element-hq
SafeStorage does not work with KeePassXC after upgrading to v1.11.101
Steps to reproduce
- Use KeePassXC as Freedesktop Secret Service provider
- Upgrade to v1.11.101
- Run element-desktop
This issue is similar to issue #2332 but I believe it is different, because I use KeePassXC instead of gnome-keyring. element-desktop is also not crashing but displays an error message.
Outcome
What did you expect?
element-desktop running normally.
What happened instead?
An error windows opens instead of the main interface of gnome-keyring
/home/vincent/.config/Element exists: yes
/home/vincent/.config/Riot exists: no
(node:9848) [DEP0180] DeprecationWarning: fs.Stats constructor is deprecated.
(Use `element-desktop --trace-deprecation ...` to show where the warning was created)
Loading app config: /opt/Element/resources/webapp.asar/config.json
Loading local config: /home/vincent/.config/Element/config.json
Skipping nonexistent file: /home/vincent/.config/Element/config.json
Reached Electron ready state
Starting auto update with base URL: https://packages.element.io/desktop/update/
Auto update not supported on this platform
Fetching translation json for locale: en_EN
Changing application language to en
Fetching translation json for locale: en
Resetting the UI components after locale change
Resetting the UI components after locale change
Ensuring storage is ready
safeStorage backend 'basic_text' selected, 'undefined' in config.
(node:9848) [DEP0044] DeprecationWarning: The `util.isArray` API is deprecated. Please use `Array.isArray()` instead.
Going back to v1.11.101 solves the issue, and element-desktop launches normally (and gets secrets from KeePassXC).
Operating system
Debian
Application version
v1.11.101
How did you install the app?
https://packages.element.io/debian/pool/main/e/element-desktop/index.html
Homeserver
No response
Will you send logs?
Yes
I investigated a bit more and figured out that running element-desktop with --password-store="gnome-libsecret" fixes the issue. I think it is just Electron's method to detect the correct SafeStorage backend that is not optimal. When the system uses a Freedesktop Secret Service provider that is not gnome-keyring (such as KeePassXC), it fails to detect it correctly. But forcing it with --password-store="gnome-libsecret" works.
So I think it is more an Electron issue than an element-desktop issue.
The chromium detection mechanism is entirely based on desktop environment detection via environment variables, it's crude to say the least.
Ok, so the problem was not caused by using KeePassXC, but by not using Gnome as DE and using a libsecret compatible SafeStorage provider (KeePassXC here but it could have been gnome-keyring-daemon).
I think we can close this since it is an Electron issue.
Worth keeping open as a pointer for if anyone else encounters this in Element
Hi, had the same issue but the reported error was different. Strangely after forcing element-desktop to run with --password-store="gnome-libsecret" twice it and on failed launch attempt without it afterwards it now works again as it used to without that flag. But it refused to start beforehand. I don't know what side effects trying to launch element twice with that flag caused but it somehow persisted/fixed the issue (again).
[user@PC-001 ~]$ element-desktop
/home/user/.config/Element exists: yes
/home/user/.config/Riot exists: no
Loading app config: /usr/lib/element/webapp/config.json
Loading local config: /home/user/.config/Element/config.json
Skipping nonexistent file: /home/user/.config/Element/config.json
Reached Electron ready state
No update_base_url is defined: auto update is disabled
Fetching translation json for locale: en_EN
Changing application language to en
Fetching translation json for locale: en
Resetting the UI components after locale change
Resetting the UI components after locale change
Ensuring storage is ready
safeStorage backend 'kwallet6' selected, 'kwallet6' in config.
[31189:0527/040052.429464:ERROR:dbus/object_proxy.cc:590] Failed to call method: org.kde.KWallet.isEnabled: object_path= /modules/kwalletd6: org.freedesktop.DBus.Error.NameHasNoOwner: Could not activate remote peer 'org.kde.kwalletd6': unit failed
[31189:0527/040052.429502:ERROR:components/os_crypt/sync/kwallet_dbus.cc:117] Error contacting kwalletd6 (isEnabled)
[31189:0527/040052.429729:ERROR:dbus/object_proxy.cc:590] Failed to call method: org.kde.KLauncher.start_service_by_desktop_name: object_path= /KLauncher: org.freedesktop.DBus.Error.ServiceUnknown: The name is not activatable
[31189:0527/040052.429745:ERROR:components/os_crypt/sync/kwallet_dbus.cc:86] Error contacting klauncher to start kwalletd6
[31189:0527/040052.710708:ERROR:dbus/object_proxy.cc:590] Failed to call method: org.kde.KWallet.close: object_path= /modules/kwalletd6: org.freedesktop.DBus.Error.NameHasNoOwner: Could not activate remote peer 'org.kde.kwalletd6': unit failed
[31189:0527/040052.710738:ERROR:components/os_crypt/sync/kwallet_dbus.cc:412] Error contacting kwalletd6 (close)
Error: safeStorage is not available
at Store.prepareSafeStorage (file:///usr/lib/element/app.asar/lib/store.js:273:19)
at async Store.safeStorageReady (file:///usr/lib/element/app.asar/lib/store.js:175:9)
at async App.<anonymous> (file:///usr/lib/element/app.asar/lib/electron-main.js:402:9)
Opening main window
(node:31189) [DEP0044] DeprecationWarning: The `util.isArray` API is deprecated. Please use `Array.isArray()` instead.
(Use `electron --trace-deprecation ...` to show where the warning was created)
interestingly the first startup with "gnome-libsecret" failed but the 2nd worked without issues. Here the log of that 1st startup:
[user@PC-001 ~]$ element-desktop --password-store="gnome-libsecret"
/home/user/.config/Element exists: yes
/home/user/.config/Riot exists: no
Loading app config: /usr/lib/element/webapp/config.json
Loading local config: /home/user/.config/Element/config.json
Skipping nonexistent file: /home/user/.config/Element/config.json
Reached Electron ready state
No update_base_url is defined: auto update is disabled
Fetching translation json for locale: en_EN
Changing application language to en
Fetching translation json for locale: en
Resetting the UI components after locale change
Resetting the UI components after locale change
Ensuring storage is ready
safeStorage backend 'gnome_libsecret' selected, 'kwallet6' in config.
safeStorage backend changed from kwallet6 to gnome_libsecret
(node:32412) [DEP0044] DeprecationWarning: The `util.isArray` API is deprecated. Please use `Array.isArray()` instead.
(Use `electron --trace-deprecation ...` to show where the warning was created)
[32412:0527/040945.817224:ERROR:content/browser/browser_main_loop.cc:278] GLib-GObject: ../glib/gobject/gsignal.c:2699: instance '0x223400173380' has no handler with id '1341'
TypeError: Cannot destructure property 'webContents' of 'getFocusedWindow(...)' as it is undefined.
at clearAllUserData (/usr/lib/element/app.asar/node_modules/@standardnotes/electron-clear-data/dist/main.js:30:13)
at clearDataAndRelaunch (file:///usr/lib/element/app.asar/lib/store.js:47:5)
at Store.prepareSafeStorage (file:///usr/lib/element/app.asar/lib/store.js:253:27)
at async Store.safeStorageReady (file:///usr/lib/element/app.asar/lib/store.js:175:9)
at async App.<anonymous> (file:///usr/lib/element/app.asar/lib/electron-main.js:402:9)
Opening main window
And here the logs of the 2nd (aka the successful startup):
[user@PC-001 ~]$ element-desktop --password-store="gnome-libsecret"
/home/user/.config/Element exists: yes
/home/user/.config/Riot exists: no
Loading app config: /usr/lib/element/webapp/config.json
Loading local config: /home/user/.config/Element/config.json
Skipping nonexistent file: /home/user/.config/Element/config.json
Reached Electron ready state
No update_base_url is defined: auto update is disabled
Fetching translation json for locale: en_EN
Resetting the UI components after locale change
Ensuring storage is ready
safeStorage backend 'gnome_libsecret' selected, 'undefined' in config.
Using storage mode 'encrypted' with backend 'gnome_libsecret'
Opening main window
(node:32898) [DEP0044] DeprecationWarning: The `util.isArray` API is deprecated. Please use `Array.isArray()` instead.
(Use `electron --trace-deprecation ...` to show where the warning was created)
Changing application language to en
Fetching translation json for locale: en
Resetting the UI components after locale change
[32898:0527/041021.664832:ERROR:base/nix/mime_util_xdg.cc:137] Invalid mime.cache file does not contain null prior to ALIAS_LIST_OFFSET=44
[33180:0527/041022.728877:ERROR:ui/gl/gl_surface_presentation_helper.cc:260] GetVSyncParametersIfAvailable() failed for 1 times!
(node:32898) MaxListenersExceededWarning: Possible EventEmitter memory leak detected. 11 serverSupportedVersions listeners added to [IpcMainImpl]. MaxListeners is 10. Use emitter.setMaxListeners() to increase limit
(...)
after that I tried to restart elements without the explicit overwrite parameter again and it first failed:
[user@PC-001 ~]$ element-desktop
/home/user/.config/Element exists: yes
/home/user/.config/Riot exists: no
Loading app config: /usr/lib/element/webapp/config.json
Loading local config: /home/user/.config/Element/config.json
Skipping nonexistent file: /home/user/.config/Element/config.json
Reached Electron ready state
No update_base_url is defined: auto update is disabled
Fetching translation json for locale: en_EN
Changing application language to en
Fetching translation json for locale: en
Resetting the UI components after locale change
Resetting the UI components after locale change
Ensuring storage is ready
safeStorage backend 'kwallet6' selected, 'gnome_libsecret' in config.
safeStorage backend changed from gnome_libsecret to kwallet6
Opening main window
(node:43022) [DEP0044] DeprecationWarning: The `util.isArray` API is deprecated. Please use `Array.isArray()` instead.
(Use `electron --trace-deprecation ...` to show where the warning was created)
but to my surprise the 2nd attempt now also succeeded. Strangely even though in the above attempt it claims to change the backend to kwallet6 it somehow didn't and instead changed it to gnome_libsecret instead (wtf?!?)
[user@PC-001 ~]$ element-desktop
/home/user/.config/Element exists: yes
/home/user/.config/Riot exists: no
Loading app config: /usr/lib/element/webapp/config.json
Loading local config: /home/user/.config/Element/config.json
Skipping nonexistent file: /home/user/.config/Element/config.json
Reached Electron ready state
No update_base_url is defined: auto update is disabled
Fetching translation json for locale: en_EN
Changing application language to en
Fetching translation json for locale: en
Resetting the UI components after locale change
Resetting the UI components after locale change
Ensuring storage is ready
safeStorage backend 'gnome_libsecret' selected, 'gnome_libsecret' in config.
Using storage mode 'encrypted' with backend 'gnome_libsecret'
Opening main window
(node:43697) [DEP0044] DeprecationWarning: The `util.isArray` API is deprecated. Please use `Array.isArray()` instead.
(Use `electron --trace-deprecation ...` to show where the warning was created)
Changing application language to en
Fetching translation json for locale: en
Resetting the UI components after locale change
[43697:0527/042355.516106:ERROR:base/nix/mime_util_xdg.cc:137] Invalid mime.cache file does not contain null prior to ALIAS_LIST_OFFSET=44
[43971:0527/042356.449998:ERROR:ui/gl/gl_surface_presentation_helper.cc:260] GetVSyncParametersIfAvailable() failed for 1 times!
(node:43697) MaxListenersExceededWarning: Possible EventEmitter memory leak detected. 11 serverSupportedVersions listeners added to [IpcMainImpl]. MaxListeners is 10. Use emitter.setMaxListeners() to increase limit
It looks like element-desktop (no longer?) does an automatic fallback to gnome_libsecret if both gnome keyring and kwallet6 are installed (but kwallet6 is disabled).
This never happened, we previously used the (long deprecated) node-keytar library which only supported libsecret. Now we use the Chromium/Electron safeStorage API which uses a (crap) heuristic for detecting your keyring solution, but supports many more keyrings than just the one.
Is there a workaround for v1.11.101 or are those of us encountering this bug stuck on v1.11.100 for the time being?
Yes, if you encounter the same bug (using a libsecret keyring provider and not using Gnome, or using kwallet and not using KDE), you can force Electron to choose the correct keyring with the option --password-store="gnome-libsecret" or --password-store="kwallet6".
It should add this :
"safeStorageBackend": "gnome_libsecret",
"safeStorageBackendOverride": true,
in your ~/.config/Element/electron-config.json file to make it persistent, so the option --password-store is only needed once.
Do I understand correctly that, since v1.11.101, the two previous secrets (seshat|@user:... and @user:...) are no longer stored in KeePassXC, but have instead been moved to the electron-config.json file in encrypted form under safeStorage, and that only the Chromium Safe Storage key is now stored in KeePassXC?
@MrAnno they are not deleted from the old storage for backwards-compatibility sake, otherwise yes you are right. You can remove the old ones safely, you would just suffer data loss if you were to try and roll back to an older version of Element Desktop.