https://bugs.kde.org/show_bug.cgi?id=458339
Bug ID: 458339
Summary: KWallet/Secret Service: potential conflict of
auto-start files (DBus etc) with other Secret Service
providers
Product: frameworks-kwallet
Version: 5.97.0
Platform: unspecified
OS: Linux
Status: REPORTED
Severity: wishlist
Priority: NOR
Component: general
Assignee: va...@kde.org
Reporter: mk.mat...@gmail.com
CC: kdelibs-b...@kde.org
Target Milestone: ---
SUMMARY
KWallet Framework introduced Secret Service API support in 5.97.0, however this
may conflict with other Secret Service providers such as GNOME keyring or
KeePassXC. There is currently a configuration option in KWallet to disable its
Secret Service API integration, but this provides only a partial solution: the
preferred Secret Service provider still can't be easily configured at the host
system level. In particular, if there are DBus service startup files (such as
`/usr/share/dbus-1/services/org.freedesktop.secrets.service`) or SystemD
services installed by these providers, these files from different provides may
still conflict, and the wrong provider may be auto-started by the host system.
I've proposed compatibility guidelines in
https://gitlab.freedesktop.org/xdg/xdg-specs/-/issues/75 . The problem should
be resolved if all Secrets Service providers follow these guidelines. I've
pointed the KeepassXC devs and Gnome keyring devs to these guidelines to
implement on their end; this issue is to point the KWallet devs to the same
guidelines. Comments on these guidelines are welcome from all sides, if you
think they need adjustment.
Same for Gnome keyring:
https://gitlab.gnome.org/GNOME/gnome-keyring/-/issues/86
KeePassXC:
https://github.com/keepassxreboot/keepassxc/issues/6274#issuecomment-826083122
STEPS TO REPRODUCE
1. Install KWallet, and enable its Secrets Service API integration.
2. Check if the installed files conform to the proposed compatibility
guidelines at https://gitlab.freedesktop.org/xdg/xdg-specs/-/issues/75
3. Install KeepassXC.
4. In KeepassXC, enable freedesktop.org Secret Service integration, and expose
a DB to the service.
5. Close KeepassXC.
6. Launch a client app that requires Secret Service, such as `secret-tool`.
EXPECTED RESULT
1. In step 2, the installed files should conform to the compatibility
guidelines. In particular:
a. If `/usr/share/dbus-1/services/org.freedesktop.secrets.service` is
installed, it should be a symlink to a provider-specific file, such as
`/usr/share/kwallet/dbus/org.freedesktop.secrets.service`.
b. If a SystemD service file is installed, it should have a
provider-specific name such as `dbus-org.freedesktop.secrets.kwallet.service`,
and use an `Alias` directive to refer to the general service name:
`Alias=dbus-org.freedesktop.secrets.service`.
2. In step 6, KeepassXC should be launched as the DBus
`org.freedesktop.secrets.service` backend.
OBSERVED RESULT
1. In step 2, the installed files may not conform to the compatibility
guidelines. For example,
`/usr/share/dbus-1/services/org.freedesktop.secrets.service` may be a
hard-coded regular file (this was the case with Gnome keyring, I'm not sure
about KWallet - the file may not exist at all yet in 5.97.0).
2. In step 6, KWallet may be launched as the DBus
`org.freedesktop.secrets.service` backend. (Again, that was the case with Gnome
keyring, I'm not sure about KWallet. This was partly KeepassXC's fault, as
discussed in https://github.com/keepassxreboot/keepassxc/issues/6274 , but also
partly because the Gnome-keyring files get in the way. KWallet's files and
service may get in the way in a similar manner).
SOFTWARE/OS VERSIONS
KDE Frameworks Version: 5.97.0
The original issue as reported in
https://github.com/keepassxreboot/keepassxc/issues/6274 for Gnome keyring, was
on Ubuntu 20.10 with GNOME 3.38.
--
You are receiving this mail because:
You are watching all bug changes.
