Skip to content

snap: Force usage of libsecret everywhere and remove password manager service plug#2477

Draft
3v1n0 wants to merge 3 commits intoFoundry376:masterfrom
3v1n0:secret-changes
Draft

snap: Force usage of libsecret everywhere and remove password manager service plug#2477
3v1n0 wants to merge 3 commits intoFoundry376:masterfrom
3v1n0:secret-changes

Conversation

@3v1n0
Copy link
Copy Markdown
Contributor

@3v1n0 3v1n0 commented Nov 22, 2023

See each commit for further explanations.

3v1n0 added 3 commits November 22, 2023 20:07
@3v1n0
snap: Do not require password-manager-service
ea49cbf 
The snap uses now a local and confined password manager, so it won't ever
try to access to the system one.

As per this disable the plug that could be a security hole.
@3v1n0
snap: Use libsecret storage in all the environments
b81b811 
When mailspring is confined it will only be able to access to
the password storage via libsecret and that will save the data
locally using the file storage.

As per this, don't make electron to use some other passwor storage
backend when running in different desktop environments.
@3v1n0
snap: Force using the file secret backend everywhere
10dd8c9 
This is already the case for the snap in most scenarios,
but in some this could not happen if no secret portal is
available in the system.
In such cases, let's still force using a local secret backend.
@foundry376-bot
Copy link
Copy Markdown

foundry376-bot commented Nov 23, 2023

This pull request has been mentioned on Mailspring Community. There might be relevant details there:

https://community.getmailspring.com/t/password-management-error-after-the-latest-upgrade/7298/33

@Phylu Phylu requested a review from bengotow November 27, 2023 20:24
@3v1n0
Copy link
Copy Markdown
Contributor Author

3v1n0 commented Dec 4, 2023

Oh this may require canonical/snapcraft#4477 wondering if using it without "=" but a space instead works anyways.

@3v1n0 3v1n0 marked this pull request as draft December 6, 2023 02:38
bengotow
bengotow reviewed Dec 10, 2023
View reviewed changes
Comment thread snap/snapcraft.yaml
DISABLE_WAYLAND: 1
# Force using the libsecret local backend in all the cases, even if no
# portal is detected.
SECRET_BACKEND: file
Copy link
Copy Markdown
Collaborator

@bengotow bengotow Dec 10, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm we may want to ship this separately since it'll require everyone to re-authenticate their accounts again (since we won't read their previously saved passwords from the password manager service)

Is there a way we can verify libsecret is receiving an encryption master key via a portal? I mostly want to be be sure that Chrome doesn't fall through to https://chromium.googlesource.com/chromium/src/+/53.0.2785.100/components/os_crypt/os_crypt_linux.cc#71 and use the password peanuts for everyone!

Copy link
Copy Markdown
Contributor Author

@3v1n0 3v1n0 Dec 11, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, I can see that... Well, I kept this a draft as we can avoid it for now.

However ea49cbf is safe to add and can likely be moved to another PR if you prefer.

@bengotow bengotow force-pushed the master branch 20 times, most recently from 7e90210 to dd4f821 Compare January 2, 2025 04:30
@bengotow bengotow force-pushed the master branch 6 times, most recently from 610fb16 to 1a8284d Compare January 2, 2025 04:41
@bengotow bengotow force-pushed the master branch 2 times, most recently from 0453e6a to 13dc018 Compare January 23, 2026 06:36
@BlueManCZ BlueManCZ mentioned this pull request Apr 16, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bengotow bengotow bengotow left review comments

Assignees

@bengotow bengotow

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@3v1n0 @foundry376-bot @bengotow