The idea behind `SecretSync` is a nice thing: it allows use to re-use
our async implementations of methods for the synchronous versions. The
big problem with it, is that it makes debugging issues much harder
(especially with issues related to freezes) since things can seem to be
stuck in `poll()` somewhere.
Even though it adds quite a bit of code, I think it makes sense to
replace some instances with a proper synchronous implementation. Note
that we don't do this for all usages of `SecretSync` though, as some
things will need some kind of main loop interaction anyway (for example,
when waiting for a portal's Response signal)
Another nice advantage is that it's easier to follow the logic in the
sync code than the async version.
This makes sure that our tests run within their own D-Bus session (which
is a requirement most of the time)
As a result, we can get rid of a few workarounds in our CI to setup such
a session.
Before this commit, the field specified "GPL2+" as license which is
wrong on several levels:
- the `license` field should specify a SPDX license identifier (which
"GPL2+" is not)
- throughout the whole repository multiple licenses are used (not just
GPL2 and later)
- the main library code is licensed under the LGPL, version 2.1 and
later
Fix this by providing a proper SPDX identifier:
- The main library code is licensed under the LGPL, version 2.1 and
later
- The tests are licensed under either the Apache (v2) license or GPL
(v2 or later)
The SecretSession protocol uses a weak Diffie-Hellman parameters which
are not approved by FIPS. While this is not ideal, the protocol is not
designed as a general protection mechanism of data in transit, but
just as a safety net against when the dbus-daemon (or dbus-broker)
crashes and dumps a core, and thus bumping the protocol to use a
larger DH group would be overkill.
This patch temporarily disables the FIPS check around the GnuTLS DH
API calls to avoid errors.
Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
This is the standard mechanism to initialize a GObject introspectable
interface. If you don't do this, you get this PyGIWarning:
Secret was imported without specifying a version first. Use
gi.require_version('Secret', '1') before import to ensure that the
right version gets loaded.
On NixOS packages are installed in separate prefixes.
Starting from GLib / gobject-introspection 2.80, GLib introspection data
is provided by GLib itself instead of gobject-introspection. This causes
tests failures on NixOS because env.set() resets the environment and GLib
is missing from GI_TYPELIB_PATH:
gi.RepositoryError: Typelib file for namespace 'Gio', version '2.0' not found
See also:
29e6cc5808
If you pass an option to enable a crypto backend it just silently
moves on when nothing is found. This is not how a build system
should behave and will lead to mistakes. The disabled option exists
for that purpose.
There were several issues in `secret_tool_action_lock()`:
- `g_autolist (GList)` isn't a correct type, as the list elements are
`SecretCollection`s, not `GList`s
- Separately from that, the list didn't take ownership of the elements
either in all cases
- We were leaking the `locked` and `context` variables
This commits just does away with all the g_auto* usage as it's the only
place in the code we're using it anyway, and just does all the freeing
at the end of the function.
Fixes: 015ea119 ("secret-tool: Add locking capabilities to secret tool")
Fixes: https://gitlab.gnome.org/GNOME/libsecret/-/issues/89
These changes port the PAM module from gnome-keyring/pam to libsecret/pam.
Removed `start_daemon` and the dependent code altogether. Because,
gnome-keyring-daemon is launched by systemd.
Replaced calls to `pam_get_item` to retrieve authentication tokens with
`pam_get_authtok`.
Signed-off-by: Dhanuka Warusadura <dhanuka@gnome.org>
