GNOME Bugzilla – Bug 694107
It is not possible to use SecretAttributes returned by a search to delete items.
Last modified: 2013-02-26 18:31:53 UTC
After searching with secret_service_search() it is not possible to directly use other secret_service_* methods with the attributes of the matched items. This is because these might contain extra attributes (like xdg:schema or gkr:compat ones) that cause the internal validation of the secret service methods to fail. It is possible to circumvent the issues with the xdg:schema attribute by checking that it is consistent with whatever schema is given, but for the rest I am not sure as to how to proceed. They could be ignored, in which case the validation would only care to ensure that the values are consistent, which might not be the ideal. Alternatively, users would have to rebuild the attributes table by copying only the items that belong to the given schema. Another option is to ignore anything whose name has a form like [a-z]+:[a-z]+ and is presumably metadata and not an actual attribute.
(In reply to comment #0) > After searching with secret_service_search() it is not possible to directly use > other secret_service_* methods with the attributes of the matched items. This > is because these might contain extra attributes (like xdg:schema or gkr:compat > ones) that cause the internal validation of the secret service methods to fail. > > It is possible to circumvent the issues with the xdg:schema attribute by > checking that it is consistent with whatever schema is given, but for the rest > I am not sure as to how to proceed. I would suggest doing validation on xdg:schema and skipping over 'gkr:compat:'. The former is necessary and a good approach. The latter would be more of a hack, but it's acceptable in this case given how ugly libgnome-keyring's use of the Secret Service API is. Did you say you would do a patch for this? LMK if you need anything else from me.
Yes, i do. Are there other cases besides gkr:compat that need to be skipped? Hopefully not.
I don't think so: libgnome-keyring$ git grep '"gkr:' library/gnome-keyring.c: if (g_str_has_prefix (name, "gkr:")) library/gnome-keyring.c: check = g_strdup_printf ("gkr:compat:uint32:%s", name); library/gnome-keyring.c: value = g_strdup_printf ("gkr:compat:uint32:%s", attr->name);
Created attachment 236731 [details] [review] secret-attributes: improve validation of attributes table Attributes table that are built by the library itself contain the xdg:schema meta-attribute. Additionally, secrets with a SECRET_SCHEMA_COMPAT_NETWORK schema might also have GNOME Keyring specific meta-attributes (prefixed 'gkr'). During validation, ensure that the former is consistent with the name of the schema and ignore the latter.
Stef? We need this for ephy 3.8.
Created attachment 237452 [details] [review] secret-attributes: improve validation of attributes table I've added tests. Could you review the tests, and once that's done I'll push.
Tests look good. Thanks for adding them!
Hm, perhaps you should free the tables, though..
Done and pushed. Attachment 237452 [details] pushed as 261749e - secret-attributes: improve validation of attributes table