Nixpkgs: owncloud-client and nextcloud-client prompt for password despite that the keyring is unlocked

It uses qtkeychain which should support libsecret, even though it is not linked against it. Maybe libsecret needs to be added to LD_LIBRARY_PATH like nextcloud-client does with the deprecated libgnome-keyring?

I installed and tried nextcloud-client, it also prompts for password.

@alexeymuranov IIRC it only prompts you for the password if you have nextcloud-client installed in your user env. Do you see the same result if it's in environment.systemPackages?

Yes, i installed it manually with nix-env -i.

I tried again after including both owncloud-client and nextcloud-client to environment.systemPackages, they both keep asking for password with the same message.

@alexeymuranov do you have security.pam.services.gdm.enableGnomeKeyring = true;?

I have security.pam.services.lightdm.enableGnomeKeyring = true;, i use LightDM.

Will that ever work? If I understand it correctly, the option is only respected when the default value of security.pam.services.<name?>.text is used:

https://github.com/NixOS/nixpkgs/blob/cac9f088103828f2c24c42d7e8ef3530d49b1eb4/nixos/modules/security/pam.nix#L269

lightdm seems to override it:

https://github.com/NixOS/nixpkgs/blob/cac9f088103828f2c24c42d7e8ef3530d49b1eb4/nixos/modules/services/x11/display-managers/lightdm.nix#L230

Or is there some merge policy I am not aware of?

Does anyone has update on this? I have the exact same problem, I tried installing gnome3.libgnome-keyring, enabling the gnome keyring or create a keyring manually in seahorse but couldn't make it work.

The Nextcloud and keyrings topic seems related to this. The owncloud-client doesn't seem to have the wrapping around libgnome-keyring, though, so I don't know if anything like this is possible for it.

I've always had this issue, but it disappeared this month with some update (on NixOS 18.09). Is anyone still facing this issue on the latest 18.09?

I still have the problem in 18.09.

I tried the solution proposed in Nextcloud and keyrings topic, but it didn't work for some reason that is yet unclear to me (i started getting a message "the provided credentials are not correct" on nextcloud-client startup).

By the way, nextcloud-client on NixOS is somewhat outdated: still version 2.3.3 on master, while the latest stable is 2.5.0.

(I haven't got to properly test the solution with packageOverrides yet because I have my home folder shared between Ubuntu and NixOS, and I have nextcloud-client on both, and apparently trying to launch the version 2.3.3 on NixOS after using the version 2.5.0 on Ubuntu messes up the configuration. I believe this is not the issue when I do not use packageOverrides though -- the configuration is not getting messed up, but i have to enter the password each time.)

Ok, I confirm that using packageOverrides in configuration.nix as follows solves the problem for me:

{ # ...

  environment.systemPackages = [ # ...
    pkgs.nextcloud-client
  ];

  nixpkgs.config.packageOverrides = pkgs: {
    nextcloud-client = pkgs.nextcloud-client.override {
      withGnomeKeyring = true;
      libgnome-keyring = pkgs.gnome3.libgnome-keyring;
    };
  };
}

I am not closing the issue yet because I suppose that packageOverrides should not be necessary.

pkgs.nextcloud-client.override {
  withGnomeKeyring = true;
}

is how packages with withFoo arguments are supposed to be used. You do not need to use packageOverrides or overlays, you can pass the overridden package directly to environment.systemPackages.

As you noticed there is a bug where the package uses libgnome-keyring2, which should be fixed as follows:

--- a/pkgs/applications/networking/nextcloud-client/default.nix
+++ b/pkgs/applications/networking/nextcloud-client/default.nix
@@ -1,5 +1,5 @@
 { stdenv, fetchgit, cmake, pkgconfig, qtbase, qtwebkit, qtkeychain, qttools, sqlite
-, inotify-tools, withGnomeKeyring ? false, makeWrapper, libgnome-keyring }:
+, inotify-tools, withGnomeKeyring ? false, makeWrapper, libgnome-keyring ? null }:

 stdenv.mkDerivation rec {
   name = "nextcloud-client-${version}";
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -4385,7 +4385,9 @@

   nextcloud = callPackage ../servers/nextcloud { };

-  nextcloud-client = libsForQt5.callPackage ../applications/networking/nextcloud-client { };
+  nextcloud-client = libsForQt5.callPackage ../applications/networking/nextcloud-client {
+    inherit (gnome3) libgnome-keyring;
+  };

   nextcloud-news-updater = callPackage ../servers/nextcloud/news-updater.nix { };

It would be even better to switch to libsecret as I suggested before:

--- a/pkgs/applications/networking/nextcloud-client/default.nix
+++ b/pkgs/applications/networking/nextcloud-client/default.nix
@@ -1,5 +1,5 @@
 { stdenv, fetchgit, cmake, pkgconfig, qtbase, qtwebkit, qtkeychain, qttools, sqlite
-, inotify-tools, withGnomeKeyring ? false, makeWrapper, libgnome-keyring }:
+, inotify-tools, makeWrapper, libsecret }:

 stdenv.mkDerivation rec {
   name = "nextcloud-client-${version}";
@@ -15,11 +15,10 @@
   patches = [ ./find-sql.patch ];
   patchFlags = "-d client -p1";

-  nativeBuildInputs = [ pkgconfig cmake ];
+  nativeBuildInputs = [ pkgconfig cmake makeWrapper ];

   buildInputs = [ qtbase qtwebkit qtkeychain qttools sqlite ]
-    ++ stdenv.lib.optional stdenv.isLinux inotify-tools
-    ++ stdenv.lib.optional withGnomeKeyring makeWrapper;
+    ++ stdenv.lib.optional stdenv.isLinux inotify-tools;

   enableParallelBuilding = true;

@@ -39,9 +38,9 @@
   postInstall = ''
     sed -i 's/\(Icon.*\)=nextcloud/\1=Nextcloud/g' \
       $out/share/applications/nextcloud.desktop
-  '' + stdenv.lib.optionalString (withGnomeKeyring) ''
+
     wrapProgram "$out/bin/nextcloud" \
-      --prefix LD_LIBRARY_PATH : ${stdenv.lib.makeLibraryPath [ libgnome-keyring ]}
+      --prefix LD_LIBRARY_PATH : ${stdenv.lib.makeLibraryPath [ libsecret ]}
   '';

   meta = with stdenv.lib; {

feel free to open a PR.

Thanks for the explanation, @jtojnar.

I do not think i will get to making a PR though, and by the way nextcloud-client has been updated to 2.5.0 on master: #50463. I have not checked if the problem is resolved in the with the update.

Nothing really changed in master, it was only refactoring. cc @Ma27 do you want to do the PR?

@jtojnar thanks a lot for the reference. In fact I'm currently using the Nextcloud client with the GNOME keyring enabled ATM.

I'll read through the entire conversation later and report back (or file a patch if needed) :)

Still doesn't work for me. Here are the relevant parts of my /etx/nixos/configuration.nix

{ config, pkgs, ... }:
let
  nextcloud-client-keyring = pkgs.nextcloud-client.override {
    withGnomeKeyring = true;
    libgnome-keyring = pkgs.gnome3.libgnome-keyring;
  };
in
{
  environment.systemPackages = with pkgs; [
    nextcloud-client-keyring
  ];
  services.xserver = {
    enable = true;
    layout = "de";
    windowManager.bspwm.enable = true;
    displayManager.sddm.enable = true;
  };
  security.pam.services.sddm.enableGnomeKeyring = true;
}

ps aux | grep keyring confirms that gnome-keyring is running.

The following worked for me on 18.03:

{ config, pkgs, ... }:
let
  nextcloud-client-keyring = pkgs.nextcloud-client.override {
    withGnomeKeyring = true;
    libgnome-keyring = pkgs.gnome3.libgnome-keyring;
  };
in
{
  environment.systemPackages = with pkgs; [
    nextcloud-client-keyring
    gnome3.gcr
  ];
  services.dbus.packages = [ pkgs.gnome3.gnome-keyring pkgs.gnome3.gcr ];
  security.pam.services.<<your display manager>>.enableGnomeKeyring = true;
}

I still experience this issue on 19.03. Nothing suggested here helped, there is no flag 'withGnomeKeyring' anymore.

Someone needs to backport https://github.com/NixOS/nixpkgs/pull/60327 to 19.03.

Closing as the following config should be enough on NixOS unstable:

{ config, pkgs, ... }:
{
  services.gnome3.gnome-keyring.enable = true;
  environment.systemPackages = with pkgs; [
    nextcloud-client
  ];
}

@jtojnar oof, seems as I forgot to backport back then :(

I'll give it a try now :)

EDIT: nix-review with this change takes some time on release-19.03... I'll get some sleep now and push the fix tomorrow :)

Backported as 88cb463a3b99ec1727d36febaeae28fde5a7f567

@Ma27 Unfortunately, the backport doesn't seem to have solved the issue (for me). Did it for you, @jtojnar @tiulpin?

@caugner I use unstable and do not use nextcloud-client so cannot confirm. Can only confirm that it worked for me on unstable when I tested it.

@jtojnar Are you using unstable with Gnome? I tried it and Gnome was so unstable that I couldn't even login to any (local user) account anymore.

Yes, I use it every day without any issues. I suggest opening a separate issue for that.

This seems to persist for me on 19.03.

{ config, pkgs, ... }:
{
  services.gnome3.gnome-keyring.enable = true;
  environment.systemPackages = with pkgs; [
    nextcloud-client
  ];
}

Does unfortunately not work.

Did you make any progress @caugner ?

@b-m-f Nope, still doesn't work for me.

I cannot really test it on anything other than unstable but for what it’s worth, it works here in GNOME.

I have just submitted pull request #71874 which fixes this issue. Reviews are welcome.