Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 642420 - net-libs/signond installs without SecretsStorage backend, falls back to unencrypted plain-text SQLite DB
Summary: net-libs/signond installs without SecretsStorage backend, falls back to unenc...
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo KDE team
Depends on:
Reported: 2017-12-27 16:49 UTC by Martijn Schmidt
Modified: 2018-01-31 22:58 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

signond-8.59-r1.ebuild (signond-8.59-r1.ebuild,1.60 KB, text/plain)
2017-12-27 16:49 UTC, Martijn Schmidt
metadata.xml (metadata.xml,376 bytes, application/xml)
2017-12-27 16:50 UTC, Martijn Schmidt
signond-ebuild.diff (signond-ebuild.diff,576 bytes, patch)
2017-12-28 19:01 UTC, Martijn Schmidt
Details | Diff
signond-metadata.diff (signond-metadata.diff,420 bytes, patch)
2017-12-28 19:02 UTC, Martijn Schmidt
Details | Diff
kaccounts-integration-ebuild.diff (kaccounts-integration-ebuild.diff,597 bytes, patch)
2018-01-02 00:16 UTC, Martijn Schmidt
Details | Diff
kaccounts-integration-metadata.diff (kaccounts-integration-metadata.diff,448 bytes, patch)
2018-01-02 00:28 UTC, Martijn Schmidt
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Martijn Schmidt 2017-12-27 16:49:32 UTC
Created attachment 511764 [details]

net-libs/signond is used as a backend for packages such as kde-apps/kaccounts-integration and kde-apps/kaccounts-providers, but does not have USE flags nor dependencies to pull in at least one of the secure SecretsStorage backend plugins. If no backend plugins are found, signond falls back to a "default" unencrypted plain-text SQLite DB to store its secrets as described in the /etc/signond.conf bundled with the net-libs/signond package.

It's fairly trivial to check whether this insecure default backend is in use, for example a KDE user with kde-misc/kio-gdrive installed may configure an online account through systemsettings5 -> Online Accounts -> Create -> Google. After following the steps in the GUI, open signond's SQLite database through the terminal and perform a .dump to print the password that was submitted back in unencrypted plain-text: sqlite3 ~/.config/signond/signon-secrets.db

Luckily, KDE users can easily resolve this issue by manually pulling in the kde-apps/signon-kwallet-extension package as recommended per the documentation on:

A gnome-keyring plugin exists as per /etc/signond.conf which refers to, but it doesn't appear to be in the Gentoo Linux tree at this time.

In my opinion, we should avoid storing secrets in the insecure default SQLite DB at all costs. Perhaps it would be a good idea to add a REQUIRED_USE "at least one of" style operator to the ebuild to make sure the end user has to install at least one secure SecretsStorage backend, starting with kwallet or gnome-keyring.

I have uploaded a suggested ebuild for net-libs/signond-8.59-r1 which adds the required kwallet USE flag and in turn has an RDEPEND for "kwallet? ( kde-apps/signon-kwallet-extension )". I couldn't add a gnome-keyring USE flag and RDEPEND entry at the same time because the signon-keyring-extension plugin is not in the tree yet.
Comment 1 Martijn Schmidt 2017-12-27 16:50:20 UTC
Created attachment 511766 [details]
Comment 2 Andreas Sturmlechner gentoo-dev 2017-12-28 10:10:07 UTC
Thanks for your report, it is always better if you attach unified diffs over the most recent ebuild instead of the full ebuild, so your changes can be reviewed.
Comment 3 Martijn Schmidt 2017-12-28 19:01:31 UTC
Created attachment 511880 [details, diff]

Thanks for the hint, I wasn't aware that a different format is preferred. I have attached the unified diffs you've asked for your review and obsoleted the old attachments.
Comment 4 Martijn Schmidt 2017-12-28 19:02:16 UTC
Created attachment 511882 [details, diff]
Comment 5 Martijn Schmidt 2018-01-02 00:16:36 UTC
Created attachment 512680 [details, diff]

The ebuild which I proposed last week results in circular dependencies on a system which doesn't already have both packages installed. Please excuse the newbie mistake on my part! ;-)


 * Error: circular dependencies:

(net-libs/signond-8.59-r1:0/0::local, ebuild scheduled for merge) depends on
 (kde-apps/signon-kwallet-extension-17.12.0:5/5::gentoo, ebuild scheduled for merge) (runtime)
  (net-libs/signond-8.59-r1:0/0::local, ebuild scheduled for merge) (buildtime)

 * Note that circular dependencies can often be avoided by temporarily
 * disabling USE flags that trigger optional dependencies.


Perhaps the cleaner solution, in this case, would be to modify the ebuild for kde-apps/kaccounts-integration so that it has a kwallet USE flag with an RDEPEND on kde-apps/signon-kwallet-extension when enabled. This was the upstream's recommended setup, and for users with the desktop/plasma profile the kwallet USE flag is going to be enabled by default anyway.

That'll leave the Gnome team to decide what they'd like to do for the net-libs/signond integration with signon-keyring-extension. I'm not sure what'd be the best approach for other projects which may depend on net-libs/signond.
Comment 6 Martijn Schmidt 2018-01-02 00:28:33 UTC
Created attachment 512682 [details, diff]
Comment 7 Andreas Sturmlechner gentoo-dev 2018-01-31 22:58:31 UTC
I'm not sure about the best course of action here. Portage does not really support optional runtime deps, and USE flags exclusively in RDEPEND are frowned upon. If we add it unconditionally, definitely some people will complain.

Until there is real support for it in Portage we typically solve situations like these via an elog/optfeature message in pkg_postinst.

Right now we have the following dependency chain: