GNOME Bugzilla – Bug 679914
Replace libgnomekeyring with libsecret
Last modified: 2012-10-02 10:16:15 UTC
Created attachment 218798 [details] [review] WIP patch to migrate to libsecret libsecret is a new client for the Secret Service DBus API. The Secret Service allows storage of passwords in a common way on the desktop. Supported by gnome-keyring and ksecretservice. It solves many problems with libgnome-keyring. Relevant to Evolution: it solves threading issues, uses GDBus instead of dbus-glib, and uses GAsyncResult. Note that libsecret can read passwords stored via libgnome-keyring and vs. versa. A future GNOME goal will be to migrate away from libgnome-keyring to libsecret: https://live.gnome.org/GnomeGoals/LibsecretMigration I've done a rough WIP patch for evolution-data-server in order to make sure that the libsecret API covered all the use cases. I'll attach that patch here. I hope it's a help for the migration, but I don't plan to iterate on it at the current time. Some notes about the patch: * I chose arbitrary schema names. You probably want to choose better ones and probably want to sync these schema names with other libsecret based nm-agents like gnome-shell: org.gnome.Evolution.DataSource org.gnome.Evolution.Password * I haven't tested the patch. That's hard for me to do without the devices involved, and I'm not familiar with all the code paths and logic. * I'm sure I didn't figure out the nuances of what e-passwords.c was trying to accomplish. I simplifed the code considerably. But if you need the old behavior ... you can use secret_collection_for_alias() with SECRET_COLLECTION_DEFAULT to load the default keyring, and then use secret_collection_search_sync() to search through just that one keyring. In addition secret_password_clear_sync() removes only matching unlocked items, for the old behavior of unlocking all matching items, and then deleting them, you can use secret_collection_search_sync() or secret_service_search_sync() with the SECRET_SEARCH_UNLOCK and SECRET_SEARCH_ALL flags and then secret_item_delete() on the items returned. Note that the patch uses the unstable 'advanced' parts of the libsecret API. This is because the migration code. I'm aiming to get most of this stable by GNOME 3.8, but if you do migrate to libsecret before then, I would patch Evolution for any API changes that come up.
Thanks! This is 3.7/3.8 material, but I'll start a libsecret branch for testing. EAuthenticationSession is the main password API now, e-passwords.c is deprecated and only used for GPG and S/MIME password prompts so it doesn't need to be nearly so complicated.
Ah that makes sense. BTW, just a heads up: Please look at the patch critically. I really did the patch as a way to try out the API. There may be memory leaks or other logic errors. Most libsecret getters return data that must be unreferenced or freed.
[Please make libsecret migration bugs block bug 679893. Thanks!]
I pushed a libsecret branch with Stef's patch plus a few tweaks: http://git.gnome.org/browse/evolution-data-server/log/?h=libsecret The schema names will be private to E-D-S. Our calendar and address book backends now handle authentication on their own, and system-modal password prompting and secret service interaction is centralized in a new D-Bus service, so other E-D-S clients like GNOME Shell and GNOME Contacts should be unaffected. The schema names you've chosen seem fine to me. I plan to merge this for Evolution-Data-Server 3.7.1 after giving it some testing.
Seems to work after a bit of smoke testing. I've pushed this now for Evolution-Data-Server 3.7.1: http://git.gnome.org/browse/evolution-data-server/commit/?id=af70f1bec73b2c2ff72300cce93ffbd9c4b9d6ad Thanks again for the patch!
Created attachment 225554 [details] [review] pkgconfig fix It seems you missed one dep in a pkgconfig file. Fix attached.
Ah, right you are. Thanks for that. Committed in: http://git.gnome.org/browse/evolution-data-server/commit/?id=5f73b2a2038b41a077aaede74aeab69df137de4d