Open hellodword opened 2 months ago
I think we should consider about finding an alternative to the keytar package, as it is no longer maintained.
How about using the safeStorage from Electron?
I noticed that VSCode has moved from keytar to safeStorage: https://code.visualstudio.com/docs/editor/settings-sync#_troubleshooting-keychain-issues
The benefits I can identify are:
@ra3orblade
While developing anytype-ts
in a devcontainer, it's difficult to get org.freebsd.secrets
functioning properly. The safeStorage
feature provides plaintext storage if no secret store is available.
if (!developerMode && !safeStorage.isEncryptionAvailable()) {
// warn and exit
}
I think we should consider about finding an alternative to the keytar package, as it is no longer maintained.
How about using the safeStorage from Electron?
I noticed that VSCode has moved from keytar to safeStorage: https://code.visualstudio.com/docs/editor/settings-sync#_troubleshooting-keychain-issues
- https://freek.dev/2103-replacing-keytar-with-electrons-safestorage-in-ray
- Move off of Keytar microsoft/vscode#185677
The benefits I can identify are:
- All the advantages of getting rid of an unmaintained dependency.
- It will make package maintainers happier, for instance: https://github.com/squalus/anytype-flake/blob/181bd21e80edcb6c6c72b814ab7ba082baee0ccd/anytype/default.nix#L70-L74
- Easier cross-platform and architecture support.
@ra3orblade
Last time I've checked safeStorage in some article it described it as not so safe compared to keytar, but maybe something changed in latest versions. I think we can switch to it eventually, but need to understand how to properly migrate so users won't need to enter their phrase manually.
Thanks for links, I'll add the issue to the Linear.
Have you read a contributing guide?
Current Behavior
On Linux, anytype uses keytar/libsecret to call
org.freedesktop.secrets
dbus for reading and storing the mnemonic.However, as far as I can see, there is no error handling in the code when calling
WalletCreate
andWalletRecover
directly.This might be the cause of this issue.
Expected Behavior
I am not sure whether we should prevent users from creating keys and entering Space if
org.freedesktop.secrets
dbus is unavailable, but I think there should at least be a notification.Steps To Reproduce
Remove or disable services like
gnome-keyring
on your computer, or ensure they require a password to use.Open anytype and create a key.
You will proceed to the next step without any error notification, but the mnemonic will not be displayed, and it will not be saved successfully. Upon exiting, you will be unable to re-enter the wallet and will need to create it again.
Environment
Anything else?
No response