libsecret issueshttps://gitlab.gnome.org/GNOME/libsecret/-/issues2024-03-13T23:00:18Zhttps://gitlab.gnome.org/GNOME/libsecret/-/issues/92Fix error in documentation2024-03-13T23:00:18ZGNOME Gitlab AutomationFix error in documentation
The following Merge Request (MR) has been forwarded from GitHub in order to prevent
the GNOME Project from losing contributions coming from un-official channels. And for
contributors to not see their valuable contributions not being acc...
The following Merge Request (MR) has been forwarded from GitHub in order to prevent
the GNOME Project from losing contributions coming from un-official channels. And for
contributors to not see their valuable contributions not being accounted for.
Relevant information:
Github handle: rekire
MR URL: https://github.com/GNOME/libsecret/pull/4
Patch URL: https://github.com/GNOME/libsecret/pull/4.patch
Body of the MR:
I'm implementing password API for a Flutter plugin and found while reading the source code this 3 years old documentation bug. Just small, but it confused me.https://gitlab.gnome.org/GNOME/libsecret/-/issues/900.21.3 doesn't install PAM module2024-02-08T06:47:32ZJan Alexander Steffens0.21.3 doesn't install PAM moduleWith `-D pam=true`, the new `pam_gnome_keyring` module is built and tested, but not installed.With `-D pam=true`, the new `pam_gnome_keyring` module is built and tested, but not installed.Dhanuka WarusaduraDhanuka Warusadurahttps://gitlab.gnome.org/GNOME/libsecret/-/issues/800.20.5 test-collection fails non-deterministically2023-03-18T12:12:22ZMaxim Cournoyer0.20.5 test-collection fails non-deterministicallyHello,
Attempting to update the package to 0.20.5 on GNU Guix, I encounter the following error most of the time, but not always. My machine is under high load.
```
starting phase `check'
ninja: Entering directory `/tmp/guix-build-libs...Hello,
Attempting to update the package to 0.20.5 on GNU Guix, I encounter the following error most of the time, but not always. My machine is under high load.
```
starting phase `check'
ninja: Entering directory `/tmp/guix-build-libsecret-0.20.5.drv-0/build'
ninja: no work to do.
1/21 libsecret:libegg / test-hex OK 0.07s
2/21 libsecret:libegg / test-dh OK 0.05s
3/21 libsecret:libegg / test-hkdf OK 0.09s
4/21 libsecret:libsecret / test-value OK 0.06s
5/21 libsecret:libsecret / test-attributes OK 0.12s
6/21 libsecret:libegg / test-secmem OK 2.26s
7/21 libsecret:libsecret / test-session OK 2.83s
8/21 libsecret:libsecret / test-prompt OK 5.55s
9/21 libsecret:libsecret / test-paths OK 8.98s
10/21 libsecret:libsecret / test-password OK 6.25s
11/21 libsecret:libsecret / test-methods OK 11.14s
12/21 libsecret:libsecret / test-file-collection OK 2.02s
13/21 libsecret:python / test-py-lookup OK 3.40s
14/21 libsecret:libsecret / test-service OK 19.51s
15/21 libsecret:libsecret / test-collection FAIL 9.18s killed by signal 5 SIGTRAP
>>> MALLOC_PERTURB_=208 /tmp/guix-build-libsecret-0.20.5.drv-0/build/libsecret/test-collection
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
stdout:
# random seed: R02S72cad504016edaaa2783eab7e842caa5
1..27
# Start of collection tests
# GLib-DEBUG: unsetenv() is not thread-safe and should not be used after threads are created
ok 1 /collection/new-sync
# GLib-DEBUG: setenv()/putenv() are not thread-safe and should not be used after threads are created
# GLib-DEBUG: unsetenv() is not thread-safe and should not be used after threads are created
ok 2 /collection/new-async
# GLib-DEBUG: setenv()/putenv() are not thread-safe and should not be used after threads are created
# GLib-DEBUG: unsetenv() is not thread-safe and should not be used after threads are created
ok 3 /collection/new-sync-noexist
# GLib-DEBUG: setenv()/putenv() are not thread-safe and should not be used after threads are created
# GLib-DEBUG: unsetenv() is not thread-safe and should not be used after threads are created
ok 4 /collection/new-async-noexist
# GLib-DEBUG: setenv()/putenv() are not thread-safe and should not be used after threads are created
# GLib-DEBUG: unsetenv() is not thread-safe and should not be used after threads are created
ok 5 /collection/for-alias-sync
# GLib-DEBUG: setenv()/putenv() are not thread-safe and should not be used after threads are created
# GLib-DEBUG: unsetenv() is not thread-safe and should not be used after threads are created
ok 6 /collection/for-alias-async
# GLib-DEBUG: setenv()/putenv() are not thread-safe and should not be used after threads are created
# GLib-DEBUG: unsetenv() is not thread-safe and should not be used after threads are created
ok 7 /collection/for-alias-load-sync
# GLib-DEBUG: setenv()/putenv() are not thread-safe and should not be used after threads are created
# GLib-DEBUG: unsetenv() is not thread-safe and should not be used after threads are created
ok 8 /collection/for-alias-load-async
# GLib-DEBUG: setenv()/putenv() are not thread-safe and should not be used after threads are created
# GLib-DEBUG: unsetenv() is not thread-safe and should not be used after threads are created
ok 9 /collection/create-sync
# GLib-DEBUG: setenv()/putenv() are not thread-safe and should not be used after threads are created
# GLib-DEBUG: unsetenv() is not thread-safe and should not be used after threads are created
ok 10 /collection/create-async
# GLib-DEBUG: setenv()/putenv() are not thread-safe and should not be used after threads are created
# GLib-DEBUG: unsetenv() is not thread-safe and should not be used after threads are created
ok 11 /collection/properties
# GLib-DEBUG: setenv()/putenv() are not thread-safe and should not be used after threads are created
# GLib-DEBUG: unsetenv() is not thread-safe and should not be used after threads are created
ok 12 /collection/items
# GLib-DEBUG: setenv()/putenv() are not thread-safe and should not be used after threads are created
# GLib-DEBUG: unsetenv() is not thread-safe and should not be used after threads are created
ok 13 /collection/items-empty
# GLib-DEBUG: setenv()/putenv() are not thread-safe and should not be used after threads are created
# GLib-DEBUG: unsetenv() is not thread-safe and should not be used after threads are created
ok 14 /collection/items-empty-async
# GLib-DEBUG: setenv()/putenv() are not thread-safe and should not be used after threads are created
# GLib-DEBUG: unsetenv() is not thread-safe and should not be used after threads are created
ok 15 /collection/set-label-sync
# GLib-DEBUG: setenv()/putenv() are not thread-safe and should not be used after threads are created
# GLib-DEBUG: unsetenv() is not thread-safe and should not be used after threads are created
ok 16 /collection/set-label-async
# GLib-DEBUG: setenv()/putenv() are not thread-safe and should not be used after threads are created
# GLib-DEBUG: unsetenv() is not thread-safe and should not be used after threads are created
ok 17 /collection/set-label-prop
# GLib-DEBUG: setenv()/putenv() are not thread-safe and should not be used after threads are created
# libsecret-INFO: Remote error from secret service: org.freedesktop.DBus.Error.NoReply: Message recipient disconnected from message bus without replying
Bail out! libsecret-FATAL-WARNING: couldn't set SecretCollection Label: Message recipient disconnected from message bus without replying
stderr:
(test-collection:683): libsecret-WARNING **: 20:36:17.308: couldn't set SecretCollection Label: Message recipient disconnected from message bus without replying
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
16/21 libsecret:python / test-py-store OK 2.12s
17/21 libsecret:vala / test-vala-lang OK 0.95s
18/21 libsecret:libsecret / test-item OK 11.13s
19/21 libsecret:vala / test-vala-unstable OK 0.64s
20/21 libsecret:python / test-py-clear OK 3.19s
21/21 libsecret:secret-tool / test-secret-tool.sh OK 1.87s
Summary of Failures:
15/21 libsecret:libsecret / test-collection FAIL 9.18s killed by signal 5 SIGTRAP
Ok: 20
Expected Fail: 0
Fail: 1
Unexpected Pass: 0
Skipped: 0
Timeout: 0
Full log written to /tmp/guix-build-libsecret-0.20.5.drv-0/build/meson-logs/testlog.txt
```
Attached is the testlog.txt file.[testlog.txt](/uploads/b6db383d59be5ff9791cdbd5bf9c7e93/testlog.txt)https://gitlab.gnome.org/GNOME/libsecret/-/issues/79[BUG] - secret-tool freezes after a fresh install of Arch Linux2022-07-12T16:07:39ZD3vil0p3r[BUG] - secret-tool freezes after a fresh install of Arch LinuxHello,
I'm using a new fresh installation of Arch Linux (5.18.10-arch1-1) and I noted that, if after the installation and the first boot the user opens the terminal and uses `secret-tool`, this tool freezes.
Indeed, if the user tries to...Hello,
I'm using a new fresh installation of Arch Linux (5.18.10-arch1-1) and I noted that, if after the installation and the first boot the user opens the terminal and uses `secret-tool`, this tool freezes.
Indeed, if the user tries to execute:
```
secret-tool store --label='TEST' test-api user-test-api
PASSWORD:
```
when the password is typed and the user press Enter, the tool freezes.
This issue can be solved by rebooting the machine, but I think that could be nice if this small bug can be solved in order to allow the user to use secret-tool immediately after the first boot.https://gitlab.gnome.org/GNOME/libsecret/-/issues/76tpm2-tss should be loaded through dlopen2023-10-04T01:31:45ZDaiki Uenotpm2-tss should be loaded through dlopenWhile libsecret uses libgcrypt as cryptographic backend, tpm2-tss brings in openssl as its dependency. It would probably make sense to load the library through dlopen, with the provided [stub](https://github.com/tpm2-software/tpm2-tss/tr...While libsecret uses libgcrypt as cryptographic backend, tpm2-tss brings in openssl as its dependency. It would probably make sense to load the library through dlopen, with the provided [stub](https://github.com/tpm2-software/tpm2-tss/tree/master/tss2-dlopen), until either libsecret or tpm2-tss provides pluggable crypto backend [feature](https://github.com/tpm2-software/tpm2-tss/pull/2365).Dhanuka WarusaduraDhanuka Warusadurahttps://gitlab.gnome.org/GNOME/libsecret/-/issues/71Make file backend public?2022-03-25T13:08:55ZSophie HeroldMake file backend public?Currently, [seahorse does not list the secrets of flatpaks](GNOME/seahorse#345).
Would it be possible to make them accessible via the API? Seahorse does know about the keys from the "Secret" portal and the app id. Therefore, it would pr...Currently, [seahorse does not list the secrets of flatpaks](GNOME/seahorse#345).
Would it be possible to make them accessible via the API? Seahorse does know about the keys from the "Secret" portal and the app id. Therefore, it would probably be able to pass the key and the paths to the keyfiles.https://gitlab.gnome.org/GNOME/libsecret/-/issues/70meson build exports private symbols2022-02-27T02:56:24ZJeremy Bichameson build exports private symbolsThe meson build exports several symbols that the autotools build didn't. You'll probably need to build with `fvisibility=hidden` and use the default visibility attribute to mark the symbols you want to be public.
See also the [meson FA...The meson build exports several symbols that the autotools build didn't. You'll probably need to build with `fvisibility=hidden` and use the default visibility attribute to mark the symbols you want to be public.
See also the [meson FAQ](https://mesonbuild.com/FAQ.html#how-do-i-do-the-equivalent-of-libtools-exportsymbol-and-exportregex)
It looks like the only symbols you want public are the ones beginning with `secret_` and these ones: `SECMEM_pool_data_v1_0`, `SECRET_SCHEMA_COMPAT_NETWORK`, `SECRET_SCHEMA_NOTE`
diff from Debian's build
------------------------
```
SECMEM_pool_data_v1_0@Base 0.14
SECRET_SCHEMA_COMPAT_NETWORK@Base 0.7
SECRET_SCHEMA_NOTE@Base 0.7
+ _secret_attributes_copy@Base 0.20.5
+ _secret_attributes_for_variant@Base 0.20.5
+ _secret_attributes_to_variant@Base 0.20.5
+ _secret_attributes_validate@Base 0.20.5
+ _secret_backend_ensure_extension_point@Base 0.20.5
+ _secret_backend_uncache_instance@Base 0.20.5
+ _secret_collection_find_item_instance@Base 0.20.5
+ _secret_collection_properties_new@Base 0.20.5
+ _secret_error_quark@Base 0.20.5
+ _secret_file_backend_check_portal_version@Base 0.20.5
+ _secret_file_item_decrypt@Base 0.20.5
+ _secret_gen_collection_call_create_item@Base 0.20.5
+ _secret_gen_collection_call_create_item_finish@Base 0.20.5
+ _secret_gen_collection_call_create_item_sync@Base 0.20.5
+ _secret_gen_collection_call_delete@Base 0.20.5
+ _secret_gen_collection_call_delete_finish@Base 0.20.5
+ _secret_gen_collection_call_delete_sync@Base 0.20.5
+ _secret_gen_collection_call_search_items@Base 0.20.5
+ _secret_gen_collection_call_search_items_finish@Base 0.20.5
+ _secret_gen_collection_call_search_items_sync@Base 0.20.5
+ _secret_gen_collection_complete_create_item@Base 0.20.5
+ _secret_gen_collection_complete_delete@Base 0.20.5
+ _secret_gen_collection_complete_search_items@Base 0.20.5
+ _secret_gen_collection_dup_items@Base 0.20.5
+ _secret_gen_collection_dup_label@Base 0.20.5
+ _secret_gen_collection_emit_item_changed@Base 0.20.5
+ _secret_gen_collection_emit_item_created@Base 0.20.5
+ _secret_gen_collection_emit_item_deleted@Base 0.20.5
+ _secret_gen_collection_get_created@Base 0.20.5
+ _secret_gen_collection_get_items@Base 0.20.5
+ _secret_gen_collection_get_label@Base 0.20.5
+ _secret_gen_collection_get_locked@Base 0.20.5
+ _secret_gen_collection_get_modified@Base 0.20.5
+ _secret_gen_collection_get_type@Base 0.20.5
+ _secret_gen_collection_interface_info@Base 0.20.5
+ _secret_gen_collection_override_properties@Base 0.20.5
+ _secret_gen_collection_proxy_get_type@Base 0.20.5
+ _secret_gen_collection_proxy_new@Base 0.20.5
+ _secret_gen_collection_proxy_new_finish@Base 0.20.5
+ _secret_gen_collection_proxy_new_for_bus@Base 0.20.5
+ _secret_gen_collection_proxy_new_for_bus_finish@Base 0.20.5
+ _secret_gen_collection_proxy_new_for_bus_sync@Base 0.20.5
+ _secret_gen_collection_proxy_new_sync@Base 0.20.5
+ _secret_gen_collection_set_created@Base 0.20.5
+ _secret_gen_collection_set_items@Base 0.20.5
+ _secret_gen_collection_set_label@Base 0.20.5
+ _secret_gen_collection_set_locked@Base 0.20.5
+ _secret_gen_collection_set_modified@Base 0.20.5
+ _secret_gen_collection_skeleton_get_type@Base 0.20.5
+ _secret_gen_collection_skeleton_new@Base 0.20.5
+ _secret_gen_item_call_delete@Base 0.20.5
+ _secret_gen_item_call_delete_finish@Base 0.20.5
+ _secret_gen_item_call_delete_sync@Base 0.20.5
+ _secret_gen_item_call_get_secret@Base 0.20.5
+ _secret_gen_item_call_get_secret_finish@Base 0.20.5
+ _secret_gen_item_call_get_secret_sync@Base 0.20.5
+ _secret_gen_item_call_set_secret@Base 0.20.5
+ _secret_gen_item_call_set_secret_finish@Base 0.20.5
+ _secret_gen_item_call_set_secret_sync@Base 0.20.5
+ _secret_gen_item_complete_delete@Base 0.20.5
+ _secret_gen_item_complete_get_secret@Base 0.20.5
+ _secret_gen_item_complete_set_secret@Base 0.20.5
+ _secret_gen_item_dup_attributes@Base 0.20.5
+ _secret_gen_item_dup_label@Base 0.20.5
+ _secret_gen_item_get_attributes@Base 0.20.5
+ _secret_gen_item_get_created@Base 0.20.5
+ _secret_gen_item_get_label@Base 0.20.5
+ _secret_gen_item_get_locked@Base 0.20.5
+ _secret_gen_item_get_modified@Base 0.20.5
+ _secret_gen_item_get_type@Base 0.20.5
+ _secret_gen_item_interface_info@Base 0.20.5
+ _secret_gen_item_override_properties@Base 0.20.5
+ _secret_gen_item_proxy_get_type@Base 0.20.5
+ _secret_gen_item_proxy_new@Base 0.20.5
+ _secret_gen_item_proxy_new_finish@Base 0.20.5
+ _secret_gen_item_proxy_new_for_bus@Base 0.20.5
+ _secret_gen_item_proxy_new_for_bus_finish@Base 0.20.5
+ _secret_gen_item_proxy_new_for_bus_sync@Base 0.20.5
+ _secret_gen_item_proxy_new_sync@Base 0.20.5
+ _secret_gen_item_set_attributes@Base 0.20.5
+ _secret_gen_item_set_created@Base 0.20.5
+ _secret_gen_item_set_label@Base 0.20.5
+ _secret_gen_item_set_locked@Base 0.20.5
+ _secret_gen_item_set_modified@Base 0.20.5
+ _secret_gen_item_skeleton_get_type@Base 0.20.5
+ _secret_gen_item_skeleton_new@Base 0.20.5
+ _secret_gen_prompt_call_dismiss@Base 0.20.5
+ _secret_gen_prompt_call_dismiss_finish@Base 0.20.5
+ _secret_gen_prompt_call_dismiss_sync@Base 0.20.5
+ _secret_gen_prompt_call_prompt@Base 0.20.5
+ _secret_gen_prompt_call_prompt_finish@Base 0.20.5
+ _secret_gen_prompt_call_prompt_sync@Base 0.20.5
+ _secret_gen_prompt_complete_dismiss@Base 0.20.5
+ _secret_gen_prompt_complete_prompt@Base 0.20.5
+ _secret_gen_prompt_emit_completed@Base 0.20.5
+ _secret_gen_prompt_get_type@Base 0.20.5
+ _secret_gen_prompt_interface_info@Base 0.20.5
+ _secret_gen_prompt_override_properties@Base 0.20.5
+ _secret_gen_prompt_proxy_get_type@Base 0.20.5
+ _secret_gen_prompt_proxy_new@Base 0.20.5
+ _secret_gen_prompt_proxy_new_finish@Base 0.20.5
+ _secret_gen_prompt_proxy_new_for_bus@Base 0.20.5
+ _secret_gen_prompt_proxy_new_for_bus_finish@Base 0.20.5
+ _secret_gen_prompt_proxy_new_for_bus_sync@Base 0.20.5
+ _secret_gen_prompt_proxy_new_sync@Base 0.20.5
+ _secret_gen_prompt_skeleton_get_type@Base 0.20.5
+ _secret_gen_prompt_skeleton_new@Base 0.20.5
+ _secret_gen_service_call_create_collection@Base 0.20.5
+ _secret_gen_service_call_create_collection_finish@Base 0.20.5
+ _secret_gen_service_call_create_collection_sync@Base 0.20.5
+ _secret_gen_service_call_get_secrets@Base 0.20.5
+ _secret_gen_service_call_get_secrets_finish@Base 0.20.5
+ _secret_gen_service_call_get_secrets_sync@Base 0.20.5
+ _secret_gen_service_call_lock@Base 0.20.5
+ _secret_gen_service_call_lock_finish@Base 0.20.5
+ _secret_gen_service_call_lock_sync@Base 0.20.5
+ _secret_gen_service_call_open_session@Base 0.20.5
+ _secret_gen_service_call_open_session_finish@Base 0.20.5
+ _secret_gen_service_call_open_session_sync@Base 0.20.5
+ _secret_gen_service_call_read_alias@Base 0.20.5
+ _secret_gen_service_call_read_alias_finish@Base 0.20.5
+ _secret_gen_service_call_read_alias_sync@Base 0.20.5
+ _secret_gen_service_call_search_items@Base 0.20.5
+ _secret_gen_service_call_search_items_finish@Base 0.20.5
+ _secret_gen_service_call_search_items_sync@Base 0.20.5
+ _secret_gen_service_call_set_alias@Base 0.20.5
+ _secret_gen_service_call_set_alias_finish@Base 0.20.5
+ _secret_gen_service_call_set_alias_sync@Base 0.20.5
+ _secret_gen_service_call_unlock@Base 0.20.5
+ _secret_gen_service_call_unlock_finish@Base 0.20.5
+ _secret_gen_service_call_unlock_sync@Base 0.20.5
+ _secret_gen_service_complete_create_collection@Base 0.20.5
+ _secret_gen_service_complete_get_secrets@Base 0.20.5
+ _secret_gen_service_complete_lock@Base 0.20.5
+ _secret_gen_service_complete_open_session@Base 0.20.5
+ _secret_gen_service_complete_read_alias@Base 0.20.5
+ _secret_gen_service_complete_search_items@Base 0.20.5
+ _secret_gen_service_complete_set_alias@Base 0.20.5
+ _secret_gen_service_complete_unlock@Base 0.20.5
+ _secret_gen_service_dup_collections@Base 0.20.5
+ _secret_gen_service_emit_collection_changed@Base 0.20.5
+ _secret_gen_service_emit_collection_created@Base 0.20.5
+ _secret_gen_service_emit_collection_deleted@Base 0.20.5
+ _secret_gen_service_get_collections@Base 0.20.5
+ _secret_gen_service_get_type@Base 0.20.5
+ _secret_gen_service_interface_info@Base 0.20.5
+ _secret_gen_service_override_properties@Base 0.20.5
+ _secret_gen_service_proxy_get_type@Base 0.20.5
+ _secret_gen_service_proxy_new@Base 0.20.5
+ _secret_gen_service_proxy_new_finish@Base 0.20.5
+ _secret_gen_service_proxy_new_for_bus@Base 0.20.5
+ _secret_gen_service_proxy_new_for_bus_finish@Base 0.20.5
+ _secret_gen_service_proxy_new_for_bus_sync@Base 0.20.5
+ _secret_gen_service_proxy_new_sync@Base 0.20.5
+ _secret_gen_service_set_collections@Base 0.20.5
+ _secret_gen_service_skeleton_get_type@Base 0.20.5
+ _secret_gen_service_skeleton_new@Base 0.20.5
+ _secret_gen_session_call_close@Base 0.20.5
+ _secret_gen_session_call_close_finish@Base 0.20.5
+ _secret_gen_session_call_close_sync@Base 0.20.5
+ _secret_gen_session_complete_close@Base 0.20.5
+ _secret_gen_session_get_type@Base 0.20.5
+ _secret_gen_session_interface_info@Base 0.20.5
+ _secret_gen_session_override_properties@Base 0.20.5
+ _secret_gen_session_proxy_get_type@Base 0.20.5
+ _secret_gen_session_proxy_new@Base 0.20.5
+ _secret_gen_session_proxy_new_finish@Base 0.20.5
+ _secret_gen_session_proxy_new_for_bus@Base 0.20.5
+ _secret_gen_session_proxy_new_for_bus_finish@Base 0.20.5
+ _secret_gen_session_proxy_new_for_bus_sync@Base 0.20.5
+ _secret_gen_session_proxy_new_sync@Base 0.20.5
+ _secret_gen_session_skeleton_get_type@Base 0.20.5
+ _secret_gen_session_skeleton_new@Base 0.20.5
+ _secret_item_set_cached_secret@Base 0.20.5
+ _secret_list_get_type@Base 0.20.5
+ _secret_prompt_instance@Base 0.20.5
+ _secret_schema_ref_if_nonstatic@Base 0.20.5
+ _secret_schema_unref_if_nonstatic@Base 0.20.5
+ _secret_service_create_item_dbus_path_finish_raw@Base 0.20.5
+ _secret_service_decode_get_secrets_all@Base 0.20.5
+ _secret_service_decode_get_secrets_first@Base 0.20.5
+ _secret_service_delete_path@Base 0.20.5
+ _secret_service_delete_path_finish@Base 0.20.5
+ _secret_service_find_collection_instance@Base 0.20.5
+ _secret_service_find_item_instance@Base 0.20.5
+ _secret_service_get_session@Base 0.20.5
+ _secret_service_search_for_paths_variant@Base 0.20.5
+ _secret_service_take_session@Base 0.20.5
+ _secret_service_xlock_paths_async@Base 0.20.5
+ _secret_service_xlock_paths_finish@Base 0.20.5
+ _secret_session_decode_secret@Base 0.20.5
+ _secret_session_encode_secret@Base 0.20.5
+ _secret_session_free@Base 0.20.5
+ _secret_session_get_algorithms@Base 0.20.5
+ _secret_session_get_path@Base 0.20.5
+ _secret_session_open@Base 0.20.5
+ _secret_session_open_finish@Base 0.20.5
+ _secret_sync_free@Base 0.20.5
+ _secret_sync_new@Base 0.20.5
+ _secret_sync_on_result@Base 0.20.5
+ _secret_util_collection_to_path@Base 0.20.5
+ _secret_util_empty_path@Base 0.20.5
+ _secret_util_get_properties@Base 0.20.5
+ _secret_util_get_properties_finish@Base 0.20.5
+ _secret_util_have_cached_properties@Base 0.20.5
+ _secret_util_parent_path@Base 0.20.5
+ _secret_util_set_property@Base 0.20.5
+ _secret_util_set_property_finish@Base 0.20.5
+ _secret_util_set_property_sync@Base 0.20.5
+ _secret_util_strip_remote_error@Base 0.20.5
+ _secret_util_variant_for_properties@Base 0.20.5
+ _secret_value_unref_to_password@Base 0.20.5
+ _secret_value_unref_to_string@Base 0.20.5
+ egg_dh_default_params@Base 0.20.5
+ egg_dh_default_params_raw@Base 0.20.5
+ egg_dh_gen_pair@Base 0.20.5
+ egg_dh_gen_secret@Base 0.20.5
+ egg_hkdf_perform@Base 0.20.5
+ egg_libgcrypt_initialize@Base 0.20.5
+ egg_secure_alloc_full@Base 0.20.5
+ egg_secure_check@Base 0.20.5
+ egg_secure_clear@Base 0.20.5
+ egg_secure_free@Base 0.20.5
+ egg_secure_free_full@Base 0.20.5
+ egg_secure_realloc_full@Base 0.20.5
+ egg_secure_records@Base 0.20.5
+ egg_secure_strclear@Base 0.20.5
+ egg_secure_strdup_full@Base 0.20.5
+ egg_secure_strfree@Base 0.20.5
+ egg_secure_strndup_full@Base 0.20.5
+ egg_secure_validate@Base 0.20.5
+ egg_secure_warnings@Base 0.20.5
+ g__backend_instance_lock@Base 0.20.5
+ g__service_instance_lock@Base 0.20.5
secret_attributes_build@Base 0.7
secret_attributes_buildv@Base 0.7
secret_backend_flags_get_type@Base 0.20.1
```https://gitlab.gnome.org/GNOME/libsecret/-/issues/64libsecret saves garbage in keyring2022-03-24T22:10:13ZBastien Noceralibsecret saves garbage in keyringlibsecret, as used by Polari, saves "passwords" with no label. The passwords are just random binary data which seahorse can't display.
![Screenshot_from_2021-09-03_12-46-19](/uploads/29d242bd59a5bd93d7f7dd6f83256504/Screenshot_from_2021...libsecret, as used by Polari, saves "passwords" with no label. The passwords are just random binary data which seahorse can't display.
![Screenshot_from_2021-09-03_12-46-19](/uploads/29d242bd59a5bd93d7f7dd6f83256504/Screenshot_from_2021-09-03_12-46-19.png)https://gitlab.gnome.org/GNOME/libsecret/-/issues/61Introduce symbol versioning of the library2022-10-24T14:38:59ZDaiki UenoIntroduce symbol versioning of the libraryWhen creating a shared library, it is a good practice to associate version information to each exported symbol through LD version scripts:
https://www.gnu.org/software/gnulib/manual/html_node/LD-Version-Scripts.html
While Meson doesn't ...When creating a shared library, it is a good practice to associate version information to each exported symbol through LD version scripts:
https://www.gnu.org/software/gnulib/manual/html_node/LD-Version-Scripts.html
While Meson doesn't have native support for it [yet](https://github.com/mesonbuild/meson/issues/3047), there is a way to supply version scripts through `cc.get_supported_link_arguments` and `link_with` attribute in `shared_library` target. Examples are:
- https://github.com/p11-glue/p11-kit/blob/master/p11-kit/meson.build#L85
- https://github.com/hughsie/libgusb/blob/master/gusb/meson.build#L48Dhanuka WarusaduraDhanuka Warusadurahttps://gitlab.gnome.org/GNOME/libsecret/-/issues/60secret-tool: Add --unlock option to certain operations (e.g. clear)2021-12-27T22:14:45ZDaiki Uenosecret-tool: Add --unlock option to certain operations (e.g. clear)This was prompted in https://gitlab.gnome.org/GNOME/libsecret/-/issues/56#note_1073892.
It would be nice if `secret-tool` has an option to automatically unlock the collection, if the operation would fail otherwise.This was prompted in https://gitlab.gnome.org/GNOME/libsecret/-/issues/56#note_1073892.
It would be nice if `secret-tool` has an option to automatically unlock the collection, if the operation would fail otherwise.https://gitlab.gnome.org/GNOME/libsecret/-/issues/55Inconsistent libsecret behavior in password_storev and password_lookupv in fl...2020-10-25T04:51:34ZMiles WallioInconsistent libsecret behavior in password_storev and password_lookupv in flatpakI'm working on storing credentials for my application. I'm using
```
"runtime": "org.gnome.Platform",
"runtime-version": "3.38",
"sdk": "org.gnome.Sdk",
```
with permissions:
```
"--share=ipc",
"--share=network",
"--filesystem=home",
...I'm working on storing credentials for my application. I'm using
```
"runtime": "org.gnome.Platform",
"runtime-version": "3.38",
"sdk": "org.gnome.Sdk",
```
with permissions:
```
"--share=ipc",
"--share=network",
"--filesystem=home",
"--device=dri",
"--socket=fallback-x11",
"--socket=wayland"
```
With the [flathub shared-modules libsecret](https://github.com/flathub/shared-modules/blob/master/libsecret/libsecret.json) (0.20.4 at time of writing).
When built and run outside of flatpak, I'm able to store and persist secrets.
On Ubuntu 20.04, calls to `Secret.password_lookupv` and `Secret.password_storev` never call my callback.
On Fedora 33, I see the password_storev succeed, but on the next launch, the password is not persisted.
I'm not too familiar with debugging the flatpak infrastructure, so if there's any more information I can provide or check, please let me know.
**Edit:** This is what my calls look like:
```vala
thief_secret = new Secret.Schema (
"com.kmwallio.thiefmd.secret", Secret.SchemaFlags.NONE,
"type", Secret.SchemaAttributeType.STRING,
"endpoint", Secret.SchemaAttributeType.STRING,
"alias", Secret.SchemaAttributeType.STRING);
var attributes = new GLib.HashTable<string,string> (str_hash, str_equal);
attributes["type"] = type;
attributes["endpoint"] = endpoint;
attributes["alias"] = alias;
Secret.password_storev.begin (
thief_secret,
attributes,
Secret.COLLECTION_DEFAULT,
"%s:%s".printf(endpoint, alias),
secret,
null, (obj, async_res) =>
{
```
```vala
thief_secret = new Secret.Schema (
"com.kmwallio.thiefmd.secret", Secret.SchemaFlags.NONE,
"type", Secret.SchemaAttributeType.STRING,
"endpoint", Secret.SchemaAttributeType.STRING,
"alias", Secret.SchemaAttributeType.STRING);
var attributes = new GLib.HashTable<string,string> (str_hash, str_equal);
attributes["type"] = type;
attributes["endpoint"] = endpoint;
attributes["alias"] = user;
Secret.password_lookupv.begin (thief_secret, attributes, null, (obj, async_res) => {
```https://gitlab.gnome.org/GNOME/libsecret/-/issues/53Implement file descriptor based D-Bus API for secret retrieval2021-05-23T18:27:03ZDaiki UenoImplement file descriptor based D-Bus API for secret retrievalThere is a proposal to replace the wire encryption with FD passing feature in D-Bus:
https://gitlab.freedesktop.org/xdg/xdg-specs/-/merge_requests/33
It would be valuable to experiment it to see the feasibility, before the spec is updated.There is a proposal to replace the wire encryption with FD passing feature in D-Bus:
https://gitlab.freedesktop.org/xdg/xdg-specs/-/merge_requests/33
It would be valuable to experiment it to see the feasibility, before the spec is updated.https://gitlab.gnome.org/GNOME/libsecret/-/issues/52Fuzz local storage format2021-04-05T15:38:25ZDaiki UenoFuzz local storage formatIt would be nice to enable fuzzer against the local storage format parser.It would be nice to enable fuzzer against the local storage format parser.https://gitlab.gnome.org/GNOME/libsecret/-/issues/49Flatpak issues with libsecret >19.12022-06-24T12:32:05ZMaximilianoFlatpak issues with libsecret >19.1[ch.protonmail.protonmail-bridge](https://github.com/flathub/ch.protonmail.protonmail-bridge/) requires access to the keyring to effectively use the app, this worked fine in fedora 31 and libsecret 19.1 (Maybe 20.0 I don't quite remember...[ch.protonmail.protonmail-bridge](https://github.com/flathub/ch.protonmail.protonmail-bridge/) requires access to the keyring to effectively use the app, this worked fine in fedora 31 and libsecret 19.1 (Maybe 20.0 I don't quite remember which one came first). Now fedora 32 users report that the app won't work [protonmail-bridge/#27](https://github.com/flathub/ch.protonmail.protonmail-bridge/issues/27).
[Here](https://github.com/flatpak/xdg-desktop-portal/issues/507) there is a related issue where the ouput of `secret-tool` inside the sandbox is clearly broken.
```
$ secret-tool search username d8Tm8L...==
[no path]
label = protonmail/bridge/users/d8Tm8L...==
secret = bXNhbm...==
created = 2020-06-29 17:57:46
modified = 2020-06-29 17:57:46
attribute.username = d8Tm8L...==
attribute.server = protonmail/bridge/users/d8Tm8L...==
attribute.docker_cli = 1
attribute.label = Docker Credentials
```
Downgrading to 19.1 seems to fix the issue, but as far as I know this only affects a few distros and there should be no reason to downgrade the library for those users.https://gitlab.gnome.org/GNOME/libsecret/-/issues/48Instability when libsecret is used from multiple threads in a Flatpak sandbox2020-06-15T06:23:57ZMikhail ZabaluevInstability when libsecret is used from multiple threads in a Flatpak sandboxWhile trying to reproduce https://github.com/flathub/com.visualstudio.code/issues/159, I have created [a test program](/uploads/0cedd4fe300393b67235dbd17b6dfec4/test.c) ([meson.build](/uploads/b31260d2cc31dede389071c78e7fb8b1/meson.build...While trying to reproduce https://github.com/flathub/com.visualstudio.code/issues/159, I have created [a test program](/uploads/0cedd4fe300393b67235dbd17b6dfec4/test.c) ([meson.build](/uploads/b31260d2cc31dede389071c78e7fb8b1/meson.build)) that races multiple threads calling `secret_password_lookup_sync`. While I have not reproduced that exact crash, this clearly causes instability and various knock-on effects in the D-Bus services used by libsecret.
So far, I have observed:
* A critical error on failing `gcry == 0`.
* Causing a crash in xdg-desktop-portal-gtk: https://bugzilla.redhat.com/show_bug.cgi?id=1833779 https://github.com/flatpak/xdg-desktop-portal-gtk/issues/316
* A variety of errors from xdg-desktop-portal in the journal (sorry, l10n got baked into journal messages) https://github.com/flatpak/xdg-desktop-portal/issues/499:
```
Jun 12 18:27:47 xdg-desktop-por[2943]: Backend call failed: GDBus.Error:org.gtk.GDBus.UnmappedGError.Quark._g_2dio_2derror_2dquark.Code44: Ошибка при записи в файловый дескриптор: Обрыв канала
Jun 14 09:07:10 xdg-desktop-por[2943]: Backend call failed: GDBus.Error:org.gtk.GDBus.UnmappedGError.Quark._g_2dio_2derror_2dquark.Code0: Ошибка при записи в файловый дескриптор: Неправильный дескриптор файла
Jun 14 09:08:22 xdg-desktop-por[2943]: Backend call failed: GDBus.Error:org.gtk.GDBus.UnmappedGError.Quark._gck_2derror.Code80: The operation was cancelled
```
* Causing gnome-keyring-daemon to lock up, preventing the user session from termination and new sessions from being started completely until the daemon is killed. https://gitlab.gnome.org/GNOME/gnome-keyring/-/issues/61
* Busy looping after this output (I tried to attach gdb with `flatpak enter` but failed), the daemon is responsive afterwards:
```
password lookup failed: The connection is closed
password lookup failed: The connection is closed
password lookup failed: The connection is closed
password lookup failed: dup: Bad file descriptor
password lookup failed: The connection is closed
password lookup failed: The connection is closed
password lookup failed: The connection is closed
```
The test can be run like so, with Visual Studio Code installed from Flathub:
```sh
flatpak run --command=$PWD/race-test-libsecret com.visualstudio.code/x86_64/stable --generate
flatpak run --command=bash --env=G_DEBUG=fatal-criticals com.visualstudio.code/x86_64/stable -c "set -e; for (( i=0; i<1000; i++ )); do $PWD/race-test-libsecret --test; done"
```https://gitlab.gnome.org/GNOME/libsecret/-/issues/47libsecret doesn't try to unlock the collection before search2022-09-08T08:38:21Zyshuilibsecret doesn't try to unlock the collection before searchThis might not be a problem for gnome-keyring. But for implementers like keepassxc, no entry will be available until the collection is unlocked. basically libsecret won't get anything, or prompt for unlocking if the collection is locked.This might not be a problem for gnome-keyring. But for implementers like keepassxc, no entry will be available until the collection is unlocked. basically libsecret won't get anything, or prompt for unlocking if the collection is locked.https://gitlab.gnome.org/GNOME/libsecret/-/issues/43Random test-session failure2020-04-24T09:52:45ZLaurent BigonvilleRandom test-session failureHello,
On debian [hppa](https://buildd.debian.org/status/fetch.php?pkg=libsecret&arch=hppa&ver=0.20.2-2&stamp=1587714199&raw=0) and [mipsel](https://buildd.debian.org/status/fetch.php?pkg=libsecret&arch=mipsel&ver=0.20.2-2&stamp=1587718...Hello,
On debian [hppa](https://buildd.debian.org/status/fetch.php?pkg=libsecret&arch=hppa&ver=0.20.2-2&stamp=1587714199&raw=0) and [mipsel](https://buildd.debian.org/status/fetch.php?pkg=libsecret&arch=mipsel&ver=0.20.2-2&stamp=1587718946&raw=0), libsecret test-session test fails randomly with:
```
ERROR: test-session
===================
**
ERROR:libsecret/test-session.c:169:test_ensure_async_aes: 'G_IS_ASYNC_RESULT (result)' should be TRUE
Aborted
# random seed: R02Se6bf6cdd3d6a6144baf1d9a29088099f
# test-session: random seed: R02Se6bf6cdd3d6a6144baf1d9a29088099f
1..6
# Start of session tests
# test-session: Start of session tests
# GLib-DEBUG: posix_spawn avoided (workdir specified) (fd close requested) (child_setup specified)
# test-session: GLib-DEBUG: posix_spawn avoided (workdir specified) (fd close requested) (child_setup specified)
# GLib-DEBUG: unsetenv() is not thread-safe and should not be used after threads are created
# test-session: GLib-DEBUG: unsetenv() is not thread-safe and should not be used after threads are created
ok 1 /session/ensure-aes
PASS: test-session 1 /session/ensure-aes
# GLib-DEBUG: posix_spawn avoided (workdir specified) (fd close requested) (child_setup specified)
# test-session: GLib-DEBUG: posix_spawn avoided (workdir specified) (fd close requested) (child_setup specified)
# GLib-DEBUG: setenv()/putenv() are not thread-safe and should not be used after threads are created
# test-session: GLib-DEBUG: setenv()/putenv() are not thread-safe and should not be used after threads are created
# GLib-DEBUG: unsetenv() is not thread-safe and should not be used after threads are created
# test-session: GLib-DEBUG: unsetenv() is not thread-safe and should not be used after threads are created
ok 2 /session/ensure-twice
PASS: test-session 2 /session/ensure-twice
# GLib-DEBUG: posix_spawn avoided (workdir specified) (fd close requested) (child_setup specified)
# test-session: GLib-DEBUG: posix_spawn avoided (workdir specified) (fd close requested) (child_setup specified)
# GLib-DEBUG: setenv()/putenv() are not thread-safe and should not be used after threads are created
# test-session: GLib-DEBUG: setenv()/putenv() are not thread-safe and should not be used after threads are created
# GLib-DEBUG: unsetenv() is not thread-safe and should not be used after threads are created
# test-session: GLib-DEBUG: unsetenv() is not thread-safe and should not be used after threads are created
ok 3 /session/ensure-plain
PASS: test-session 3 /session/ensure-plain
# GLib-DEBUG: posix_spawn avoided (workdir specified) (fd close requested) (child_setup specified)
# test-session: GLib-DEBUG: posix_spawn avoided (workdir specified) (fd close requested) (child_setup specified)
# GLib-DEBUG: setenv()/putenv() are not thread-safe and should not be used after threads are created
# test-session: GLib-DEBUG: setenv()/putenv() are not thread-safe and should not be used after threads are created
Bail out! ERROR:libsecret/test-session.c:169:test_ensure_async_aes: 'G_IS_ASYNC_RESULT (result)' should be TRUE
ERROR: test-session - Bail out! ERROR:libsecret/test-session.c:169:test_ensure_async_aes: 'G_IS_ASYNC_RESULT (result)' should be TRUE
```https://gitlab.gnome.org/GNOME/libsecret/-/issues/38Impossible to export and import passwords afterwards in an identical manner2022-10-04T19:42:33ZCookie EngineerImpossible to export and import passwords afterwards in an identical mannerUsing `secret-tool search --all authtype password` you can generate a list of results, parse those results, and back them up somewhere safe on an external hard drive.
Later though it is impossible to import secrets again in the identica...Using `secret-tool search --all authtype password` you can generate a list of results, parse those results, and back them up somewhere safe on an external hard drive.
Later though it is impossible to import secrets again in the identical manner, because it is impossible to set the `schema` and `secret` via CLI options/flags.
**Expected Behaviour**
```bash
secret-tool store --label="cookiengineer@myserver" --schema="org.gnome.keyring.NetworkPassword" authtype password protocol sftp user cookiengineer server myserver
# then typing in password would be better with --secret="secret value"
```
**Actual Behaviour**
```bash
secret-tool store --label="cookiengineer@myserver" schema org.gnome.keyring.NetworkPassword authtype password protocol sftp user cookiengineer server myserver
# again, typing password is suboptimal.
# resulting entry is wrong. entry.attribute.schema is set, not entry.schema
```
As schema is only possible via `attributes`, the resulting entry will have attribute.schema set, which is not the same, and will therefore not be found by `nautilus` as a password later.
In order to have 1:1 export and import capabilities, it would be necessary to have the following features:
- password dialog via tty is hacky, allow `--secret="value"` flag usage.
- schema cannot be set, allow `--schema="org.gnome.SomeThing"` usage.https://gitlab.gnome.org/GNOME/libsecret/-/issues/32Double backslash results in single backslash stored2021-03-01T08:38:46ZThomas WoutersDouble backslash results in single backslash storedNoticed that when I enter my password in evolution, the password is stored incorrectly (missing one backslash).
```
➜ ~ printf 'test\\\\test' | secret-tool store --label="backslash" foo bar
➜ ~ secret-tool lookup foo bar
test\test
➜ ...Noticed that when I enter my password in evolution, the password is stored incorrectly (missing one backslash).
```
➜ ~ printf 'test\\\\test' | secret-tool store --label="backslash" foo bar
➜ ~ secret-tool lookup foo bar
test\test
➜ ~ printf 'test\\\\test'
test\\test
```
version:
```
/usr/bin/secret-tool is owned by libsecret 0.19.1-1
```https://gitlab.gnome.org/GNOME/libsecret/-/issues/31Unable to use another collection than default one with secret-tool2022-09-08T09:02:58ZLéo GrangeUnable to use another collection than default one with secret-toolI have a workflow which consists in storing some passwords in the default keyring and a few, more-sensitive ones in a separated collection.
While this is not documented (neither in the man nor in the `--help` of secret-tool), it appears ...I have a workflow which consists in storing some passwords in the default keyring and a few, more-sensitive ones in a separated collection.
While this is not documented (neither in the man nor in the `--help` of secret-tool), it appears that an option `[--collection|-c] <collection-name>` is available: https://gitlab.gnome.org/GNOME/libsecret/blob/master/tool/secret-tool.c#L40 .
However, when using it, it leads to an error:
```shell
$ secret-tool store --collection "StrongKeyring" --label='A stronger secret' 'myattr' 'myvalue'
Password:
libsecret-Message: 09:44:49.208: Remote error from secret service: org.freedesktop.DBus.Error.UnknownMethod: No such interface “org.freedesktop.Secret.Collection” on object at path /org/freedesktop/secrets/aliases/StrongKeyring
secret-tool: No such interface “org.freedesktop.Secret.Collection” on object at path /org/freedesktop/secrets/aliases/StrongKeyring
```
The new collection (StrongKeyring) has been created beforehand with seaborn GUI.
So the first question is: is this an "expected" bug (i.e. the feature does not work and is therefore not documented)?
If it is expected to work, I can look for a patch if someone can give me a few pointers of the possible issues.
In addition, this feature seems great, so it deserve a few lines of documentation.