Skip to content

snap: Force usage of libsecret everywhere and remove password manager service plug #2477

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

snap: Force usage of libsecret everywhere and remove password manager service plug #2477

wants to merge 3 commits into from

Conversation

@3v1n0
Copy link
Contributor

@3v1n0 3v1n0 commented Nov 22, 2023

See each commit for further explanations.

3v1n0 added 3 commits November 22, 2023 20:07
@3v1n0
snap: Do not require password-manager-service
ea49cbf 
The snap uses now a local and confined password manager, so it won't ever
try to access to the system one.

As per this disable the plug that could be a security hole.
@3v1n0
snap: Use libsecret storage in all the environments
b81b811 
When mailspring is confined it will only be able to access to
the password storage via libsecret and that will save the data
locally using the file storage.

As per this, don't make electron to use some other passwor storage
backend when running in different desktop environments.
@3v1n0
snap: Force using the file secret backend everywhere
10dd8c9 
This is already the case for the snap in most scenarios,
but in some this could not happen if no secret portal is
available in the system.
In such cases, let's still force using a local secret backend.
@foundry376-bot
Copy link

foundry376-bot commented Nov 23, 2023

This pull request has been mentioned on Mailspring Community. There might be relevant details there:

https://community.getmailspring.com/t/password-management-error-after-the-latest-upgrade/7298/33

@Phylu Phylu requested a review from bengotow November 27, 2023 20:24
@3v1n0
Copy link
Contributor Author

3v1n0 commented Dec 4, 2023

Oh this may require canonical/snapcraft#4477 wondering if using it without "=" but a space instead works anyways.

@3v1n0 3v1n0 marked this pull request as draft December 6, 2023 02:38
bengotow
bengotow reviewed Dec 10, 2023
View reviewed changes
snap/snapcraft.yaml
DISABLE_WAYLAND: 1
# Force using the libsecret local backend in all the cases, even if no
# portal is detected.
SECRET_BACKEND: file
Copy link
Collaborator

@bengotow bengotow Dec 10, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm we may want to ship this separately since it'll require everyone to re-authenticate their accounts again (since we won't read their previously saved passwords from the password manager service)

Is there a way we can verify libsecret is receiving an encryption master key via a portal? I mostly want to be be sure that Chrome doesn't fall through to https://chromium.googlesource.com/chromium/src/+/53.0.2785.100/components/os_crypt/os_crypt_linux.cc#71 and use the password peanuts for everyone!

Copy link
Contributor Author

@3v1n0 3v1n0 Dec 11, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, I can see that... Well, I kept this a draft as we can avoid it for now.

However ea49cbf is safe to add and can likely be moved to another PR if you prefer.

@bengotow bengotow force-pushed the master branch 20 times, most recently from 7e90210 to dd4f821 Compare January 2, 2025 04:30
@bengotow bengotow force-pushed the master branch 6 times, most recently from 610fb16 to 1a8284d Compare January 2, 2025 04:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bengotow bengotow bengotow left review comments

Assignees

@bengotow bengotow

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@3v1n0 @foundry376-bot @bengotow