https://bugs.kde.org/show_bug.cgi?id=458644
Bug ID: 458644
Summary: Make legacy KWallet entries searchable via Secret
Service API
Product: frameworks-kwallet
Version: 5.97.0
Platform: unspecified
OS: Linux
Status: REPORTED
Severity: wishlist
Priority: NOR
Component: general
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected]
Target Milestone: ---
SUMMARY
Secret Service API (`org.freedesktop.secrets`) support was added to KWallet
Framework in 5.97.0. Legacy entries that were created with the old
`org.kde.kwalletd5` lack any attributes, so they're not searchable with the new
API. Furthermore, they cannot be easily accessed directly, since their item
indices are not trivial to determine. This presents a potential migration issue
should the legacy `org.kde.kwalletd5` API be discontinued (Bug 458318).
STEPS TO REPRODUCE
1. Install KWallet 5.97.0 and enable Secret Service integration.
2. Create some entries via the old `org.kde.kwalletd5` API (or via
KWalletManager).
3. Inspect the wallet contents via the DBus Secret Service API and/or via a
Secret Service client such as Seahorse. For example, run the following
commands:
> qdbus org.freedesktop.secrets
> qdbus --literal org.freedesktop.secrets
> /org/freedesktop/secrets/collection/<name-of-wallet>/<legacy-item-index>
> org.freedesktop.Secret.Item.Label
> qdbus --literal org.freedesktop.secrets
> /org/freedesktop/secrets/collection/<name-of-wallet>/<legacy-item-index>
> org.freedesktop.Secret.Item.Attributes
OBSERVED RESULT
- Legacy items have no attributes, so are not searchable.
- Items are listed by index only; indices of specific items are not trivial to
determine.
- Items cannot be accessed by legacy path or label.
EXPECTED RESULT
- Legacy items should be searchable at least by their legacy path and label.
SOFTWARE/OS VERSIONS
KDE Frameworks Version: 5.97.0
PROPOSAL:
Expose a read-only virtual attribute `org.kde.kwalletd5:label` for all legacy
items. The value of this attribute should be the same as the `Label` property
of the item, which includes its legacy path. For example, an item created as
"mypassword" under folder "MyFolder", would have `org.kde.kwalletd5:label`
equal to "MyFolder/mypassword". Items should be searchable by this attribute
using the `org.freedesktop.Secret.Service.SearchItems()` and
`org.freedesktop.Secret.Collection.SearchItems()` methods.
ADDITIONAL INFORMATION
Legacy entries that were created with the old `org.kde.kwalletd5` are
enumerated via the `org.freedesktop.Secret.Service.Collections` and
`org.freedesktop.Secret.Collection.Items` properties:
https://specifications.freedesktop.org/secret-service/latest/re01.html
https://specifications.freedesktop.org/secret-service/latest/re02.html
However, they are not listed by label or path, and their DBus paths are based
on their index within the collection, not the legacy path. For example, a
password created as "Foo/test" may show up only as
`/org/freedesktop/secrets/collection/<name-of-wallet>/0`. The item index is not
trivial to determine. Furthermore, they lack any attributes, so are not
searchable with the `SearchItems()` methods (which can only search by
attributes).
This is correct behavior per the Secret Service API specification, as the
intention of the API was to search items by their attributes. But the legacy
`org.kde.kwalletd5` API does not support specifying attributes.
Exposing a searchable virtual attribute `org.kde.kwalletd5:label` for all
legacy items would allow the legacy items to be easily accessed via the Secret
Service API. Each client app or library (including but not limited to
QtKeyChain) can then migrate legacy items to their new Secret Service location
as needed. Client apps would not need QtKeyChain or some other tool to migrate
for them (though it's still possible). This approach also guarantees that the
source and target locations are in the same backend, so items won't be
unintentionally migrated from one secrets store to some other (such as from old
KWallet to Gnome keyring).
--
You are receiving this mail because:
You are watching all bug changes.
