Inadequate default permissions for running on KDE with Wayland

[jkatzmewing]

With default permissions as installed, the Pithos Flatpak will be unable to load a playlist because it can't store or use your Pandora password. Console errors will look like this:

ERROR - util:get_account_password:133 - Failed to lookup password sync, Error: g-dbus-error-quark: org.freedesktop.DBus.Error.ServiceUnknown (2)
ERROR - util:get_account_password:133 - Failed to lookup password sync, Error: g-dbus-error-quark: org.freedesktop.DBus.Error.ServiceUnknown (2)
ERROR - util:on_password_store_finish:149 - Failed to store password, Error: g-dbus-error-quark: org.freedesktop.DBus.Error.ServiceUnknown (2)
ERROR - util:get_account_password:133 - Failed to lookup password sync, Error: g-dbus-error-quark: org.freedesktop.DBus.Error.ServiceUnknown (2)

An effective workaround is opening "Flatpak Permission Settings" in KDE System Settings and checking "Session Bus Access" under socket permissions; this will result in execution and use with no errors, but it is probably a security risk. It would be better if the Flatpak allowed the correct access out of the box.

Note that this is not a Pithos issue - password storage on KDE/Wayland is supported upstream, and distro packages of Pithos will work fine on it. I'm just not sure (yet) what specific Dbus access is needed.

[jkatzmewing]

Got it. What it needs is "talk" permissions to org.freedesktop.secrets (note the case).

[TingPing]

This is kinda complicated.

What you actually need on the host is gnome-keyring as that is how secrets work inside of flatpak.

However it might conflict with a different service like kwallet. So in that case adding this permission will work. Do note that it does let all passwords in, not that I think this is a particularly risky app.