Gnome-keyring auto-start files (DBus etc) conflict with other Secret Service providers
Note: I'm reporting this based on https://github.com/keepassxreboot/keepassxc/issues/6274 , I don't have a testing environment to test this myself at the moment.
Description
When Gnome-keyring is registered as the default Freedesktop.org Secrets Service backend, it installs some hard-coded configuration files such as /usr/share/dbus-1/services/org.freedesktop.secrets.service
. Later, when the user wants to switch to a different Secrets Service provider such as KeepassXC, these files get in the way. Since they're hard-coded, they're difficult to replace, and they conflict with similar files that need to be installed by the other provider. As a result, the other provider can't be registered as default, and Gnome-keyring is launched instead.
I've proposed compatibility guidelines in https://gitlab.freedesktop.org/xdg/xdg-specs/-/issues/75 . The problem should be resolved if all Secrets Service providers follow these guidelines. I've pointed the KeepassXC devs to these guidelines to implement on their end; this issue is to point the Gnome-keyring devs to the same guidelines. Comments on these guidelines are welcome from all sides, if you think they need adjustment.
Steps to reproduce
- Install Gnome-keyring, and set it as default Freedesktop.org Secrets Service backend.
- Check if the installed files conform to the proposed compatibility guidelines.
- Install KeepassXC.
- In KeepassXC, enable freedesktop.org Secret Service integration, and expose a DB to the service.
- Close KeepassXC.
- Launch a client app that requires Secret Service, such as
secret-tool
.
Expected Behavior
- In step 2, the installed files should conform to the compatibility guidelines. In particular:
- If
/usr/share/dbus-1/services/org.freedesktop.secrets.service
is installed, it should be a symlink to a provider-specific file, such as/usr/share/gnome-keyring/dbus/org.freedesktop.secrets.service
. - If a SystemD service file is installed, it should have a provider-specific name such as
dbus-org.freedesktop.secrets.gnome-keyring.service
, and use anAlias
directive to refer to the general service name:Alias=dbus-org.freedesktop.secrets.service
.
- If
- In step 6, KeepassXC should be launched as the DBus
org.freedesktop.secrets.service
backend.
Current Behavior
- In step 2, the installed files do not conform to the compatibility guidelines. For example,
/usr/share/dbus-1/services/org.freedesktop.secrets.service
is a hard-coded regular file. - In step 6, Gnome-keyring daemon is launched as the DBus
org.freedesktop.secrets.service
backend. (This is partly KeepassXC's fault, as discussed in keepassxc/issues/6274, but also partly because the Gnome-keyring files get in the way.)
System Info
Unfortunately, the original issue did not provide a lot of details. This is what was reported:
OS: Ubuntu 20.10
DE: GNOME 3.38
This is likely still an issue with the latest Gnome-keyring and latest KeepassXC (2.6.4).