The idea behind `SecretSync` is a nice thing: it allows use to re-use
our async implementations of methods for the synchronous versions. The
big problem with it, is that it makes debugging issues much harder
(especially with issues related to freezes) since things can seem to be
stuck in `poll()` somewhere.
Even though it adds quite a bit of code, I think it makes sense to
replace some instances with a proper synchronous implementation. Note
that we don't do this for all usages of `SecretSync` though, as some
things will need some kind of main loop interaction anyway (for example,
when waiting for a portal's Response signal)
Another nice advantage is that it's easier to follow the logic in the
sync code than the async version.
This is the standard mechanism to initialize a GObject introspectable
interface. If you don't do this, you get this PyGIWarning:
Secret was imported without specifying a version first. Use
gi.require_version('Secret', '1') before import to ensure that the
right version gets loaded.
On NixOS packages are installed in separate prefixes.
Starting from GLib / gobject-introspection 2.80, GLib introspection data
is provided by GLib itself instead of gobject-introspection. This causes
tests failures on NixOS because env.set() resets the environment and GLib
is missing from GI_TYPELIB_PATH:
gi.RepositoryError: Typelib file for namespace 'Gio', version '2.0' not found
See also:
29e6cc5808
If you pass an option to enable a crypto backend it just silently
moves on when nothing is found. This is not how a build system
should behave and will lead to mistakes. The disabled option exists
for that purpose.
There were several issues in `secret_tool_action_lock()`:
- `g_autolist (GList)` isn't a correct type, as the list elements are
`SecretCollection`s, not `GList`s
- Separately from that, the list didn't take ownership of the elements
either in all cases
- We were leaking the `locked` and `context` variables
This commits just does away with all the g_auto* usage as it's the only
place in the code we're using it anyway, and just does all the freeing
at the end of the function.
Fixes: 015ea119 ("secret-tool: Add locking capabilities to secret tool")
Fixes: https://gitlab.gnome.org/GNOME/libsecret/-/issues/89
These changes port the PAM module from gnome-keyring/pam to libsecret/pam.
Removed `start_daemon` and the dependent code altogether. Because,
gnome-keyring-daemon is launched by systemd.
Replaced calls to `pam_get_item` to retrieve authentication tokens with
`pam_get_authtok`.
Signed-off-by: Dhanuka Warusadura <dhanuka@gnome.org>
This change is a part of the port PAM module from gnome-keyring
patch set.
These changes port gnome-keyring/egg/egg-unix-credentials.c to
libsecret/egg
Furthermore ports gnome-keyring/egg/egg-buffer.c to libsecret/egg
Signed-off-by: Dhanuka Warusadura <dhanuka@gnome.org>
Note that gnutls 3.8.2 packages is still under testing, so we
tentatively pull in the build directly from koji.
Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
This turns the `-Dgcrypt` build time option into a more generic
`-Dcrypto` option, which enables user to choose which cryptographic
library to link with. It currently supports libgcrypt (`libgcrypt`)
and GnuTLS (`gnutls`); for the latter, GnuTLS 3.8.2 is the minimum
required version.
Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
When compiled without libgcrypt, some of the tests in test-session
fails as they expect the session algorithm to be
"dh-ietf1024-sha256-aes128-cbc-pkcs7". This adds a build-time
conditional to guard against it.
Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
This moves low-level cryptographic functions into egg/egg-keyring1.c,
to make it easy to support multiple crypto backend libraries.
Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
The original code tries to encrypt the file format using AES-256-CBC,
though actually AES-128-CBC was used because the key size is shorter
and libgcrypt automatically degrades to AES-128-CBC based on the key
size. Reported by Sophie Herold in:
https://github.com/bilelmoussaoui/oo7/issues/46#issuecomment-1816286494
Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
This wraps gcry_mpi_t usage in the API with opaque strucs, so it would
be easier to port egg-dh to other crypto libraries.
Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
This makes the internal logic of _secret_attributes_validate public,
so applications can check and recover when an invalid attributes table
is passed to other libsecret API, such as secret_service_clear.
