GNOME Bugzilla – Bug 484095
Using wrong "schema" in gnome-keyring
Last modified: 2011-01-31 12:00:55 UTC
Cloning the bug Havoc raised in the network manager bug #471567. From the bug: > Using the NETWORK_PASSWORD type is wrong I think, for reasons discussed here: > > http://mail.gnome.org/archives/desktop-devel-list/2007-August/msg00241.html > > also there's a similar issue with Gossip: > > http://bugzilla.gnome.org/show_bug.cgi?id=343513 > > As mentioned in the Gossip bug, what you should put in gnome-keyring AIUI is > only the tuple you need to uniquely identify each password, like: > > (vpn_name="Red Hat",user="hp",password_type="group") > > I think that's it. "protocol" and "object" fields are not appropriate or > useful. > > vpn_name is the name of the account record stored by network manager, it might > be more correct to use the name of the vpn server there instead: > > (vpn="vpnserver.example.com",user="hp",password_type="group") > > Then in theory if someone deleted and recreated their VPN config, the passwords > would still be recorded in the keyring, since they are stored under the server > to log in to not the name given to the config. > > This is also more theoretically correct since it would allow a non-NM program > to share the keyring entry, though I can't imagine that happening for NM, it is > a relevant consideration for an IM application for example (cf. Gossip bug). When I figure out how to create a new schema, I will fix this bug :) Unless someone wants to write a patch :D
Oh, there is no creating of schemas to do. Just don't use the "network server" API in gnome-keyring, which is a convenience thing; use the "raw" API that lets you use an arbitrary list of key-value pairs as the key for the secret. In other words, gnome-keyring is just a map with another map as the lookup key, like: (vpn_name="Red Hat",user="hp") => secret "schema" is perhaps not an appropriate word. You can use an arbitrary set of key-value pairs for the lookup key, and you can look up by any of the pairs in the lookup key. The "network server" convenience API is simply a way to use a specific lookup key, which is something like: (server=foo,protocol=bar,object=blah) => secret However, that lookup key makes no sense for most purposes (anything that isn't a network file share). The bug is just "use a lookup key that makes sense" - the word "schema" probably makes it sound a lot harder than it is.
The schema support in gnome-keyring is described here: http://library.gnome.org/devel/gnome-keyring/2.21/gnome-keyring-gnome-keyring-password.html#GnomeKeyringPasswordSchema What are the fields that gossip needs? Perhaps we should add a predefined in IM schema to gnome-keyring.
Well the details we currently use are: - Server (e.g. kenny.imendio.com) - Username (e.g. martyn@imendio.com) - Protocol (Jabber or XMPP) - Package name (Gossip) - Password I am wondering if we really need a separate server and username here. The reason we use it, is because you can see from the example above that you might need to specify that differently. We could use port, but invariably this is just a TLS port for the same server with the same username and password which doesn't warrant separate clarification in gnome-keyring. I think a separate IM schema would be very nice. It would make it easier for IM apps to adapt to at least :)
Gossip development has been stalled and it has been unmaintained for a few years now. You may use 'empathy' for similar functionality. Maintainers don't have future development plan so i am closing bugs as WONTFIX. Please feel free to reopen the bugs in future if anyone takes the responsibility for active development.