Closed soywod closed 6 months ago
Hi @soywod, it looks like the secret-service
is not installed on your user's build machine. Since the secret service is the only supported keystore on FreeBSD, it's not possible to use features to disable its use. The linux-...
features only apply to Linux builds, not to FreeBSD builds. On FreeBSD, the secret service is always required.
Thinking about this, I suppose there might be users on FreeBSD who are bringing their own keystore and thus need this crate to compile without installing the secret service. We could allow disabling the secret service on FreeBSD by using the mock keystore as the default. But I'd like to hear from you about whether your user needs this (because they are, in fact, bringing their own keystore) or whether they simply need to install the secret service on their machine (e.g., by running pkg install libgnome-keyring
as root).
Hi @soywod, I'm going to close this as resolved. Happy to reopen it if in fact your users have written their own credential store.
Thank you for your reply and sorry for the late mine.
But I'd like to hear from you about whether your user needs this (because they are, in fact, bringing their own keystore) or whether they simply need to install the secret service on their machine (e.g., by running pkg install libgnome-keyring as root).
My users are not necessarily developers, so I would bet on the second option.
But I have a question related to your Cargo.toml: why is secret-service
optional for FreeBSD? To force lib-consumers to have secret-service
in their dependencies? For example, I have a lib called secret-lib
that consumes your lib, and secret-lib
is consumed by a bigger project called Himalaya, a CLI to manage emails (the user who reported the issue tried to build this project). What is the impact of having secret-service
as a required dependency in your lib VS secret-lib
VS Himalaya?
Hi Clément, to answer your question, I need to draw a careful distinction between the secret-service
, which is a Rust crate, the gnome-keyring
, which is native FreeBSD software maintained by the Gnome project, and the secret service API, which is a public API maintained by the Gnome project.
Currently, the keyring
crate has the secret-service
crate as a required dependency on FreeBSD systems. (This is because it's the only FreeBSD module we support that implements a secure credential store.) Because the secret-service
crate itself requires the host system to have an installation of a native library which implements the secret service API in order to compile correctly, users on BSD who try to build/link the keyring
crate without having installed libgnome-keyring
(or an equivalent) will get the error reported by your user.
Because the secret-service
crate is actually usable against a number of different native libraries (all of which implement the secret service API), neither the keyring
crate nor the secret-service
crate attempt to install a specific native module: those are assumed to be installed either by the OS or the user.
So, as I see it, you have three options for secret-lib
/Himalaya:
libgnome-keyring
themselves.libgnome-keyring
itself.keyring
crate to make the secret-service
crate be an optional dependency on FreeBSD (which would make the non-persistent mock
credential store be the default). However, that would leave Himalaya without any persistent credential storage, which probably wouldn't work very well.I hope you find this answer useful! Please get back to me here with any further questions.
So I'm reopening this because #153 has made me realize that people may really want to compile this crate with no underlying platform support on all platforms.
Version 2.2 (just released) fixes this. If you don't want to use secret service on FreeBSD, you can build with no default features. At that point you will be using the mock keystore by default.
Someone reported the following issue on my project:
Your crate is used like this in my project:
I read https://github.com/hwchen/keyring-rs/issues/36, could it be related?