calcleaner icon indicating copy to clipboard operation
calcleaner copied to clipboard

Published 20 hours ago verified publisher icon flozz

Everything greyed out?

Open kurumushi opened this issue 2 years ago • 8 comments

Just installed the app on flatpak, and the "add account" button is greyed out. When I click the hamburger menu, clicking "add account" does nothing, and both "about" and "quit" are also greyed out. Is there some other requirement?

Output when run from the console:

Traceback (most recent call last): File "/app/lib/python3.9/site-packages/calcleaner/application.py", line 38, in do_startup self.accounts.load() File "/app/lib/python3.9/site-packages/calcleaner/accounts.py", line 25, in load secrets = Secret.password_search_sync( gi.repository.GLib.GError: g-dbus-error-quark: org.freedesktop.DBus.Error.ServiceUnknown (2)

This is on opensuse Tumbleweed KDE.

kurumushi avatar Sep 19 '22 13:09 kurumushi

Just solved it. The flatpak does not by default have permission to dbus,

kurumushi avatar Sep 19 '22 13:09 kurumushi

Hello,

Is it a missing permission in the CalCleaner package or is it a misconfiguration of Flatpak on your side?

flozz avatar Sep 19 '22 13:09 flozz

Looks like it's the flatpak package itself, the permission I had to enable was "socket=session-bus" which isn't enabled in the flatpak file

kurumushi avatar Sep 19 '22 14:09 kurumushi

Thank you I will fix that!

flozz avatar Sep 19 '22 14:09 flozz

Hum, the doc state that this permission should be used only for dev tools:

Access to the entire bus with --socket=system-bus or --socket=session-bus should be avoided, unless the application is a development tool.

https://docs.flatpak.org/en/latest/sandbox-permissions.html#d-bus-access

I think Flatpak already give a basic access to DBus (but only to the endpoint of the app) and that additional permission is not required.

flozz avatar Sep 19 '22 14:09 flozz

This app is trying to connect to the secret service (gnome-keyring, etc.) over dbus, with that option disabled I was unable to do so. So maybe it's using a non standard method to do it?

kurumushi avatar Sep 20 '22 02:09 kurumushi

The strange thing is that it works out of the box on Ubuntu... :/

In the doc I found the --talk-name=org.freedesktop.secrets permission: https://docs.flatpak.org/en/latest/sandbox-permissions-reference.html

Maybe this permission would be enough?

EDIT: I found an interesting part in the documentation:

Portals are a mechanism through which applications can interact with the host environment from within a sandbox. In this way, they give additional abilities to interact with data, files and services without the need to add sandbox permissions.

  • https://docs.flatpak.org/en/latest/desktop-integration.html#portals

  • https://flatpak.github.io/xdg-desktop-portal/#gdbus-org.freedesktop.portal.Secret

This is probably why it works for me and not for you. Maybe Portal API is not configured or available or not detected by libsecret so it fallback to a direct connection to the D-Bus service?

Anyway, adding the permission above should fix the issue for this case :)

flozz avatar Sep 20 '22 06:09 flozz

I was able to reproduce the issue in a VM. I also found other softwares that have issue in OpenSUSE, like Pika backup that is unable to access the keyring.

Now I have to understand why on some distro it works but not on some other ones... Accessing the application own namespace on D-Bus should not require additional permission. For the keyring, on Ubuntu it seems that the portal creates a specific keyring for the app that is then stored in the main one... :thinking:

image

flozz avatar Oct 04 '22 07:10 flozz