Before this commit, the field specified "GPL2+" as license which is
wrong on several levels:
- the `license` field should specify a SPDX license identifier (which
"GPL2+" is not)
- throughout the whole repository multiple licenses are used (not just
GPL2 and later)
- the main library code is licensed under the LGPL, version 2.1 and
later
Fix this by providing a proper SPDX identifier:
- The main library code is licensed under the LGPL, version 2.1 and
later
- The tests are licensed under either the Apache (v2) license or GPL
(v2 or later)
The SecretSession protocol uses a weak Diffie-Hellman parameters which
are not approved by FIPS. While this is not ideal, the protocol is not
designed as a general protection mechanism of data in transit, but
just as a safety net against when the dbus-daemon (or dbus-broker)
crashes and dumps a core, and thus bumping the protocol to use a
larger DH group would be overkill.
This patch temporarily disables the FIPS check around the GnuTLS DH
API calls to avoid errors.
Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
This is the standard mechanism to initialize a GObject introspectable
interface. If you don't do this, you get this PyGIWarning:
Secret was imported without specifying a version first. Use
gi.require_version('Secret', '1') before import to ensure that the
right version gets loaded.
On NixOS packages are installed in separate prefixes.
Starting from GLib / gobject-introspection 2.80, GLib introspection data
is provided by GLib itself instead of gobject-introspection. This causes
tests failures on NixOS because env.set() resets the environment and GLib
is missing from GI_TYPELIB_PATH:
gi.RepositoryError: Typelib file for namespace 'Gio', version '2.0' not found
See also:
29e6cc5808
If you pass an option to enable a crypto backend it just silently
moves on when nothing is found. This is not how a build system
should behave and will lead to mistakes. The disabled option exists
for that purpose.
There were several issues in `secret_tool_action_lock()`:
- `g_autolist (GList)` isn't a correct type, as the list elements are
`SecretCollection`s, not `GList`s
- Separately from that, the list didn't take ownership of the elements
either in all cases
- We were leaking the `locked` and `context` variables
This commits just does away with all the g_auto* usage as it's the only
place in the code we're using it anyway, and just does all the freeing
at the end of the function.
Fixes: 015ea119 ("secret-tool: Add locking capabilities to secret tool")
Fixes: https://gitlab.gnome.org/GNOME/libsecret/-/issues/89
These changes port the PAM module from gnome-keyring/pam to libsecret/pam.
Removed `start_daemon` and the dependent code altogether. Because,
gnome-keyring-daemon is launched by systemd.
Replaced calls to `pam_get_item` to retrieve authentication tokens with
`pam_get_authtok`.
Signed-off-by: Dhanuka Warusadura <dhanuka@gnome.org>
This change is a part of the port PAM module from gnome-keyring
patch set.
These changes port gnome-keyring/egg/egg-unix-credentials.c to
libsecret/egg
Furthermore ports gnome-keyring/egg/egg-buffer.c to libsecret/egg
Signed-off-by: Dhanuka Warusadura <dhanuka@gnome.org>
Note that gnutls 3.8.2 packages is still under testing, so we
tentatively pull in the build directly from koji.
Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
This turns the `-Dgcrypt` build time option into a more generic
`-Dcrypto` option, which enables user to choose which cryptographic
library to link with. It currently supports libgcrypt (`libgcrypt`)
and GnuTLS (`gnutls`); for the latter, GnuTLS 3.8.2 is the minimum
required version.
Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
