: 1001

Package: libgwenhywfar38-dev
Pin: release a=gutsy
Pin-Priority: 1001

Package: libgwenhywfar-data
Pin: release a=gutsy
Pin-Priority: 1001

Package: libkbanking1
Pin: release a=gutsy
Pin-Priority: 1001

Package: libktoblzcheck1c2a
Pin: release a=gutsy
Pin-Priority: 1001

Package: libktoblzcheck1-dev
Pin: release a=gutsy
Pin-Priority: 1001

Package: libqbanking4
Pin: release a=gutsy
Pin-Priority: 1001

Package: libofx-dev
Pin: release a=gutsy
Pin-Priority: 1001

Package: ofx
Pin: release a=gutsy
Pin-Priority: 1001

Package: *
Pin: release a=gutsy
Pin-Priority: 400

 - These entries say to keep those packages downgraded to the gutsy versions, but otherwise, not to use the gutsy repos. All the package managers abide by this. (I wish I knew how to have multiple package names in the same "Package:" statement, but I don't)
 - sudo apt-get update
 - follow the instructions at http://wiki.gnucash.org/wiki/Debian
   - When you download the source for libaqbanking, use the command apt-get source libaqbanking=2.2.3-4 (gets the older version)
 - I ran into a couple of dependency issues. Aptitude was able to suggest solutions that involved downgrading packages to Gutsy. This seemed to work; at least, everything compiled

Unless anyone has any good ideas, I'm going to try to clean this mess up and use the regular Hardy package without ofxdirect.

Several AqBanking users reported OFX problems in the past. As far as I know the issue is related to a format change within OFX. The issue should be fixed in the most recent AqBanking release.

The only advice I can give: Wait for Gnucash being ported to AqBanking 3. :-S

Great news! Aqbanking 3.0 support has been merged to the trunk.

http://lists.gnucash.org/pipermail/gnucash-patches/2008-July/021963.html
http://lists.gnucash.org/pipermail/gnucash-devel/2008-July/023350.html

Once the next version of gnucash comes out, it should be easily built (and packaged) on hardy with online support.

Just to keep this bug updated, gnucash 2.2.6 was released today with aqbanking 3.0 support.
I compiled it on hardy and it works... I didn't use a package, instead used checkinstall

1) apt-get install libofx-dev libaqbanking20-dev
2) download gnucash 2.2.6
3) tar xvxf gnucash...
4) ./configure --enable-aqbanking --enable-ofx
5) make
6) sudo checkinstall
8) mv ~/.banking ~/oldbanking
9) mv ~/.aqbanking ~/oldaqbanking
10) start gnucash and recreate users and accounts

and everything works with the following problems:

downloading the account list caused aqbanking to fail with

3:2008/07/31 21-12-30:gwen(30862):io_tls.c: 1142: gnutls_handshake: -9 (A TLS packet with unexpected length was received.) [fatal]
3:2008/07/31 21-12-30:(null)(30862):provider.c: 665: Error exchanging getAccounts-request (-66)
3:2008/07/31 21-12-30:qt3_wizard(30862):cfgtabpageuserofx.cpp: 283: Error requesting account list

google gave a bunch of different problems/solutions, but the one that worked for me was
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=478470

# sudo dpkg-reconfigure ca-certificates
and remove some of the certs. I left debconf.org and all the mozilla certs, disabled everything else.

Hopefully a debian package appears, maybe in the PPA
https://launchpad.net/~gnucash/+archive

Does the ca-certificates modification really help with the gnutls_handshake error? I used to interpret this error as an indicator to turn the "force SSLv3" option in the HBCI setup on (which usually helps too). This is strange...

Micha

Yes. Note that the error given above is a very general gnutls error... so the same error can have many different causes.

If you read some of the google hits for the error, some people reported the errors were fixed by "Force SSL v3". I tried that, but it didn't fix it. So some of the other google hits said the error was fixed by removing certs, so I tried that and it works.

So I think that error about unexpected length can have many different causes.