Bug 2141237

Summary:

ABRT on KDE can't store any passwords: Secret Service is not available

Product:

[Fedora] Fedora

Reporter:

Kamil Páral <kparal>

Component:

kf5-kwallet

Assignee:

KDE SIG <kde-sig>

Status:

CLOSED ERRATA

QA Contact:

Fedora Extras Quality Assurance <extras-qa>

Severity:

unspecified

Docs Contact:

Priority:

unspecified

Version:

CC:

abrt-devel-list, abrt-sig, bcotton, droidbittin, geraldo.simiao.kutz, jakub, jgrulich, jmilan, jonha87, kde-sig, me, mgrabovs, michal.toman, msrb, rdieter, robatino, than

Target Milestone:

---

Keywords:

CommonBugs

Target Release:

---

Flags:

bcotton: fedora_prioritized_bug+

Hardware:

Unspecified

OS:

Unspecified

Whiteboard:

https://ask.fedoraproject.org/t/common-issues/28363 RejectedBlocker

Fixed In Version:

kf5-kwallet-5.100.0-1.fc37

Doc Type:

If docs needed, set a value

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2022-11-17 01:27:53 UTC

Type:

Bug

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
screenshot of the secret service error in abrt	none
rpm -qa	none
screenshot of working ABRT on F37 with kwallet 5.99.0-1	none

Description Kamil Páral 2022-11-09 09:00:37 UTC

Description of problem:
When reporting a bug in ABRT, you need to provide a Bugzilla API key. However, in that dialog, there's a red warning text:

> Secret Service is not available, your settings won't be saved!

And exactly as declared, if you provide your API key, close ABRT and reopen it again, the field is again empty. I assume this might affect more than the API key, but it's extremely problematic specifically for the API key, because it can't be retrieved again from Bugzilla (you can only generate a new one). So each time you want to report a bug in KDE through ABRT, you need to go to Bugzilla and generate a *new* API key. I'm not sure if there's a limit on how many you can have. Or you need to have the key written down somewhere else.

This is a regression in F37. In F36, ABRT doesn't contain this warning and saving the API key works as expected.

When gnome-abrt is started in terminal, I see this error printed when showing the password dialog:

> Can't call method 'OpenSession' over DBus on path '/org/freedesktop/secrets' interface 'org.freedesktop.Secret.Service': GDBus.Error:org.freedesktop.DBus.Error.InvalidArgs: Algorithm plain is not supported. (only dh-ietf1024-sha256-aes128-cbc-pkcs7 is supported)

The Secret Service seems to be operational in general, because if I launch KDE Wallet, I can connect to the keyring just fine. And I can even use Seahorse (a GNOME-based password manager) to create new password entries, and they correctly show up in KDE Wallet. So the Secret Service itself doesn't seem to be broken, only ABRT can't connect to it. That might be ABRT's fault or some library's fault (libsecret? libreport?).


Version-Release number of selected component (if applicable):
= F37 (broken) =
abrt-*-2.15.1-6.fc37
gnome-abrt-1.4.2-3.fc37.x86_64
libreport-2.17.4-1.fc37.x86_64
libsecret-0.20.5-2.fc37.x86_64
gnome-keyring-42.1-2.fc37.x86_64

= F36 (working) =
abrt-*-2.15.1-1.fc36.
gnome-abrt-1.4.1-3.fc36.x86_64
libreport-2.17.1-1.fc36.x86_64
libsecret-0.20.5-1.fc36.x86_64
gnome-keyring-40.0-4.fc36.x86_64


How reproducible:
always

Steps to Reproduce:
1. start ABRT (Problem Reporting)
2. go to Preferences -> Report to Fedora (any) -> Configure -> Bugzilla
3. see a red warning message at the bottom of the dialog
4. provide some value in "API key" field, confirm and close everything
5. close and reopen ABRT
6. go back to the "API key" field, it's empty

Comment 1 Kamil Páral 2022-11-09 09:01:39 UTC

Created attachment 1923294 [details]
screenshot of the secret service error in abrt

Comment 2 Kamil Páral 2022-11-09 09:13:21 UTC

Created attachment 1923295 [details]
rpm -qa

Comment 3 Kamil Páral 2022-11-09 09:16:30 UTC

Nominating as a F37 Final blocker due to:
https://fedoraproject.org/wiki/Fedora_37_Final_Release_Criteria#Default_application_functionality

When reporting a bug, remembering the authentication credentials for a bug tracker sounds like a basic functionality of a bug reporting tool. Especially when those credentials can't be entered easily (username+password), but it's a very long string of random characters, which can't even be retrieved again, but needs to be generated anew each time.

Comment 4 Jonathan Haas 2022-11-09 10:16:40 UTC

This sounds related: https://bugs.kde.org/show_bug.cgi?id=458341

Comment 5 Kamil Páral 2022-11-09 10:30:26 UTC

Thanks a lot, Jonathan.

Comment 6 Jonathan Haas 2022-11-09 10:42:47 UTC

From what I understand from that thread, we could either disable the new Secret Service API from KWallet (which would make it fallback to whatever service backend has been used before) or we could cherrypick that patch from the last comment to enable "plain" support in KWallet. The former is probably safer.

Comment 7 Geraldo Simião 2022-11-10 00:26:18 UTC

Can reproduce this bug on a F36 KDE too:

abrt-*-2.15.1-1.fc36
gnome-abrt-1.4.2-1.fc36.x86_64
libreport-2.17.4-1.fc36.x86_64
libsecret-0.20.5-1.fc36.x86_64
gnome-keyring-42.1-1.fc36.x86_64

kf5-kwallet-5.99.0-1.fc36.x86_64
pam-kwallet-5.26.2-1.fc36.x86_64

kf5-plasma-5.99.0-1.fc36.x86_64

Comment 8 Kamil Páral 2022-11-10 07:26:52 UTC

We're both right. This bug didn't affect F36 on release, but it was introduced with some update. I'll try to figure out which exact change caused this.

Comment 9 Kamil Páral 2022-11-10 08:27:49 UTC

This is the change that broke ABRT in F36:

working:
kf5-kwallet-5.91.0-1.fc36.x86_64
kf5-kwallet-libs-5.91.0-1.fc36.x86_64

broken:
kf5-kwallet-5.99.0-1.fc36.x86_64
kf5-kwallet-libs-5.99.0-1.fc36.x86_64

Comment 10 Kamil Páral 2022-11-10 11:10:03 UTC

A Common Bug description:
https://ask.fedoraproject.org/t/common-issues/28363

Comment 11 Michal Srb 2022-11-10 15:33:08 UTC

(In reply to Jonathan Haas from comment #4)
> This sounds related: https://bugs.kde.org/show_bug.cgi?id=458341

Indeed, thanks for the link, Jonathan. This was a huge timesaver ;)

Comment 12 Ben Cotton 2022-11-10 18:17:54 UTC

In today's Go/No-Go meeting, we agreed to reject this as a blocker on the basis that the majority does not consider this to violate basic functionality and those who do would be willing to waive it, so in the interests of time, we are taking this as a consensus to reject

https://meetbot.fedoraproject.org/fedora-meeting/2022-11-10/f37-final-go_no_go-meeting.2022-11-10-17.02.log.html#l-78

Comment 13 Kamil Páral 2022-11-10 19:00:30 UTC

While it was rejected as a blocker, proposing as a prioritized bug because I think it's really important that our users can easily report program crashes.

Comment 14 Luna Jernberg 2022-11-10 19:04:36 UTC

+1 Prio Bug 
+1 FE

Comment 15 Geraldo Simião 2022-11-10 19:08:56 UTC

Updated F36 now with frameworks from kde-SIG copr (https://copr.fedorainfracloud.org/coprs/g/kdesig/kde/).
Confirmed, no more bug with the new 5.100

kf5-kwallet-5.100.0-1.fc36.x86_64
kf5-kwallet-libs-5.100.0-1.fc36.x86_64

Comment 16 Ben Cotton 2022-11-16 15:35:07 UTC

In today's Prioritized Bugs meeting, we agreed to accept this as this presents a major roadblock to bug reporting on KDE Plasma based variants

https://meetbot.fedoraproject.org/fedora-meeting-1/2022-11-16/fedora_prioritized_bugs_and_issues.2022-11-16-15.05.log.html#l-63

Comment 17 Ben Cotton 2022-11-16 16:04:22 UTC

It appears that update FEDORA-2022-a57b72eeb5 contains a fix for this, so  I'm setting this to ON_QA.

Comment 18 Fedora Update System 2022-11-16 23:46:28 UTC

FEDORA-2022-a57b72eeb5 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-a57b72eeb5

Comment 19 Fedora Update System 2022-11-17 01:27:53 UTC

FEDORA-2022-a57b72eeb5 has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 20 Kevin Kofler 2022-11-17 01:57:39 UTC

(In reply to Kamil Páral from comment #9)
> This is the change that broke ABRT in F36:
> 
> working:
> kf5-kwallet-5.91.0-1.fc36.x86_64
> kf5-kwallet-libs-5.91.0-1.fc36.x86_64
> 
> broken:
> kf5-kwallet-5.99.0-1.fc36.x86_64
> kf5-kwallet-libs-5.99.0-1.fc36.x86_64

The upstream report says pretty clearly that kf5-kwallet 5.97 is the release that introduced the Secret Service implementation, causing this regression. 5.100 fixes it by adding "plain" protocol support, so 5.97, 5.98, and 5.99 are the broken versions (and 5.99 is the one that was backported to F36).

So kf5-kwallet-5.100 should be pushed to F36 updates ASAP.

Comment 21 Geraldo Simião 2022-11-18 01:19:09 UTC

Created attachment 1925158 [details]
screenshot of working ABRT on F37 with kwallet 5.99.0-1

Just a weird detail here: yesterday Ben Williams (jbwillia) made a batch of F37 respins, just in case, and the KDE spin was build with kf5-kwallet-5.99.0-1... and the bug seems fixed too.
I know this is no longer an issue as for today the new version is at the stable repos, so I add this print just for the records.

Comment 22 Kamil Páral 2022-11-18 07:01:57 UTC

(In reply to Geraldo Simião from comment #21)
> Just a weird detail here: yesterday Ben Williams (jbwillia) made a batch of
> F37 respins, just in case, and the KDE spin was build with
> kf5-kwallet-5.99.0-1... and the bug seems fixed too.

I don't think it's fixed on that respin. It just doesn't show up in Live environments, not sure why. It has to be tested when installed.

Comment 23 Kamil Páral 2022-11-18 07:14:45 UTC

(In reply to Fedora Update System from comment #18)
> FEDORA-2022-a57b72eeb5 has been submitted as an update to Fedora 37.
> https://bodhi.fedoraproject.org/updates/FEDORA-2022-a57b72eeb5

I can confirm that this bug is now fixed with kf5-kwallet-5.100.0-1.fc37 .