search

ProtonMail / proton-bridge

Proton Mail Bridge application
GNU General Public License v3.0
1.14k stars 155 forks source link

Bridge not recognising pass, or gnome-keyring, and behaving weirdly with KWallet #359

Closed kjkent closed 1 year ago

kjkent commented 1 year ago

Expected Behavior

Proton Mail Bridge launches and recalls settings and data from its previous session.

Current Behavior

Proton Mail Bridge launches on system boot with an error saying that it requires pass or secret-service installed in order to function. Searching through issues and other sites indicates secret-service is gnome-keyring-related, so I installed both, to no avail.

I normally KDE's KWallet due to its GPG integration and personal familiarity. Interestingly, when the system boots, and I dismiss the Mail Bridge error, unlocking KWallet (through opening an application that uses it, typically Vivaldi in my case) and re-opening Mail Bridge causes it to partially succeed in launching. PMB opens without error; however, it behaves as if it's been opened for the first time. No previously entered account info is retained & recalled.

Steps to Reproduce

  1. Install Proton Mail Bridge via RPM file
  2. Open & receive described error.
  3. Install pass and gnome-keyring
  4. Open Proton Mail Bridge and receive same error.

Version Information

3.0.20-1.x86_64

Context (Environment)

OS is OpenSUSE Tumbleweed running kernel-default-6.2.1-1.1.x86_64 and KDE as its desktop environment.

Keridos commented 1 year ago

Having the same issue using 3.0.20 on KDE with kwallet on Arch Linux. For some weird reason the program actually manages to store a vault-key in kwallet but fails to load the vault at each launch. Wiping all stored data (in .config/protonmail and .local/share/protonmail) does not fix it.

When logging in and quitting on restart the bridge is logged of all the time.

This is the log of the program when launched from CLI (no matter if clean start or with previous run data):

INFO[Mar 12 05:20:41.374] bridge-gui starting
INFO[Mar 12 05:20:41.374] Using Qt 6.3.2
INFO[Mar 12 05:20:41.376] lock file created /home/username/.cache/protonmail/bridge-v3/bridge-v3-gui.lock
INFO[Mar 12 05:20:41.377] Launching bridge process with command "/home/username/.local/share/protonmail/bridge-v3/updates/3.0.20/bridge" --grpc --parent-pid 476818 --launcher /usr/lib/protonmail/bridge/proton-bridge
INFO[Mar 12 05:20:41.377] Retrieving gRPC service configuration from '/home/username/.config/protonmail/bridge-v3/grpcServerConfig.json'
time="2023-03-12T05:20:41+01:00" level=info msg="Migrating keychain helper"
WARN[Mar 12 05:20:41.498] Sending info event [6ee829e455a54f65a9af75aef3fdb557] to mail-api.proton.me project: 7  pkg=sentry-go
WARN[Mar 12 05:20:41.605] Captured message                              message="Vault is corrupt" reportID=6ee829e455a54f65a9af75aef3fdb557
WARN[Mar 12 05:20:41.612] Failed to get credentials                     error="secret is empty" pkg=credentials userID="PIyp2H9fPgSzqOl6kCeTXaDxlRFruvPtO73-suFjsSPJ590l_TmJayuqQNkQHZEzhOMc0zqmBcIwMRcC745mWA=="
WARN[Mar 12 05:20:41.614] The vault is corrupt and has been wiped      
INFO[Mar 12 05:20:41.777] Connecting to gRPC service
INFO[Mar 12 05:20:41.778] Connection to gRPC server at unix:///tmp/bridge_363d5cff-b676-4369-ab24-5bd9c8138b20.sock. attempt #1
INFO[Mar 12 05:20:41.780] Successfully connected to gRPC server.
INFO[Mar 12 05:20:41.780] Client config file was saved to '/home/username/.config/protonmail/bridge-v3/grpcClientConfig_0.json'
INFO[Mar 12 05:20:41.781] gRPC token was validated
INFO[Mar 12 05:20:41.781] Connected to backend via gRPC service.

/edit: Forgot to mention that it also seems to forget all config settings.

jscaux commented 1 year ago

Similar problem here. Bridge forgets credentials from previous session.

Version information 3.0.19

Context Kubuntu 22.10 kernel 5.19.0-35-generic

I'm also getting logs similar to those quoted above, including among others (not sure this is relevant): mrt 12 07:33:13 jscX1g5 proton-bridge[2251]: WARN[Mar 12 07:33:13.115] The vault is corrupt and has been wiped

LBeernaertProton commented 1 year ago

We have reproduced the issue on Kubuntu 22.04 and we have tracked this internally as GODT-2481.

loufee commented 1 year ago

Having similar issue EOS/KDE. Up until recently, KWallet functioned w/ PM Bridge. Since I was having issues and documentation states that KWallet is not supported, I installed gnome-keyring however this has not rectified the issue. KWallet does have an entry for Bridge. When deleted, Bridge seems to default to KWallet as entries are again found.

LBeernaertProton commented 1 year ago

Upon further investigation it seems that, at least on Kubuntu 22.04, KWallet does not provide an implementation for the the org.freedesktop.secrets DBus service.

Gnome-keyring is known to work as it provides an implementation for this service.

@kjkent could you confirm this is also the case on your setup with :

dbus-send --session --dest=org.freedesktop.DBus --type=method_call --print-reply /org/freedesktop/DBus org.freedesktop.DBus.ListNames | grep secrets

The output of that command should be empty if no such service exists.

leander091 commented 1 year ago

It looks like the proton-bridge on Archlinux since version 3 has the same issues with Kwallet. The Kwallet package has been compiled with org.freedesktop.secrets as shown on the details of the package: https://archlinux.org/packages/extra/x86_64/kwallet

[leander@pompeii ~]$dbus-send --session --dest=org.freedesktop.DBus --type=method_call --print-reply /org/freedesktop/DBus org.freedesktop.DBus.ListNames | grep secrets returns: string "org.freedesktop.secrets"

Keridos commented 1 year ago

It looks like the proton-bridge on Archlinux since version 3 has the same issues with Kwallet. The Kwallet package has been compiled with org.freedesktop.secrets as shown on the details of the package: https://archlinux.org/packages/extra/x86_64/kwallet

[leander@pompeii ~]$dbus-send --session --dest=org.freedesktop.DBus --type=method_call --print-reply /org/freedesktop/DBus org.freedesktop.DBus.ListNames | grep secrets returns: string "org.freedesktop.secrets"

Can confirm this on my Arch Linux using kwallet.

LBeernaertProton commented 1 year ago

Thanks for the feedback. I have verified that there is an indeed issue with our secret service integration.

kaixiong commented 1 year ago

I experience this running 3.0.20-1.x86_64 in GNOME Shell 42.5 on Pop_OS 22.04. gnome-keyring provides org.freedesktop.secrets. To work around this, I switch the 'Default keychain' setting to 'secret-service'.

LBeernaertProton commented 1 year ago

The fix for this issue has been pushed into the v3 branch.

DISCLAIMER: This is a mirror of our internal development branch and has not yet been fully tested and vetted.

An official release will be made as soon as we are ready.

LBeernaertProton commented 1 year ago

A fix for this issue has been released with v3.0.21

Keridos commented 1 year ago

Can confirm that the issue is fixed on v3.0.21

meowtochondria commented 1 year ago

This is not fixed for KeePassXC, while the associated bug was closed. I am seeing the following error.

ERRO[Jun 18 17:24:25.610] Could not load/create vault key               error="could not get keychain item: failed to get secret: org.freedesktop.Secret.Error.IsLocked"

Earlier bug I was participating in (https://github.com/ProtonMail/proton-bridge/pull/217) was also closed without any resolution. I would like KeePassXC's integration to work with ProtonMail Bridge as expected.

meowtochondria commented 1 year ago

To be precise, if there are no entries in KeePassXC, bridge is able to create it and proceeds normally. If I quit bridge and restart it, then it fails with the above error. I am seeing this in v3.2.0 as well. I don't remember any version working cleanly and as expected. Please let me know if you would like me to open another bug report for it.

LBeernaertProton commented 1 year ago

@meowtochondria Which version of keepassXC are you using. In my tests both 2.7.4 and 2.6.6 were working correctly.

You can force the selection of secret service by adding the following to ~/.config/protonmail/bridge-v3/keychain.json

{
  "Helper": "secret-service-dbus"
}
meowtochondria commented 1 year ago

I am using v2.7.5.

I don't think communicating with KeePassXC (hence the DBus config) is an issue. I have configured KeePassXC to send a notification everytime an entry is used, and i can clearly see Protonmail Bridge succeeding at creating and reading bridge/check entry. My debugging effort made me believe https://github.com/ProtonMail/proton-bridge/issues/355 is the case. I applied the patch mentioned in it, compiled using make build-nogui and running bridge in non-interactive mode as a systemd service. I don't think I should have to do that. I am not sure why the patch mentioned in aforementioned bug report was ignored. Its quite simple, and should not cause more issues with gnome-keyring and pass in case unlock is called on an item that has already been unlocked.

LBeernaertProton commented 1 year ago

In my testing at the time with 2.7.4, the patch was not required. It was working correctly for every case. Existing entry, no entry, reboot, restart etc...

Could you please create a new ticket so we can track this, maybe something changed in KeepassXC. We would need to investigate on our end and see if we can reproduce.

kotteletfisk commented 7 months ago

Issue persists on Bridge version 3.8.2-1 and KeePassXC 2.7.6 Running Arch Linux 6.7.3-arch1-1

KeepassXC seems to detect the dbus connection, but bridge doesn't. have tried to add keychain.json file with no result.

image

LBeernaertProton commented 7 months ago

@kotteletfisk do you have confirmation options enabled in KeePassXC (#444 )?