From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Liam Hupfer via Users list for the GNU Emacs text editor Newsgroups: gmane.emacs.help Subject: Re: Emacs Secret Service integration and KeePassXC issues Date: Sun, 12 Dec 2021 17:57:43 -0600 Message-ID: <87y24ps1cz.fsf@hpfr.net> References: <87tur5oob2.fsf@hpfr.net> <87tur5w5dn.fsf@gmx.de> Reply-To: Liam Hupfer Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="22786"; mail-complaints-to="usenet@ciao.gmane.io" Cc: help-gnu-emacs To: Michael Albinus Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Mon Dec 13 03:09:08 2021 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mwam4-0005gS-FD for geh-help-gnu-emacs@m.gmane-mx.org; Mon, 13 Dec 2021 03:09:08 +0100 Original-Received: from localhost ([::1]:50068 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mwam3-0005U7-8v for geh-help-gnu-emacs@m.gmane-mx.org; Sun, 12 Dec 2021 21:09:07 -0500 Original-Received: from eggs.gnu.org ([209.51.188.92]:52064) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mwalb-0005Tz-1d for help-gnu-emacs@gnu.org; Sun, 12 Dec 2021 21:08:39 -0500 Original-Received: from out2.migadu.com ([188.165.223.204]:11870) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mwalW-0001GO-Fd for help-gnu-emacs@gnu.org; Sun, 12 Dec 2021 21:08:38 -0500 X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hpfr.net; s=key1; t=1639361310; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=59sJhweoB2vxKa5ekqdwlsXDdPh+r0qtmuTRPlaVk0k=; b=GswfnJdyQ1A0Lp9Mx70lrGOHQQrCq1kOsIguqo9nXEtIJT6H6HFtbiYR92hfKgGd5AduN9 Aa+j0i/MRoP1hIMC58qIJr70xhqTjqAxQY0APNu1lZp/Sby/snWEsV53gwBM57mPDbqjdb VYec3CfNEUyMeQSD4rtOKnRw1l7jzQVgANx2nuq8hnIfcXwe++OLt0Dpgmz0eXGDI/SnDw nJbSIWnDwMyGhtE0l+64NfqOn8QYNOM1ubgsIzPu9aqcuCEBDuGw0i0arF3U9MojEzGP5K 5JCXlCjSUiKZdxDiRJFbkswdygrGyh7r6VZ4tbJpX9YLZAr4vcFZUdHcGUbtqA== In-reply-to: <87tur5w5dn.fsf@gmx.de> X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: liam@hpfr.net Received-SPF: pass client-ip=188.165.223.204; envelope-from=liam@hpfr.net; helo=out2.migadu.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "help-gnu-emacs" Xref: news.gmane.io gmane.emacs.help:134954 Archived-At: Michael Albinus writes: > Hi Liam, Hello again Michael. Thank you very much for the prompt response; I must apologize for the gargantuan delay. Hey, I got back to you before your response=E2=80=99s first birthday, right? Part of the reason for the wait was that I figured I=E2=80=99d have to crea= te a Fedora VM and reproduction instructions with vanilla Emacs (I use the Doom distribution and have pretty much no idea how to navigate or configure vanilla =F0=9F=98=85) and KeePassXC. I didn=E2=80=99t do that, but I did come back to this and actually read the secrets.el and auth-sources.el source code as well as some of the KeePassXC implementation comments. > Well, I=E2=80=99ve tried it. I=E2=80=99m running Fedora 33, and I=E2=80= =99ve installed KeePassXC > 2.6.3 via dnf. > > Stopped the GNOME keyring daemon, started keepassxc. I=E2=80=99ve created= a new > database, and two entries. Then I=E2=80=99ve enabled the Secret Service > Integration via Setings. And now I=E2=80=99m lost. I don=E2=80=99t see an= y collection, > and so I don=E2=80=99t know how to access. If you=E2=80=99re on Fedora 34, you should be able to get KeePassXC 2.6.6 n= ow=C2=B9; it=E2=80=99s what I=E2=80=99m using, so that=E2=80=99s probably our best be= t for reproducibility. Firstly, I suspect the reason you don=E2=80=99t see a collection is because= even after enabling the Secret Service Integration in KeePassXC=E2=80=99s app-wi= de settings, KeePassXC exposes no entries from the database to the service by default. To expose some, you need to select `Database > Database Settings > Secret Service Integration > Expose entries under this group:', and then choose a group (likely only Root will exist for your test database) to expose. Then in the app-wide secret service settings, the group should show up under =E2=80=9CExposed database groups:=E2=80=9D. You might have to restart KeePassXC or Emacs at this point; I=E2=80=99m not= 100% sure how those interactions work, so I did it just to be safe. At this point, invoking `(secrets-list-collections)' should return a list with one string corresponding to your database name, and `M-x secrets-show-secrets' should let you browse the entries and attributes. Now for the main issue. Assuming my instructions are still working, you have probably noticed that the =E2=80=9Csession=E2=80=9D collection does no= t seem to be present. I browsed the Emacs source and can=E2=80=99t find any `CreateCollection' or `secrets-create-collection' references, but the docs say the collection is =E2=80=9Ccreated automatically when Emacs uses t= he Secret Service interface=E2=80=9D. This does not seem to be happening. In a= ny case, KeePassXC maps collections to database files, so evaluating `(secrets-create-collection)' results in KeePassXC prompting me for a new database name and password and a place to save it. Since this collection is intended to be ephemeral, it=E2=80=99s probably not great to = go through the whole database creation process every time you launch Emacs. But that=E2=80=99s a KeePassXC issue to handle, and I=E2=80=99m fine with d= oing it for the time being if it gets this working. Unfortunately, the session collection does not seem to be created at all at the moment, despite `(secrets-create-collection)' working fine. That part seems to be an Emacs thing? My only guess was that the `secrets-struct-secret-content-type' `defconst' which creates a dummy item in the =E2=80=9Csession=E2=80=9D coll= ection somehow creates the collection in the process.=C2=B2 Soon, I noticed another thing: in KeePassXC=E2=80=99s app-wide secret service settings, there is an =E2=80=9CAuthorization=E2=80=9D tab that lists currently connected applicat= ions. For some reason, Emacs was listed dozens of times when I opened this. I watched the scroll-bar for the pane and it did shrink and grow when I closed and reopened a session from Emacs, and I noticed that repeatedly opening does in fact return the same session path, so I wasn=E2=80=99t sure= how that happened. But then I figured out how to try running the code in the aforementioned `defconst', and I realized that it indeed opens a session and attempts to create a dummy item to dynamically get the content-type. However, because the =E2=80=9Csession=E2=80=9D collection it uses doesn=E2= =80=99t exist, it ends up simply opening a session and then failing to create the item with `dbus-call-method: D-Bus error: "No such object path '/org/freedesktop/secrets/collection/session'"'. The removal call fails because the result from the creation is nil. All of this is wrapped in `ignore-errors', so it doesn=E2=80=99t get printed. But I think the result = is this somehow gets called repeatedly which creates the many open sessions? Because once I got this far I just tried evaluating the `defconst' repeatedly and it indeed opened many sessions, and the result remained nil. I supposed this is why `(secrets-create-item)' failed, but I noticed you said the nil content type was backwards compatible so I gave it a try and it gives /another/ error. I ran `(secrets-create-item "default" "test emacs item" "test pw")' =C2=B3, and received: =E2=94=8C=E2=94=80=E2=94=80=E2=94=80=E2=94=80 =E2=94=82 No such method 'CreateItem' in interface 'org.freedesktop.Secret.= Collection' at object path '/org/freedesktop/secrets/collection/main' (sign= ature 'a{sv}(oayay)b') =E2=94=94=E2=94=80=E2=94=80=E2=94=80=E2=94=80 Interestingly, KeePassXC=E2=80=99s logs said: =E2=94=8C=E2=94=80=E2=94=80=E2=94=80=E2=94=80 =E2=94=82 Message signature does not match, expected "a{sv}(oayays)b" 3 got= "a{sv}(oayay)b" 3 =E2=94=94=E2=94=80=E2=94=80=E2=94=80=E2=94=80 In summary: =E2=80=A2 Where is the =E2=80=9Csession=E2=80=9D collection actually initia= lized? =E2=80=A2 Do you have any idea what the issue is with the message signature issue for `CreateItem'? =E2=80=A2 Can we get the =E2=80=9Csession=E2=80=9D collection initialized (= even if it involves waiting for me to interact with KeePassXC=E2=80=99s database creation UI) before the `defconst' evaluation in order to correctly grab the content-type? Sorry this got long; writing about GUI navigation over email gets a little verbose, I guess, and then I ended up doing a bunch more debugging as I tried to write the email which resulted in me effectively documenting my debugging process. I realize I=E2=80=99m asking a little muc= h to have the secrets.el maintainer debug interactions with an application he doesn=E2=80=99t use, so let me be clear I=E2=80=99m not obliging you to try= all this. If you have suggestions or hunches I=E2=80=99m happy to try them myself. Also = happy to explore other debugging methods if you prefer! Thanks for reading if you made it this far =F0=9F=98=84. =E2=80=94Liam =C2=B9 =C2=B2 =C2=B3 In KeePassXC=E2=80=99s implementation, the default alias refers to t= he currently focused open database, which is probably the only one you have.