[frameworks-kwallet] [Bug 487348] New: Secret Portal fails to store secret for Flatpak applications

Tue, 21 May 2024 20:10:32 -0700 

https://bugs.kde.org/show_bug.cgi?id=487348

            Bug ID: 487348
           Summary: Secret Portal fails to store secret for Flatpak
                    applications
    Classification: Frameworks and Libraries
           Product: frameworks-kwallet
           Version: 6.2.0
          Platform: Gentoo Packages
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: va...@kde.org
          Reporter: s...@datagirl.xyz
                CC: kdelibs-b...@kde.org
  Target Milestone: ---

SUMMARY
When using the KWallet XDG Secrets Portal implementation with Flatpak packages,
the generated secret never gets stored back to the wallet.

STEPS TO REPRODUCE
1. With KWallet running and the main wallet open, run a Flatpak that uses the
XDG Secret Portal.
2. Trigger the application to look for secrets (e.g., try to open an encrypted
vault).
3. If the application caches its secret, restart the application and try the
operation again.

OBSERVED RESULT
Applications will successfully create secrets, but be unable to read them back.
In the case of the repro program I wrote (see "Additional Information"), output
similar to the following is given:

2024-05-22T03:04:18.100605Z  INFO kwallet_secretportal_repro: Attempt #1
2024-05-22T03:04:18.103380Z  INFO kwallet_secretportal_repro: Secret CRC:
b9446548
2024-05-22T03:04:18.103399Z  INFO kwallet_secretportal_repro: Attempt #2
2024-05-22T03:04:18.112340Z  INFO kwallet_secretportal_repro: Secret CRC:
cf16a0a8
2024-05-22T03:04:18.112356Z ERROR kwallet_secretportal_repro: Secrets don't
match (old CRC: b9446548, new CRC: cf16a0a8)

After a couple attempts, KWallet shows a message box saying:

"There have been repeated failed attempts to gain access to a wallet. An
application may be misbehaving."

EXPECTED RESULT

The secret provided from KWallet is the same every time, so applications can
decrypt secrets they stored.

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Gentoo Linux 2.15 (Kernel 6.6.30-gentoo-dist)
KDE Plasma Version: 6.0.4
KDE Frameworks Version: 6.2.0
Qt Version: 6.7.0

ADDITIONAL INFORMATION
To help reproduce this error, I've built a small test program
(https://invent.kde.org/flurry/secretportalrepro). For a real-world example, I
originally saw this when trying to use Pika Backup
(https://flathub.org/apps/org.gnome.World.PikaBackup).

Note that this error does not occur when interacting with the Secret Portal
outside of a Flatpak. For example, using the same test program in a shell with
`cargo run`:

$ cargo run
    Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.07s
     Running `target/debug/kwallet-secretportal-repro`
2024-05-22T03:05:20.027170Z  INFO kwallet_secretportal_repro: Attempt #1
2024-05-22T03:05:20.030658Z  INFO kwallet_secretportal_repro: Secret CRC:
becbc17e
2024-05-22T03:05:20.030685Z  INFO kwallet_secretportal_repro: Attempt #2
2024-05-22T03:05:20.033057Z  INFO kwallet_secretportal_repro: Secret CRC:
becbc17e
2024-05-22T03:05:20.033081Z  INFO kwallet_secretportal_repro: Attempt #3
2024-05-22T03:05:20.034901Z  INFO kwallet_secretportal_repro: Secret CRC:
becbc17e

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to