snap: Force usage of libsecret everywhere and remove password manager service plug #2477
Conversation
The snap uses now a local and confined password manager, so it won't ever try to access to the system one. As per this disable the plug that could be a security hole.
When mailspring is confined it will only be able to access to the password storage via libsecret and that will save the data locally using the file storage. As per this, don't make electron to use some other passwor storage backend when running in different desktop environments.
This is already the case for the snap in most scenarios, but in some this could not happen if no secret portal is available in the system. In such cases, let's still force using a local secret backend.
|
This pull request has been mentioned on Mailspring Community. There might be relevant details there: https://community.getmailspring.com/t/password-management-error-after-the-latest-upgrade/7298/33 |
|
Oh this may require canonical/snapcraft#4477 wondering if using it without "=" but a space instead works anyways. |
| @@ -56,6 +56,9 @@ apps: | |||
| TMPDIR: $XDG_RUNTIME_DIR | |||
| # Fallback to XWayland if running in a Wayland session. | |||
| DISABLE_WAYLAND: 1 | |||
| # Force using the libsecret local backend in all the cases, even if no | |||
| # portal is detected. | |||
| SECRET_BACKEND: file | |||
There was a problem hiding this comment.
Hmm we may want to ship this separately since it'll require everyone to re-authenticate their accounts again (since we won't read their previously saved passwords from the password manager service)
Is there a way we can verify libsecret is receiving an encryption master key via a portal? I mostly want to be be sure that Chrome doesn't fall through to https://chromium.googlesource.com/chromium/src/+/53.0.2785.100/components/os_crypt/os_crypt_linux.cc#71 and use the password peanuts for everyone!
There was a problem hiding this comment.
Oh, I can see that... Well, I kept this a draft as we can avoid it for now.
However ea49cbf is safe to add and can likely be moved to another PR if you prefer.
See each commit for further explanations.