Commit Graph

829 Commits

Author SHA1 Message Date
Dhanuka Warusadura
adf232eaed Merge branch 'header' into 'master'
Remove self-inclusion from `secret-item.h`

Closes #97

See merge request GNOME/libsecret!149
2024-11-21 13:15:38 +00:00
Dhanuka Warusadura
281fe5e62b Remove self-inclusion from secret-item.h
Fixes: #97

Signed-off-by: Dhanuka Warusadura <dhanuka@gnome.org>
2024-11-21 18:39:56 +05:30
Niels De Graef
e39b831776 Merge branch 'salim-b-master-patch-39579' into 'master'
docs: fix link in README

See merge request GNOME/libsecret!147
2024-09-25 22:41:54 +00:00
Salim B
42ce5d0397 docs: fix link in README 2024-09-25 22:26:48 +00:00
Niels De Graef
f41bb4e8f0 Merge branch 'nielsdg/fix-licenses' into 'master'
meson: Fix license field

See merge request GNOME/libsecret!139
2024-09-17 21:31:37 +00:00
Niels De Graef
2487f421dc meson: Fix license field
Before this commit, the field specified "GPL2+" as license which is
wrong on several levels:

- the `license` field should specify a SPDX license identifier (which
  "GPL2+" is not)
- throughout the whole repository multiple licenses are used (not just
  GPL2 and later)
- the main library code is licensed under the LGPL, version 2.1 and
  later

Fix this by providing a proper SPDX identifier:

- The main library code is licensed under the LGPL, version 2.1 and
  later
- The tests are licensed under either the Apache (v2) license or GPL
  (v2 or later)
2024-09-17 21:28:09 +00:00
Tobias Bengfort
54ee246e45 doc: mention file backend
see https://gitlab.gnome.org/GNOME/libsecret/-/merge_requests/6
2024-07-23 14:37:27 +02:00
Daiki Ueno
71a2e530a5 Merge branch 'wip/dueno/fips-secret-transport' into 'master'
session: Tolerate non-approved DH parameter usage in FIPS mode

See merge request GNOME/libsecret!145
2024-07-22 21:06:37 +00:00
Daiki Ueno
ed95b24c74 .gitlab-ci.yml: Exercise -Dcrypto=gnutls build in FIPS mode
Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2024-07-23 06:00:11 +09:00
Daiki Ueno
ac1367056d session: Tolerate non-approved DH parameter usage in FIPS mode
The SecretSession protocol uses a weak Diffie-Hellman parameters which
are not approved by FIPS. While this is not ideal, the protocol is not
designed as a general protection mechanism of data in transit, but
just as a safety net against when the dbus-daemon (or dbus-broker)
crashes and dumps a core, and thus bumping the protocol to use a
larger DH group would be overkill.

This patch temporarily disables the FIPS check around the GnuTLS DH
API calls to avoid errors.

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2024-07-23 06:00:10 +09:00
Niels De Graef
337a0937fb Merge branch 'fix-python-docs' into 'master'
Improve Python examples

See merge request GNOME/libsecret!144
2024-06-20 06:17:12 +00:00
Daniel Kahn Gillmor
f7e2b7884a Python examples: use gi.require_version("Secret", "1")
This is the standard mechanism to initialize a GObject introspectable
interface.  If you don't do this, you get this PyGIWarning:

  Secret was imported without specifying a version first. Use
  gi.require_version('Secret', '1') before import to ensure that the
  right version gets loaded.
2024-06-19 18:58:48 -04:00
Daniel Kahn Gillmor
7f01cc6786 Python: Correct Importing example
Without this fix, we get a TypeError:

TypeError: Must be mapping, not set
2024-06-19 09:36:38 -04:00
Guntupalli Karunakar
8580f9e961 Add Hindi translation 2024-05-07 17:11:35 +00:00
Rachida SACI
2236e75c9d Add Kabyle translation 2024-03-30 10:40:57 +00:00
Dhanuka Warusadura
fb315d2860 Merge branch 'andyholmes/gidocgen-fix' into 'master'
Fix minor gi-docgen reference

See merge request GNOME/libsecret!142
2024-03-21 06:29:11 +00:00
Andy Holmes
226fa114ac
Fix minor gi-docgen reference
Apparently `GLib.Type` is in fact `GObject.Type`.

See: https://docs.gtk.org/gobject/alias.Type.html
2024-03-20 20:23:53 -07:00
Niels De Graef
167761ffa7 Merge branch 'wip/bobby285271/test-env-prepend' into 'master'
meson: Use env.prepend() for test environment setup

See merge request GNOME/libsecret!141
2024-03-10 21:07:24 +00:00
Bobby Rong
2089893232
meson: Use env.prepend() for test environment setup
On NixOS packages are installed in separate prefixes.
Starting from GLib / gobject-introspection 2.80, GLib introspection data
is provided by GLib itself instead of gobject-introspection. This causes
tests failures on NixOS because env.set() resets the environment and GLib
is missing from GI_TYPELIB_PATH:

gi.RepositoryError: Typelib file for namespace 'Gio', version '2.0' not found

See also:
29e6cc5808
2024-03-10 10:40:35 +08:00
Niels De Graef
a86c93d6f9 Merge branch 'annotate-fns' into 'master'
secret-util: Annotate docstirngs

See merge request GNOME/libsecret!140
2024-02-24 11:48:34 +00:00
Maximiliano Sandoval
3ebda96b5f
secret-attributes: Annotate secret_attributes_validate 2024-02-24 10:34:22 +01:00
Maximiliano Sandoval
4e9502ee3d
secret-util: Annotate new enum members
They were missing a Since annotation.
2024-02-24 10:34:13 +01:00
Niels De Graef
6b5a6c28af Release stable version 0.21.4 2024-02-23 10:53:23 +01:00
Maximiliano
22160d7102 Merge branch 'fix-blocking-flatpak' into 'master'
file-backend: Subscribe before calling dbus

Closes #58

See merge request GNOME/libsecret!138
2024-02-22 17:14:18 +00:00
Maximiliano Sandoval
311ca720dd
file-backend: Subscribe before calling dbus
Code is heavily inspired from libportal's implementation of
org.freedesktop.portal.Location.Start.

Fixes: https://gitlab.gnome.org/GNOME/libsecret/-/issues/58
Tested-by: Stefan Hajnoczi <stefanha@jammr.net>
2024-02-22 18:09:15 +01:00
Niels De Graef
bf362eeef0 Merge branch 'crypto-options' into 'master'
meson: Fix crypto option being silently ignored

See merge request GNOME/libsecret!137
2024-02-21 13:19:37 +00:00
Patrick Griffis
b1736bf119 CI: Bump image version
This includes newer gnutls
2024-02-16 13:16:27 -06:00
Patrick Griffis
257d521cb9 meson: Fix crypto option being silently ignored
If you pass an option to enable a crypto backend it just silently
moves on when nothing is found. This is not how a build system
should behave and will lead to mistakes. The disabled option exists
for that purpose.
2024-02-16 12:58:12 -06:00
Dhanuka Warusadura
9ee98781bc Merge branch 'doap' into 'master'
doap: add myself as maintainer

See merge request GNOME/libsecret!136
2024-02-08 14:42:47 +00:00
Dhanuka Warusadura
6a60ed5d9a doap: add myself as maintainer
With the approval of Daiki Ueno (@dueno)

Signed-off-by: Dhanuka Warusadura <dhanuka@gnome.org>
2024-02-08 12:46:19 +05:30
Ridhubharan Venkatachalam
6d2e87e185 Add Tamil translation 2024-01-09 01:42:11 +00:00
Dhanuka Warusadura
70597d01b2
Release 0.21.3
Signed-off-by: Dhanuka Warusadura <dhanuka@gnome.org>
2024-01-06 13:53:25 +05:30
Andre Klapper
4378702619 DOAP: Replace defunct mailing list with GNOME Discourse URL 2024-01-05 19:23:53 +01:00
Dhanuka Warusadura
fdc2274595 Merge branch 'nielsdg/fix-illegal-free-in-secret-tool' into 'master'
secret-tool: Fix memory issues in lock command

Closes #89

See merge request GNOME/libsecret!134
2023-12-12 12:57:52 +00:00
Niels De Graef
a1ceaeed2a secret-tool: Fix memory issues in lock command
There were several issues in `secret_tool_action_lock()`:

- `g_autolist (GList)` isn't a correct type, as the list elements are
  `SecretCollection`s, not `GList`s
- Separately from that, the list didn't take ownership of the elements
  either in all cases
- We were leaking the `locked` and `context` variables

This commits just does away with all the g_auto* usage as it's the only
place in the code we're using it anyway, and just does all the freeing
at the end of the function.

Fixes: 015ea119 ("secret-tool: Add locking capabilities to secret tool")
Fixes: https://gitlab.gnome.org/GNOME/libsecret/-/issues/89
2023-12-12 12:27:12 +01:00
Dhanuka Warusadura
8e8000d404 Merge branch 'wip/dueno/crypto-backend-followup' into 'master'
tests: Remove unnecessary inclusion of <gcrypt.h>

See merge request GNOME/libsecret!133
2023-12-11 06:21:50 +00:00
Daiki Ueno
7f31c83230 tests: Remove unnecessary inclusion of <gcrypt.h>
Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-12-11 08:39:58 +09:00
Dhanuka Warusadura
fa5ac29856 Merge branch 'port_pam_from_gnome_keyring' into 'master'
Port PAM module from gnome-keyring

See merge request GNOME/libsecret!128
2023-12-10 17:07:27 +00:00
Dhanuka Warusadura
b399f5f631 pam: add tests for the ported PAM module
These changes add PAM tests based on pam_wrapper and libpamtest.

Signed-off-by: Dhanuka Warusadura <dhanuka@gnome.org>
2023-12-10 22:35:55 +05:30
Dhanuka Warusadura
9a37dc839a pam: port PAM module from gnome-keyring
These changes port the PAM module from gnome-keyring/pam to libsecret/pam.

Removed `start_daemon` and the dependent code altogether. Because,
gnome-keyring-daemon is launched by systemd.

Replaced calls to `pam_get_item` to retrieve authentication tokens with
`pam_get_authtok`.

Signed-off-by: Dhanuka Warusadura <dhanuka@gnome.org>
2023-12-10 22:35:55 +05:30
Dhanuka Warusadura
9cfa77f967 pam: port PAM module egg helper functions from gnome-keyring
This change is a part of the port PAM module from gnome-keyring
patch set.
These changes port gnome-keyring/egg/egg-unix-credentials.c to
libsecret/egg
Furthermore ports gnome-keyring/egg/egg-buffer.c to libsecret/egg

Signed-off-by: Dhanuka Warusadura <dhanuka@gnome.org>
2023-12-10 22:35:55 +05:30
Dhanuka Warusadura
175514244f ci: install packages required for the PAM module
Signed-off-by: Dhanuka Warusadura <dhanuka@gnome.org>
2023-12-10 22:35:55 +05:30
Dhanuka Warusadura
39a3d14169
Release 0.21.2
Signed-off-by: Dhanuka Warusadura <dhanuka@gnome.org>
2023-12-08 15:48:34 +05:30
Dhanuka Warusadura
cc309e255a Merge branch 'wip/dueno/crypto-backend' into 'master'
Support GnuTLS as an alternative crypto backend

See merge request GNOME/libsecret!122
2023-12-04 08:04:41 +00:00
Daiki Ueno
b3f5823d12 .gitlab-ci.yml: Exercise both libgcrypt and gnutls crypto backends
Note that gnutls 3.8.2 packages is still under testing, so we
tentatively pull in the build directly from koji.

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-12-04 16:50:50 +09:00
Daiki Ueno
28486191b2 Support GnuTLS as an alternative crypto backend
This turns the `-Dgcrypt` build time option into a more generic
`-Dcrypto` option, which enables user to choose which cryptographic
library to link with.  It currently supports libgcrypt (`libgcrypt`)
and GnuTLS (`gnutls`); for the latter, GnuTLS 3.8.2 is the minimum
required version.

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-12-04 16:50:49 +09:00
Daiki Ueno
0f49b34fa2 tests: Conditionalize session algorithm check in test-session
When compiled without libgcrypt, some of the tests in test-session
fails as they expect the session algorithm to be
"dh-ietf1024-sha256-aes128-cbc-pkcs7".  This adds a build-time
conditional to guard against it.

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-12-04 16:50:11 +09:00
Daiki Ueno
564874beb0 file-collection: Move low-level crypto functions to egg
This moves low-level cryptographic functions into egg/egg-keyring1.c,
to make it easy to support multiple crypto backend libraries.

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-12-04 16:50:10 +09:00
Daiki Ueno
0b4769f871 file-collection: Make it consistent about block cipher algorithm
The original code tries to encrypt the file format using AES-256-CBC,
though actually AES-128-CBC was used because the key size is shorter
and libgcrypt automatically degrades to AES-128-CBC based on the key
size.  Reported by Sophie Herold in:
https://github.com/bilelmoussaoui/oo7/issues/46#issuecomment-1816286494

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-11-28 14:56:19 +09:00
Daiki Ueno
47f524e2df egg-dh: Hide gcry_mpi_t from the internal API
This wraps gcry_mpi_t usage in the API with opaque strucs, so it would
be easier to port egg-dh to other crypto libraries.

Signed-off-by: Daiki Ueno <dueno@src.gnome.org>
2023-11-28 14:51:23 +09:00