protonmail-bridge requires gnome-keyring or pass to avoid failure to launch with 'no-keychain' error

[Kreyren]

[kreyren@leonid:~]$ protonmail-bridge
time="Jun  8 09:51:15.621" level=error msg="Could not list credentials" error="no keychain" pkg=credentials
time="Jun  8 09:51:15.621" level=error msg="Could not load all users from credentials store" error="no keychain" pkg=users

To Reproduce

0. Install protonmail-bridge and run it expecting the failure above A) Install gnome-keyring and expect the same failure B) Install nixos.pass and expect the same failure

Additional context

I think i had similar issue on Devuan GNU/Linux somewhat described in https://www.reddit.com/r/ProtonMail/comments/hk5ox9/cant_log_in_to_bridge_no_keychain_management/

Metadata

Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

[kreyren@leonid:~]$ nix-shell -p nix-info --run "nix-info -m"
 - system: `"x86_64-linux"`
 - host os: `Linux 5.10.40, NixOS, 21.05.804.5de44c15758 (Okapi)`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.3.12`
 - channels(root): `"nixos-21.05.804.5de44c15758"`
 - channels(kreyren): `""`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`

[Kreyren]

Seems relevant: https://github.com/NixOS/nixpkgs/issues/45070

[Kreyren]

CC @lightdiscord

https://github.com/NixOS/nixpkgs/blob/8284fc30c84ea47e63209d1a892aca1dfcd6bdf3/pkgs/applications/networking/protonmail-bridge/default.nix#L42

[lightdiscord]

Seems relevant: https://github.com/NixOS/nixpkgs/issues/45070

As stated in the issue you linked and in the description of the package, do you have any keyring service running ? (Such as pass or gnome keyring).

[Kreyren]

@lightdiscord I am not aware of running any keyring service

[Kreyren]

FWIW installing gnome-keyring doesn't fix the issue

[Kreyren]

Installing pass also doesn't influence the issue

[OPNA2608]

A) Install gnome-keyring and expect the same failure B) Install nixos.pass and expect the same failure

Installing the packages is not enough, you need to enable the service. Try with services.gnome.gnome-keyring.enable = true;.

[Kreyren]

Added in /etc/nixos/configuration.nix and invoked nixos-rebuild switch with the same issue.

[kreyren@leonid:~]$ { cat /etc/nixos/configuration.nix && sudo nixos-rebuild switch ;} |& ix
http://ix.io/3pbr
[kreyren@leonid:~]$ protonmail-bridge
WARN[0000] Failed to add test credentials to keychain    error="No such interface “org.freedesktop.Secret.Collection” on object at path /org/freedesktop/secrets/collection/login" helper="*secretservice.Secretservice"
time="Jun  8 12:36:12.659" level=error msg="Could not list credentials" error="no keychain" pkg=credentials
time="Jun  8 12:36:12.659" level=error msg

[OPNA2608]

services.xserver.desktopManager.xfce.enable = true;
services.gnome.gnome-keyring.enable = true;

Check if #61539 is relevant: Do you see the gnome-keyring service/daemon running? Try manually starting the daemon via the workaround mentioned there (gnome-keyring-daemon --start -d --components=pkcs11,secrets,ssh) and see if that fixes protonmail-bridge for you.

[Kreyren]

I don't know what changed, but the keyring now seems to work (i was able to create a new keyring with a password), but the protonmail-bridge now hangs without any output.

[Kreyren]

Workaround doesn't seem to help

[Kreyren]

futex(0x15b6f90, FUTEX_WAIT_PRIVATE, 0, NULL) = 0
futex(0x15b6f90, FUTEX_WAIT_PRIVATE, 0, NULL) = 0
futex(0xc000034d50, FUTEX_WAKE_PRIVATE, 1) = 1
madvise(0xc005000000, 2097152, MADV_DONTNEED) = 0
--- SIGURG {si_signo=SIGURG, si_code=SI_TKILL, si_pid=10369, si_uid=1000} ---
rt_sigreturn({mask=[]})                 = 0
futex(0x15ce3c0, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x15b68d8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x15b67b8, FUTEX_WAKE_PRIVATE, 1) = 1

SIGURG?

[stefano-m]

FWIW...

I don't use the package provided by NixOS, but my overlay seems to work fine on NixOS 21.05

See (note that there's a patch to log to stderr rather than a file, but it also works without that patch)

https://github.com/stefano-m/nix-stefano-m-nix-overlays/blob/master/protonmail-bridge/default.nix

I use it with a systemd user unit, something like

services.gnome.gnome-keyring.enable = true;

systemd.user.services.protonmail-bridge = {
          description = "Protonmail Bridge";
          enable = true;
          script = "${pkgs.protonmail-bridge}/bin/protonmail-bridge --noninteractive --log-level info";
          path = [ pkgs.gnome3.gnome-keyring ]; # HACK: https://github.com/ProtonMail/proton-bridge/issues/176
          wantedBy = [ "graphical-session.target" ];
          partOf = [ "graphical-session.target" ];
        };

if you don't use a systemd unit, I guess that you may need the gnome-keyring package installed in your user profile?

users.users.my-user.packages = [ pkgs.gnome3.gnome-keyring ];

Hope this helps :crossed_fingers:

[Kreyren]

i use systemd so i tried the systemd.user.services.protonmail-bridge = {..., but it still fails on startup

[matthew-piziak]

I also tried the systemd user unit above, to no avail.

The status was active (running), but I got no log messages from journalctl, and mbsync returned NO user.

[P-E-Meunier]

I had the same issue, no idea why. I changed my home manager configuration to the following (adding the Environment=… line), and it worked:

    systemd.user.services.protonmail-bridge = {
      Unit = {
        Description = "Protonmail Bridge";
        After = [ "network.target" ];
      };
      Service = {
        Restart = "always";
        Environment = "PATH=${pkgs.gnome3.gnome-keyring}/bin";
        ExecStart = "${pkgs.protonmail-bridge}/bin/protonmail-bridge --no-window --log-level ${cfg.logLevel}" + optionalString (cfg.nonInteractive) " --noninteractive";
      };
      Install = {
        WantedBy = [ "default.target" ];
      };
    };

[stefano-m]

The problem is that the bridge is looking for gnome keyring in the path

https://github.com/ProtonMail/proton-bridge/issues/176

[Kreyren]

The proposed in https://github.com/NixOS/nixpkgs/issues/126174#issuecomment-879385133 results in:

...
error: The option `systemd.user.services.protonmail-bridge.Install' does not exist. Definition values:
- In `/home/kreyren/Repositories/system-management/domains/rixotstudio.cz/machines/leonid':
    {
      WantedBy = [
        "default.target"
      ];
    }
...

I revisited the solution in https://github.com/NixOS/nixpkgs/issues/126174#issuecomment-864425888 which seems to get past the issue (using values from the systemd service with the service stopped):

[kreyren@leonid:~]$ PATH=/nix/store/sr99h0qwcr9dr8azfp1aaibypvf21433-gnome-keyring-40.0/bin /nix/store/9v91s1d6k4wwa7kxh1d15j0n2w5fqfvm-protonmail-bridge-1.6.9/bin/protonmail-bridge --log-level debug
time="Jul 23 16:42:54.286" level=info msg="Run app" appName="ProtonMail Bridge" args="[/nix/store/9v91s1d6k4wwa7kxh1d15j0n2w5fqfvm-protonmail-bridge-1.6.9/bin/protonmail-bridge --log-level debug]" build= revision= runtime=linux version=1.6.9+git
time="Jul 23 16:42:54.288" level=info msg="Check status on localhost:8081" pkg=frontend-nogui
time="Jul 23 16:42:54.288" level=info msg="IMAP server listening at 127.0.0.1:1143" pkg=imap
time="Jul 23 16:42:54.288" level=info msg="Checking for updates"
time="Jul 23 16:42:54.288" level=info msg="API listening at 127.0.0.1:1042" pkg=api
time="Jul 23 16:42:54.288" level=info msg="SMTP server is starting" address="127.0.0.1:1025" pkg=smtp useSSL=false
time="Jul 23 16:42:54.484" level=info msg="An update is available" pkg=app/bridge version=1.8.7
time="Jul 23 16:42:54.484" level=info msg="Installing update package" package="https://protonmail.com/download/bridge/bridge_1.8.7_linux_update.tgz"
time="Jul 23 16:42:54.484" level=debug msg="Clearing token" userID=anonymous-1
time="Jul 23 16:43:16.291" level=debug msg="Clearing token" userID=anonymous-2

But still does not allow me to log-in and use the port.

EDIT: I assume this being a different issue, will create a new bug

[stale[bot]]

I marked this as stale due to inactivity. → More info

[MrFreezeex]

For the record I made protonmail-bridge on my systemd working with the following home-manager config:

  systemd.user.services.protonmail-bridge = {
    Unit = {
      Description = "Protonmail Bridge";
      Requires = [ "pass-secret-service.service" "gpg-agent.service" ];
    };

    Service = {
      Restart = "always";
      ExecStart = "${pkgs.unstable.protonmail-bridge}/bin/protonmail-bridge --no-window --noninteractive";
      Environment = [
        "PATH=${pkgs.gnome3.gnome-keyring}/bin:${pkgs.pass}/bin"
        "PASSWORD_STORE_DIR=/home/MY_USERNAME_HERE/.local/share/password-store"
      ];
    };

    Install = {
      WantedBy = [ "default.target" ];
    };
  };

Note that the the requires part is my failed attempt at making it working on the start of my laptop, I get this error exit status 2: gpg: public key decryption failed: No such file or directory. Not entirely sure why but at at least I can just restart the systemd service and it works so I didn't do any further debugging.