10
9
Fork
You've already forked linux-app
14

Improve keyring detection #587

Closed
opened 2024年05月22日 16:39:01 +02:00 by christoph-blessing · 5 comments
christoph-blessing commented 2024年05月22日 16:39:01 +02:00 (Migrated from github.com)
Copy link

Hi,

I am using the password manager KeepassXC and its secret service integration. The password manager saves changes immediately and because I am using a Yubikey as a second factor I have to touch the key every time changes are saved. This means that every time eduvpn saves something to the keyring I have to touch the Yubikey which would not be a problem if it happened rarely but it happens literally every time I invoke the cli (even just eduvpn-cli --help). This is annoying and seems unnecessary.

I took a look at the source code and the behavior I described seems to be caused by the way eduvpn checks whether or not the keyring is available. It seems to test this by saving something to the keyring, reading it and then deleting it [1].

Would it be possible to change the keyring detection such that it doesn't save something to the keyring or have that check only happen when necessary?

[1] github.com/eduvpn/python-eduvpn-client@1d37f56d07/eduvpn/keyring.py (L63)

PS: One workaround I know of is to invoke the cli with an empty DBUS session address, i.e. DBUS_SESSION_BUS_ADDRESS= eduvpn-cli

Hi, I am using the password manager KeepassXC and its secret service integration. The password manager saves changes immediately and because I am using a Yubikey as a second factor I have to touch the key every time changes are saved. This means that every time eduvpn saves something to the keyring I have to touch the Yubikey which would not be a problem if it happened rarely but it happens literally every time I invoke the cli (even just `eduvpn-cli --help`). This is annoying and seems unnecessary. I took a look at the source code and the behavior I described seems to be caused by the way eduvpn checks whether or not the keyring is available. It seems to test this by saving something to the keyring, reading it and then deleting it [1]. Would it be possible to change the keyring detection such that it doesn't save something to the keyring or have that check only happen when necessary? [1] https://github.com/eduvpn/python-eduvpn-client/blob/1d37f56d07d142b6cffa00d00329ad5fcc05f47e/eduvpn/keyring.py#L63 PS: One workaround I know of is to invoke the cli with an empty DBUS session address, i.e. `DBUS_SESSION_BUS_ADDRESS= eduvpn-cli`
jwijenbergh commented 2024年05月23日 14:23:12 +02:00 (Migrated from github.com)
Copy link

Would it be possible to change the keyring detection such that it doesn't save something to the keyring or have that check only happen when necessary?

As far as I know this is not possible. the best way is to try the keyring, which is what we're doing. As far as I could find this is most commonly what linux applications do. Any other approaches are welcome of course, but this is the best I could find

> Would it be possible to change the keyring detection such that it doesn't save something to the keyring or have that check only happen when necessary? As far as I know this is not possible. the best way is to try the keyring, which is what we're doing. As far as I could find this is most commonly what linux applications do. Any other approaches are welcome of course, but this is the best I could find
christoph-blessing commented 2024年05月23日 15:42:46 +02:00 (Migrated from github.com)
Copy link

In that case would it be possible to check less often? To me at least some of the checks seem unnecessary like for example eduvpn-cli --help.

In that case would it be possible to check less often? To me at least some of the checks seem unnecessary like for example `eduvpn-cli --help`.
jwijenbergh commented 2024年05月23日 15:56:53 +02:00 (Migrated from github.com)
Copy link

In that case would it be possible to check less often? To me at least some of the checks seem unnecessary like for example eduvpn-cli --help.

That's a good point. I will think about some solutions for the next version

> In that case would it be possible to check less often? To me at least some of the checks seem unnecessary like for example `eduvpn-cli --help`. That's a good point. I will think about some solutions for the next version
jwijenbergh commented 2024年05月30日 18:26:17 +02:00 (Migrated from github.com)
Copy link

leaving this open until the fix is in the release. The fix is that for the CLI it only does the test run when the keyring is needed for the first time. for the GUI it does it when the UI is open

leaving this open until the fix is in the release. The fix is that for the CLI it only does the test run when the keyring is needed for the first time. for the GUI it does it when the UI is open
jwijenbergh commented 2024年06月05日 10:35:18 +02:00 (Migrated from github.com)
Copy link

New version is released

New version is released
Sign in to join this conversation.
No Branch/Tag specified
master
upstream-deb
openvpn-persistent
1.x
4.7.2
4.7.1
4.7.0
4.6.0
4.5.1
4.5.0
4.4.99.0
4.4.0
4.3.1
4.3.0
4.2.99.1
4.2.99.0
4.2.1
4.2.0
4.1.99.0
4.1.3
4.1.2
4.1.1
4.1.0
3.1.1
4.0.1
4.0.0
pr-3.3.1
pr-3.3.0
pr-3.2.0
3.1.0
3.0.0
2.2.1
2.2.0
2.1.0
2.0.0
1.1
1.0.3
1.0.2
1.0.1
1.0rc17
1.0rc16
1.0rc15
1.0rc14
1.0rc13
1.0rc12
1.0rc11
1.0rc10
1.0rc9
1.0rc8
1.0rc7
1.0rc6
1.0rc5
1.0rc4
1.0rc3
1.0rc2
1.0rc1
0.8
0.7.2
0.7.1
0.7
0.6.1
0.6
0.5.1
0.5
0.3
0.2.1
0.2
0.1.1
0.1
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
eduVPN/linux-app#587
Reference in a new issue
eduVPN/linux-app
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?