Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bridge uses pass(1) even though "Helper" is "secret-service" #426

Open
brunnre8 opened this issue Sep 27, 2023 · 3 comments
Open

bridge uses pass(1) even though "Helper" is "secret-service" #426

brunnre8 opened this issue Sep 27, 2023 · 3 comments
Labels
bug Something isn't working

Comments

@brunnre8
Copy link

brunnre8 commented Sep 27, 2023
edited
Loading

Expected Behavior

When the keychain helper is set to "secret-service" or "secret-service-dbus" all other helpers should not be tried

Current Behavior

All possible helpers are used in the setup, due to the isUsable() checks in init() of pkg/keychain/helper_linux.go

proton-bridge/pkg/keychain/helper_linux.go

Lines 75 to 105 in 384154c

func isUsable(helper credentials.Helper, err error) bool {
l := logrus.WithField("helper", reflect.TypeOf(helper))
if err != nil {
l.WithError(err).Warn("Keychain helper couldn't be created")
return false
}
creds := &credentials.Credentials{
ServerURL: "bridge/check",
Username: "check",
Secret: "check",
}
if err := helper.Add(creds); err != nil {
l.WithError(err).Warn("Failed to add test credentials to keychain")
return false
}
if _, _, err := helper.Get(creds.ServerURL); err != nil {
l.WithError(err).Warn("Failed to get test credentials from keychain")
return false
}
if err := helper.Delete(creds.ServerURL); err != nil {
l.WithError(err).Warn("Failed to delete test credentials from keychain")
return false
}
return true
}

This messes up keychains that track history, in my case pass, as that adds multiple entries whenever the bridge starts.
If the bridge has explicitly been told to use a certain keychain, all others should not be touched even if they seem to be available.

Possible Solution

Don't check for usability of helpers that are not configured if the user explicitly set a helper in the config

Steps to Reproduce

  1. Install pass, make it use the git integration
  2. configure the bridge to use the secret-service helper
  3. check the pass git log entries, you'll see a add + remove for every invocation of the bridge

Version Information

v3.4.2 (br-165)
@LBeernaertProton LBeernaertProton added the bug Something isn't working label Sep 27, 2023
@LBeernaertProton
Copy link
Collaborator

Thanks for the report. Internally tracked as GODT-2961.

This was referenced Oct 27, 2023
Closed
Closed
@DarkArc
Copy link

DarkArc commented Aug 28, 2024

I haven't bumped into this in a while ... today when rebooting I lost credentials and had to sign in again.

@droople1
Copy link

Also see #472 If protonmail doesn't want to work for gnome-keyring for whatever reason, but it works fine with pass, then you still have to wait for it to timeout with the other items because pass is checked last.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@DarkArc @brunnre8 @droople1 @LBeernaertProton