Bug 756006 – Interaction with git-credential-gnome-keyring broken

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 756006 - Interaction with git-credential-gnome-keyring broken


Summary:	Interaction with git-credential-gnome-keyring broken


Status:	RESOLVED DUPLICATE of bug 756865

Product:	gnome-keyring
Classification:	Core
Component:	general
Version:	3.18.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	GNOME keyring maintainer(s)
QA Contact:	GNOME keyring maintainer(s)

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2015-10-03 04:33 UTC by Jan Alexander Steffens (heftig)
Modified:	2015-10-23 12:06 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
dbus: Initialize secret service before claiming name (1.76 KB, patch) 2015-10-06 19:43 UTC, Jan Alexander Steffens (heftig)	committed	Details \| Review

Description Jan Alexander Steffens (heftig) 2015-10-03 04:33:54 UTC

Since GNOME 3.18, git hangs when attempting to push to github; it's waiting for "git-credential-gnome-keyring store" to finish, and killing this process lets the push continue.

It seems that retrieving the cached credentials works fine, but storing the credentials after a successful authentication is broken now.

DBus monitoring shows no activity after a completed org.gnome.keyring.internal.Prompter.Callback.PromptReady call from gnome-shell to gnome-keyring.

git 2.6.0
libgnome-keyring 3.12.0
gnome-keyring 3.18.0
gnome-shell 3.18.0
systemd v226 (kdbus)

Comment 1 Jan Alexander Steffens (heftig) 2015-10-05 17:07:10 UTC

Backtrace of hang:

+ Trace 235545

#0 __poll_nocancel
from /usr/lib/libc.so.6
#1 socket_do_iteration
at dbus-transport-socket.c line 1167
#2 _dbus_transport_do_iteration
at dbus-transport.c line 1001
#3 _dbus_connection_do_iteration_unlocked
at dbus-connection.c line 1227
#4 _dbus_connection_read_write_dispatch
at dbus-connection.c line 3706
#5 dbus_connection_read_write_dispatch
at dbus-connection.c line 3774
#6 gkr_operation_block_and_unref
at gkr-operation.c line 564
#7 gnome_keyring_set_network_password_sync
at gnome-keyring.c line 4764
#8 keyring_store
at git-credential-gnome-keyring.c line 236
#9 main
at git-credential-gnome-keyring.c line 464

Comment 2 Jan Alexander Steffens (heftig) 2015-10-05 17:20:22 UTC

Debug log up until hang:

(process:22576): Gkr-DEBUG: item_create_start: unlocking the keyring: /org/freedesktop/secrets/aliases/default
(process:22576): Gkr-DEBUG: gkr_operation_new: 0x1d191e0
(process:22576): Gkr-DEBUG: gkr_operation_block_and_unref: 0x1d191e0: processing
(process:22576): Gkr-DEBUG: connect_to_service: created and initialized dbus connection
(process:22576): Gkr-DEBUG: gkr_operation_block_and_unref: 0x1d191e0: blocking request
(process:22576): Gkr-DEBUG: item_create_1_unlock_reply: no such default keyring, creating
(process:22576): Gkr-DEBUG: gkr_operation_block_and_unref: 0x1d191e0: blocking request
(process:22576): Gkr-DEBUG: item_create_1_collection_reply: prompting to create default keyring: /org/freedesktop/secrets/prompt/p5
(process:22576): Gkr-DEBUG: gkr_operation_prompt: 0x1d191e0: calling prompt method
(process:22576): Gkr-DEBUG: gkr_operation_block_and_unref: 0x1d191e0: blocking request
(process:22576): Gkr-DEBUG: gkr_operation_block_and_unref: 0x1d191e0: blocking on prompt

Comment 3 Jan Alexander Steffens (heftig) 2015-10-06 17:38:06 UTC

Seems something is broken with accessing the default keyring? A working build (from commit a8862f7) produced these logs:

With the daemon not running (which caused an unlock prompt):

(process:21401): Gkr-DEBUG: item_create_start: unlocking the keyring: /org/freedesktop/secrets/aliases/default
(process:21401): Gkr-DEBUG: gkr_operation_new: 0x8341e0
(process:21401): Gkr-DEBUG: gkr_operation_block_and_unref: 0x8341e0: processing
(process:21401): Gkr-DEBUG: connect_to_service: created and initialized dbus connection
(process:21401): Gkr-DEBUG: gkr_operation_block_and_unref: 0x8341e0: blocking request
(process:21401): Gkr-DEBUG: item_create_1_unlock_reply: prompting to unlock the keyring: /org/freedesktop/secrets/prompt/u1
(process:21401): Gkr-DEBUG: gkr_operation_prompt: 0x8341e0: calling prompt method
(process:21401): Gkr-DEBUG: gkr_operation_block_and_unref: 0x8341e0: blocking request
(process:21401): Gkr-DEBUG: gkr_operation_block_and_unref: 0x8341e0: blocking on prompt
(process:21401): Gkr-DEBUG: on_prompt_signal: 0x8341e0: prompt was completed
(process:21401): Gkr-DEBUG: item_create_1_unlock_prompt_reply: keyring unlocked
(process:21401): Gkr-DEBUG: item_create_2_session_request: requesting session
(process:21401): Gkr-DEBUG: on_prompt_completed: 0x8341e0
(process:21401): Gkr-DEBUG: gkr_operation_block_and_unref: 0x8341e0: blocking request
(process:21401): Gkr-DEBUG: item_create_2_session_reply: have session, encoding secret
(process:21401): Gkr-DEBUG: item_create_2_session_reply: creating item
(process:21401): Gkr-DEBUG: gkr_operation_block_and_unref: 0x8341e0: blocking request
(process:21401): Gkr-DEBUG: item_create_3_created_reply: new item id 122 for path /org/freedesktop/secrets/aliases/default/122
(process:21401): Gkr-DEBUG: gkr_operation_block_and_unref: 0x8341e0: done
(process:21401): Gkr-DEBUG: operation_clear_callbacks: 0x8341e0
(process:21401): Gkr-DEBUG: operation_unref: 0x8341e0: freeing

Afterwards:

(process:21498): Gkr-DEBUG: item_create_start: unlocking the keyring: /org/freedesktop/secrets/aliases/default
(process:21498): Gkr-DEBUG: gkr_operation_new: 0x12891e0
(process:21498): Gkr-DEBUG: gkr_operation_block_and_unref: 0x12891e0: processing
(process:21498): Gkr-DEBUG: connect_to_service: created and initialized dbus connection
(process:21498): Gkr-DEBUG: gkr_operation_block_and_unref: 0x12891e0: blocking request
(process:21498): Gkr-DEBUG: item_create_1_unlock_reply: unlocked keyring
(process:21498): Gkr-DEBUG: item_create_2_session_request: requesting session
(process:21498): Gkr-DEBUG: gkr_operation_block_and_unref: 0x12891e0: blocking request
(process:21498): Gkr-DEBUG: item_create_2_session_reply: have session, encoding secret
(process:21498): Gkr-DEBUG: item_create_2_session_reply: creating item
(process:21498): Gkr-DEBUG: gkr_operation_block_and_unref: 0x12891e0: blocking request
(process:21498): Gkr-DEBUG: item_create_3_created_reply: new item id 123 for path /org/freedesktop/secrets/aliases/default/123
(process:21498): Gkr-DEBUG: gkr_operation_block_and_unref: 0x12891e0: done
(process:21498): Gkr-DEBUG: operation_clear_callbacks: 0x12891e0
(process:21498): Gkr-DEBUG: operation_unref: 0x12891e0: freeing

Comment 4 Jan Alexander Steffens (heftig) 2015-10-06 17:45:04 UTC

Git bisected to c459da1c (Port gnome-keyring-daemon to GDBus).

Comment 5 Jan Alexander Steffens (heftig) 2015-10-06 19:03:55 UTC

Comparing DBus interaction for the 3.16 and 3.18 daemon without kdbus, I so far noted the following things:

If the daemon isn't running, upon activation the 3.18 daemon claims the bus name before the object tree is ready, resulting in the activating method call failing (No such interface 'org.freedesktop.Secret.Service' on object at path /org/freedesktop/secrets"). This is an additional bug. Shouldn't the code be using g_bus_own_name instead of fiddling with GDBusConnections and RequestName?

The (aoo) reply to the first org.freedesktop.secrets.Unlock call with argument (["/org/freedesktop/secrets/aliases/default"]) is ([], "/org/freedesktop/secrets/prompt/u1") for 3.16 and ([], "/") for 3.18.

Comment 6 Jan Alexander Steffens (heftig) 2015-10-06 19:43:16 UTC

Created attachment 312757 [details] [review]
dbus: Initialize secret service before claiming name

Fixes the activation race, but not the broken credentials storing.

Comment 7 Jan Alexander Steffens (heftig) 2015-10-06 19:46:04 UTC

I noticed that GKD complains:

** (gnome-keyring-daemon:28779): WARNING **: could not register secret unlock prompt on session bus: An object is already exported for the interface org.freedesktop.Secret.Prompt at /org/freedesktop/secrets/prompt/p1
Unlocking '/org/freedesktop/secrets/collection/login'

GkdSecretUnlock exports in its constructor. Apparently code (from GdkSecretCreate?) tries to reuse this path for a new, concurrent GdkSecretUnlock, which fails.

Comment 8 Stef Walter 2015-10-07 12:49:00 UTC

Cosimo. This is a change in the GDBus port. Could you review it?

Comment 9 Cosimo Cecchi 2015-10-07 14:42:05 UTC

Stef, I'll try and take a look soon.

Comment 10 Cosimo Cecchi 2015-10-07 17:10:53 UTC

Comment on attachment 312757 [details] [review]
dbus: Initialize secret service before claiming name

Attachment 312757 [details] pushed as 3cf744f - dbus: Initialize secret service before claiming name

Comment 11 Cosimo Cecchi 2015-10-07 17:11:32 UTC

This one looks good, and I pushed it to master. Thanks.
I will find some time to investigate the other issues later, if no one else beats me at it.

Comment 12 Jan Alexander Steffens (heftig) 2015-10-16 21:22:37 UTC

3.18.1 is still buggy.

Comment 13 Stef Walter 2015-10-17 08:08:54 UTC

> 3.18.1 is still buggy.

That's an undescriptive comment low on information. But I'll try and be helpful: You may be experiencing bug #756032, which is being merged now and that fix should be 3.18.2

Comment 14 Dmitry Shachnev 2015-10-19 12:56:53 UTC

One of Debian users says that he is still having problems, with the latest packages (which correspond to post-3.18.1 Git snapshot, e53af4d55052b879):

https://bugs.debian.org/800617#110

Comment 15 Jan Alexander Steffens (heftig) 2015-10-20 20:07:17 UTC

The problem still exists in 3.18.2. The first notable difference in behavior from 3.16.0 is the missing object path in the reply to the Unlock call.



3.16.0:

‣ Type=method_call  Endian=l  Flags=0  Version=1  Priority=0  Cookie=4
  Sender=:1.1952  Destination=org.freedesktop.secrets
  Path=/org/freedesktop/secrets  Interface=org.freedesktop.Secret.Service
  Member=Unlock  UniqueName=:1.1952
  MESSAGE "ao" {
          ARRAY "o" {
                  OBJECT_PATH "/org/freedesktop/secrets/aliases/default";
          };
  };

‣ Type=method_return  Endian=l  Flags=1  Version=1  Priority=0  Cookie=102
  ReplyCookie=4  Sender=:1.1947  Destination=:1.1952  UniqueName=:1.1947
  MESSAGE "aoo" {
          ARRAY "o" {
                  OBJECT_PATH "/org/freedesktop/secrets/aliases/default";
          };
          OBJECT_PATH "/";
  };



3.18.2:

‣ Type=method_call  Endian=l  Flags=0  Version=1  Priority=0  Cookie=4
  Sender=:1.1961  Destination=org.freedesktop.secrets
  Path=/org/freedesktop/secrets  Interface=org.freedesktop.Secret.Service
  Member=Unlock  UniqueName=:1.1961
  MESSAGE "ao" {
          ARRAY "o" {
                  OBJECT_PATH "/org/freedesktop/secrets/aliases/default";
          };
  };

‣ Type=method_return  Endian=l  Flags=1  Version=1  Priority=0  Cookie=90
  ReplyCookie=4  Sender=:1.1955  Destination=:1.1961  UniqueName=:1.1955
  MESSAGE "aoo" {
          ARRAY "o" {
          };
          OBJECT_PATH "/";
  };



This is followed by OpenSession for 3.16.0 and CreateCollection for 3.18.2.

Comment 16 Stef Walter 2015-10-23 12:06:42 UTC

I think this is a dulpicate of #756865

Please reopen if that's not the case.

*** This bug has been marked as a duplicate of bug 756865 ***