Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SecretService: github cli freezes and fails (it uses zalando/go-keyring) #9325

Closed
voidus opened this issue Apr 16, 2023 · 6 comments
Closed

SecretService: github cli freezes and fails (it uses zalando/go-keyring) #9325

voidus opened this issue Apr 16, 2023 · 6 comments
Labels
feature: Secret Service platform: Linux upstream

Comments

@voidus
Copy link

voidus commented Apr 16, 2023

Heya,

I was trying the github cli, and gh auth login froze instead of doing it's thing. I dove in a little deeper and the issue seems to be between go-keyring and keepassxc.

I've made a minimal test application to reduce the issue and recorded dbus-monitor logs, so I'd hope it's easy enough for someone who knows the secret service protocol to spot the problem.

I have posted it at zalando/go-keyring: zalando/go-keyring#88, but since I don't know enough to tell whether it's keepassxc or go-keyring (or something else entirely!) I thought I'd cross-post it here so y'all can work together on this :)
@voidus voidus added the bug label Apr 16, 2023
@droidmonkey
Copy link
Member

Given your test with secret tool was successful, I strongly doubt this is a keepassxc specific problem. It could be that go-keyring is not properly handling the FDO Secrets protocol. From the dbus logs you posted it looks like keepassxc had no problem responding to the requests.

@voidus
Copy link
Author

voidus commented Apr 16, 2023

Thank you for the input, as I wrote I'm not very familiar with the protocol. Let's see what the zalando folks say to this then.
I'd suggest to leave this open until they confirm it's an issue on their side, but if you'd rather close it that's fine with me as well of course.

@christoph-blessing
Copy link

christoph-blessing commented Apr 18, 2023
edited
Loading

I ran into the same issue. Is there a workaround for this because at the moment I can not use gh cli?

@voidus
Copy link
Author

voidus commented Apr 18, 2023

You could use --no-secret-storage (or sth like this, gh --help should show the exact flag) to store the github token in a plaintext file. I personally chose not to do that, but I don't think that it's Very Bad In All Circumstances Definitely Never Do This(tm).

It's a security decision that you have to make for yourself.

@sm1999
Copy link

sm1999 commented Apr 18, 2023
edited
Loading

This will fix it. Tested locally.

@voidus
Copy link
Author

voidus commented Apr 23, 2023
edited
Loading

In case any nix users don't want to wait until it landed upstream, this is the overlay I use to patch it on my system: https://gist.github.com/voidus/9caf14a8efac08918f9fe889fe5628ac

Edit: While auth login works now, repo clone and auth status still tell me I'm not authenticated -.-

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature: Secret Service platform: Linux upstream
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@voidus @droidmonkey @christoph-blessing @sm1999