Closed kjkent closed 1 year ago
Having the same issue using 3.0.20 on KDE with kwallet on Arch Linux. For some weird reason the program actually manages to store a vault-key in kwallet but fails to load the vault at each launch. Wiping all stored data (in .config/protonmail
and .local/share/protonmail
) does not fix it.
When logging in and quitting on restart the bridge is logged of all the time.
This is the log of the program when launched from CLI (no matter if clean start or with previous run data):
INFO[Mar 12 05:20:41.374] bridge-gui starting
INFO[Mar 12 05:20:41.374] Using Qt 6.3.2
INFO[Mar 12 05:20:41.376] lock file created /home/username/.cache/protonmail/bridge-v3/bridge-v3-gui.lock
INFO[Mar 12 05:20:41.377] Launching bridge process with command "/home/username/.local/share/protonmail/bridge-v3/updates/3.0.20/bridge" --grpc --parent-pid 476818 --launcher /usr/lib/protonmail/bridge/proton-bridge
INFO[Mar 12 05:20:41.377] Retrieving gRPC service configuration from '/home/username/.config/protonmail/bridge-v3/grpcServerConfig.json'
time="2023-03-12T05:20:41+01:00" level=info msg="Migrating keychain helper"
WARN[Mar 12 05:20:41.498] Sending info event [6ee829e455a54f65a9af75aef3fdb557] to mail-api.proton.me project: 7 pkg=sentry-go
WARN[Mar 12 05:20:41.605] Captured message message="Vault is corrupt" reportID=6ee829e455a54f65a9af75aef3fdb557
WARN[Mar 12 05:20:41.612] Failed to get credentials error="secret is empty" pkg=credentials userID="PIyp2H9fPgSzqOl6kCeTXaDxlRFruvPtO73-suFjsSPJ590l_TmJayuqQNkQHZEzhOMc0zqmBcIwMRcC745mWA=="
WARN[Mar 12 05:20:41.614] The vault is corrupt and has been wiped
INFO[Mar 12 05:20:41.777] Connecting to gRPC service
INFO[Mar 12 05:20:41.778] Connection to gRPC server at unix:///tmp/bridge_363d5cff-b676-4369-ab24-5bd9c8138b20.sock. attempt #1
INFO[Mar 12 05:20:41.780] Successfully connected to gRPC server.
INFO[Mar 12 05:20:41.780] Client config file was saved to '/home/username/.config/protonmail/bridge-v3/grpcClientConfig_0.json'
INFO[Mar 12 05:20:41.781] gRPC token was validated
INFO[Mar 12 05:20:41.781] Connected to backend via gRPC service.
/edit: Forgot to mention that it also seems to forget all config settings.
Similar problem here. Bridge forgets credentials from previous session.
Version information 3.0.19
Context Kubuntu 22.10 kernel 5.19.0-35-generic
I'm also getting logs similar to those quoted above, including among others (not sure this is relevant):
mrt 12 07:33:13 jscX1g5 proton-bridge[2251]: WARN[Mar 12 07:33:13.115] The vault is corrupt and has been wiped
We have reproduced the issue on Kubuntu 22.04 and we have tracked this internally as GODT-2481.
Having similar issue EOS/KDE. Up until recently, KWallet functioned w/ PM Bridge. Since I was having issues and documentation states that KWallet is not supported, I installed gnome-keyring however this has not rectified the issue. KWallet does have an entry for Bridge. When deleted, Bridge seems to default to KWallet as entries are again found.
Upon further investigation it seems that, at least on Kubuntu 22.04, KWallet does not provide an implementation for the the org.freedesktop.secrets
DBus service.
Gnome-keyring is known to work as it provides an implementation for this service.
@kjkent could you confirm this is also the case on your setup with :
dbus-send --session --dest=org.freedesktop.DBus --type=method_call --print-reply /org/freedesktop/DBus org.freedesktop.DBus.ListNames | grep secrets
The output of that command should be empty if no such service exists.
It looks like the proton-bridge on Archlinux since version 3 has the same issues with Kwallet. The Kwallet package has been compiled with org.freedesktop.secrets as shown on the details of the package: https://archlinux.org/packages/extra/x86_64/kwallet
[leander@pompeii ~]$dbus-send --session --dest=org.freedesktop.DBus --type=method_call --print-reply /org/freedesktop/DBus org.freedesktop.DBus.ListNames | grep secrets
returns:
string "org.freedesktop.secrets"
It looks like the proton-bridge on Archlinux since version 3 has the same issues with Kwallet. The Kwallet package has been compiled with org.freedesktop.secrets as shown on the details of the package: https://archlinux.org/packages/extra/x86_64/kwallet
[leander@pompeii ~]$dbus-send --session --dest=org.freedesktop.DBus --type=method_call --print-reply /org/freedesktop/DBus org.freedesktop.DBus.ListNames | grep secrets
returns:string "org.freedesktop.secrets"
Can confirm this on my Arch Linux using kwallet.
Thanks for the feedback. I have verified that there is an indeed issue with our secret service integration.
I experience this running 3.0.20-1.x86_64 in GNOME Shell 42.5 on Pop_OS 22.04. gnome-keyring provides org.freedesktop.secrets
. To work around this, I switch the 'Default keychain' setting to 'secret-service'.
The fix for this issue has been pushed into the v3 branch.
DISCLAIMER: This is a mirror of our internal development branch and has not yet been fully tested and vetted.
An official release will be made as soon as we are ready.
A fix for this issue has been released with v3.0.21
Can confirm that the issue is fixed on v3.0.21
This is not fixed for KeePassXC, while the associated bug was closed. I am seeing the following error.
ERRO[Jun 18 17:24:25.610] Could not load/create vault key error="could not get keychain item: failed to get secret: org.freedesktop.Secret.Error.IsLocked"
Earlier bug I was participating in (https://github.com/ProtonMail/proton-bridge/pull/217) was also closed without any resolution. I would like KeePassXC's integration to work with ProtonMail Bridge as expected.
To be precise, if there are no entries in KeePassXC, bridge is able to create it and proceeds normally. If I quit bridge and restart it, then it fails with the above error. I am seeing this in v3.2.0 as well. I don't remember any version working cleanly and as expected. Please let me know if you would like me to open another bug report for it.
@meowtochondria Which version of keepassXC are you using. In my tests both 2.7.4 and 2.6.6 were working correctly.
You can force the selection of secret service by adding the following to ~/.config/protonmail/bridge-v3/keychain.json
{
"Helper": "secret-service-dbus"
}
I am using v2.7.5.
I don't think communicating with KeePassXC (hence the DBus config) is an issue. I have configured KeePassXC to send a notification everytime an entry is used, and i can clearly see Protonmail Bridge succeeding at creating and reading bridge/check
entry. My debugging effort made me believe https://github.com/ProtonMail/proton-bridge/issues/355 is the case. I applied the patch mentioned in it, compiled using make build-nogui
and running bridge in non-interactive mode as a systemd service. I don't think I should have to do that. I am not sure why the patch mentioned in aforementioned bug report was ignored. Its quite simple, and should not cause more issues with gnome-keyring and pass in case unlock is called on an item that has already been unlocked.
In my testing at the time with 2.7.4, the patch was not required. It was working correctly for every case. Existing entry, no entry, reboot, restart etc...
Could you please create a new ticket so we can track this, maybe something changed in KeepassXC. We would need to investigate on our end and see if we can reproduce.
Issue persists on Bridge version 3.8.2-1 and KeePassXC 2.7.6 Running Arch Linux 6.7.3-arch1-1
KeepassXC seems to detect the dbus connection, but bridge doesn't. have tried to add keychain.json file with no result.
@kotteletfisk do you have confirmation options enabled in KeePassXC (#444 )?
Expected Behavior
Proton Mail Bridge launches and recalls settings and data from its previous session.
Current Behavior
Proton Mail Bridge launches on system boot with an error saying that it requires
pass
orsecret-service
installed in order to function. Searching through issues and other sites indicatessecret-service
isgnome-keyring
-related, so I installed both, to no avail.I normally KDE's KWallet due to its GPG integration and personal familiarity. Interestingly, when the system boots, and I dismiss the Mail Bridge error, unlocking KWallet (through opening an application that uses it, typically Vivaldi in my case) and re-opening Mail Bridge causes it to partially succeed in launching. PMB opens without error; however, it behaves as if it's been opened for the first time. No previously entered account info is retained & recalled.
Steps to Reproduce
pass
andgnome-keyring
Version Information
3.0.20-1.x86_64
Context (Environment)
OS is OpenSUSE Tumbleweed running
kernel-default-6.2.1-1.1.x86_64
and KDE as its desktop environment.