Keepassxc: GNOME Evolution is unable to store/retrieve some passwords using Secret Service Integration
Expected Behavior
I would expect Evolution to store/retrieve all relevant passwords in/from my KeePassXC Database.
Current Behavior
Evolution asks me for 4 passwords every time I launch it.
I get the following console output:
$ evolution
(evolution-alarm-notify:2395): GLib-GIO-WARNING **: 18:04:54.116: Your application did not unregister from D-Bus before destruction. Consider using g_application_run().
libsecret-Message: 18:05:00.822: Remote error from secret service: org.freedesktop.DBus.Error.UnknownObject: No such object path '/org/freedesktop/secrets/aliases/default'
(evolution:2389): e-data-server-ui-WARNING **: 18:05:00.823: credentials_prompter_store_credentials_cb: Failed to store source credentials: No such object path '/org/freedesktop/secrets/aliases/default'
libsecret-Message: 18:05:28.810: Remote error from secret service: org.freedesktop.DBus.Error.UnknownObject: No such object path '/org/freedesktop/secrets/aliases/default'
(evolution:2389): e-data-server-ui-WARNING **: 18:05:28.830: credentials_prompter_store_credentials_cb: Failed to store source credentials: No such object path '/org/freedesktop/secrets/aliases/default'
libsecret-Message: 18:05:33.453: Remote error from secret service: org.freedesktop.DBus.Error.UnknownObject: No such object path '/org/freedesktop/secrets/aliases/default'
(evolution:2389): e-data-server-ui-WARNING **: 18:05:33.453: credentials_prompter_store_credentials_cb: Failed to store source credentials: No such object path '/org/freedesktop/secrets/aliases/default'
libsecret-Message: 18:05:39.283: Remote error from secret service: org.freedesktop.DBus.Error.UnknownObject: No such object path '/org/freedesktop/secrets/aliases/default'
(evolution:2389): e-data-server-ui-WARNING **: 18:05:39.283: credentials_prompter_store_credentials_cb: Failed to store source credentials: No such object path '/org/freedesktop/secrets/aliases/default'
(evolution:2389): GLib-GIO-WARNING **: 18:06:08.033: Your application did not unregister from D-Bus before destruction. Consider using g_application_run().
KeePassXC seems to lack some "alias"-feature that I assume is present in the gnome-keyring.
Strange enough, it only affects email-related passwords, not my CalDav-Calendars.
Important: Evolution does not create additional entries or deletes any, all the passwords are already stored and still are afterwards, no entries are changed.
Possible Solution
I do not have one.
Steps to Reproduce
Using an updated Manjaro (testing-branch)
- Install Evolution
- Set up Email
- Get annoyed by typing in additional passwords every time you want to retrieve mails
Context
It works fine until the next time I launch evolution, I then have to manually copy passwords from my database, which sucks. It's really only two passwords it asks for, but the pattern is pwd1 pwd2 pwd1 pwd2 which makes it extra annoying to copy manually.
Debug Info
KeePassXC - 2.5.1
Revision: 0fd8836
Libraries:
- Qt 5.13.2
Debugging mode is disabled.
Operating system: Manjaro GNU/Linux (up-to-date testing branch)
CPU architecture: x64
Kernel: 5.3.13-1-MANJARO
Enabled extensions:
- Auto-Type
- Browser Integration
- SSH Agent
- KeeShare (signed and unsigned sharing)
- YubiKey
- Secret Service Integration
Cryptographic libraries:
- libgcrypt 1.8.5
Bendodroid
All 15 comments
By default, no database is exposed after you enabling the secret service integration, for security it has to be explicitly enabled in the per-database settings page. Once at least one database is configured to be exposed via the secret service, KeePassXC will create the default alias.
See #3860 and my comment
PS: your existing passwords in the database likely cannot be directly used by Evolution. Because the formatting and attributes it expects is different from manually created entries. So it will ask passwords one more time. But after that, it should work.
Aetf
on 30 Nov 2019
The problem is not that Evolution can't use the database, of course I enabled the exposure of a specific Category in my database. Evolution created 11 entries in total and only 4 of them are not retrieved correctly. It also works for most other programs without major issues, in my case the nextcloud desktop client, Some network shares accessed with thunar (gvfs) and the JetBrains IDEs' GitHub API tokens.
So it will ask passwords one more time. But after that, it should work.
I already started Evolution more than 20 times, entering them over and over again doesn't change anything.
Bendodroid
on 1 Dec 2019
hmm, if the secret service integration already works with other programs, then the default alias should already exist. But to verify:
# list all aliases
dbus-send --session --type=method_call --print-reply --dest=org.freedesktop.secrets /org/freedesktop/secrets/aliases org.freedesktop.DBus.Introspectable.Introspect
Another thing to try out is to kill goa-daemon and goa-identify-service. They will restart the next time they are needed. These services tend to hold outdated sessions and cannot correctly handle session not found errors when KeePassXC is restarted and previous session info are lost.
Please also check those 4 entries and see if they actually have value in the password field, and see if there are any strange attributes.
Finally, if you could build from source, could you try if the problem remains (after first remove Evolution related entry from the database) with my development branch?
Aetf
on 2 Dec 2019
@Bendodroid I've had the same problem with evolution, passwords were saved, but evolution(and every other application, I was using remmina for my tests since using evolution and restarting it's user services every time was too annoying) was unable to find them afterwards.
I wasn't able to find a real cause, since switching to a debug build created a new keepassxc-debug.ini, which fixed the problem for me.
Can you try and backup your config in ~/.config/keepassxc/ and start clean? That solved it for me on ArchLinux.
Like @Aetf said, evolution and libgdata is compiled against gnome-online-accounts, which can cause problems. If you're not using gnome or goa, I suggest you compile evolution-data-server and libgdata with -DENABLE_GOA=OFF and -D goa=disabled respectively to make it a little bit easier for you.
If you need the PKGBUILDs, I'd be happy to supply them.
PS: Google Oauth2 doesn't work, if you're trying with a google account.
chron-isch
on 3 Dec 2019
Hm. The most mysterious thing happened. Evolution stopped complaining about the missing aliases.
As far as I could debug until now it sometimes still does after I locked my screen and suspended my laptop and with that locked the keepassxc database. However, that can be resolved by quitting keepassxc completely, starting a fresh keepassxc instance and then launching Evolution.
For me this now works well enough now.
Bendodroid
on 9 Dec 2019
Hm. The most mysterious thing happened. Evolution stopped complaining about the missing aliases.
As far as I could debug until now it sometimes still does after I locked my screen and suspended my laptop and with that locked the keepassxc database. However, that can be resolved by quitting keepassxc completely, starting a fresh keepassxc instance and then launching Evolution.
For me this now works well enough now.
I see the same behavior. I'm using the python 3 secretstorage module to connect to keepassxc as the default collection. When keepassxc has just been started, this works perfectly. But either after my system's screen is locked or after it suspends, the second line below fails:
dbus_conn = secretstorage.dbus_init()
kpxc_db = secretstorage.get_default_collection(dbus_conn)
with the error:
jeepney.wrappers.DBusErrorResponse: [org.freedesktop.DBus.Error.UnknownObject] ("No such object path '/org/freedesktop/secrets/aliases/default'",)
This is using keepassxc 2.5.1 on Arch Linux. I did not see this problem with 2.5.0, or at least I never noticed it.
Edit: Maybe this is the same things as #4004?
ashleybone
on 11 Dec 2019
I think there are two issues going on.
- Evolution fails to retrieve OAuth token previously saved in KeePassXC via secret service.
- KeePassXC fails to continuously provide
defaultalias after locking/unlocking.
Let's move the discussion about the second issue to #4004.
For the Evolution issue, could anyone who can reproduce provide a DBus recording while opening Evolution? So I can know what exactly Evolution asked for and how KeePassXC replied.
This doesn't require a debug build and the command is
dbus-monitor "destination=org.freedesktop.secrets" "sender=org.freedesktop.secrets"
The output will include secrets so make sure to mask them out.
Aetf
on 11 Dec 2019
@Aetf I've posted dbus logs of a working evolution email account as well as an Oauth2 account in #4002.
I'll see about getting you dbus logs for the original problem where evolution finds nothing if I can reproduce it with my old config.
chron-isch
on 12 Dec 2019
Already fixed in 134eb0fc250799b6520912c2cdd20efc1860d029
Aetf
on 7 Jan 2020
I somehow get a similar issues with 2.5.4? Is this fixed in this release or not? I'm confused by the changing milestone.
bionade24
on 23 Apr 2020
This was merged into the 2.5.2 release.
droidmonkey
on 23 Apr 2020
Weird. When I try to save my GPG password into my keyring, It doesn't work. I haven't got anything into the keepassxc keyring. dbus-send --session --type=method_call --print-reply --dest=org.freedesktop.secrets /org/freedesktop/secrets/aliases org.freedesktop.DBus.Introspectable.Introspect Gets this error: Error org.freedesktop.DBus.Error.UnknownObject: No such object path '/org/freedesktop/secrets/aliases'
bionade24
on 24 Apr 2020
Ok, on one of my machines vscode accessed the storage, but gpg-agent constantly fails. Can someone help me or should I open a new issue?
bionade24
on 25 Apr 2020
Open a new issue with all the details, any error outputs, etc etc. Thanks!
droidmonkey
on 25 Apr 2020
bionade24
on 2 May 2020
Related issues
clementlesne
路
3Comments
haroldm
路
3Comments
guihkx
路
3Comments
amvasilyev
路
3Comments
shaneknysh
路
3Comments