~petrus/mailctl-discuss

3 2

Use with gnome-keyring/libsecret?

Stanislav Ochotnický <stanislav@ochotnicky.com>
Details
Message ID
<7e7cu1kqrt.fsf@ochotnicky.com>
DKIM signature
missing
Download raw message
I've noticed that the README mentions following:

> The Oauth2 credentials are kept encrypted using GNU PG. so it is
> assumed that an authorized gpg-agent is running. Alternatives like
> gnome-keyring might be used.

However after playing around with the config and even looking at the
source code a bit I don't see how it can work with gnome-keyring. I
haven't read through much Haskell before, so maybe I am missing something.

But I am seeing file operations in various places in
https://git.sr.ht/~petrus/mailctl/tree/main/item/lib/MailCtl/Authorization.hs#L87

Am I correct that the README is misleading and to support gnome-keyring
(or rather libsecret/secret-tool) it would require some rewor? Or does
someone have a gnome-keyring/secret-tool example they could share?

Thanks,

Stanislav Ochotnický
Peter Dobsan <pdobsan@gmail.com>
Details
Message ID
<lbealv2n7edcwb6e4wdbxrwewaonsbtgzrtj5dyapnrygqckbz@4zztbavhkq2e>
In-Reply-To
<7e7cu1kqrt.fsf@ochotnicky.com> (view parent)
DKIM signature
missing
Download raw message
On Mon, Apr 24, 2023 at 09:45:58PM +0200, Stanislav Ochotnický wrote:
> 
> I've noticed that the README mentions following:
> 
> > The Oauth2 credentials are kept encrypted using GNU PG. so it is
> > assumed that an authorized gpg-agent is running. Alternatives like
> > gnome-keyring might be used.

> Am I correct that the README is misleading and to support gnome-keyring
> (or rather libsecret/secret-tool) it would require some rewor? Or does

Well, "might be" is not "can be", neither it is "impossible" :-)

Before I wrote mailctl I used fdm from a cron script and played a bit with
gnome-keyring too. Using secret-tool this way is tricky. I wrote up the
results of my experiments in the archlinux wikipage for fdm
(https://wiki.archlinux.org/title/Fdm) see section "Running from cron".

In short, you need to write a wrapper script along the lines below:

...
# when using gnome's keyring
# secret-tool can't live without these two envvars
# so we fake them for the case this script runs in a cron job
export DISPLAY=${DISPLAY:-:0}
export DBUS_SESSION_BUS_ADDRESS=${DBUS_SESSION_BUS_ADDRESS:-unix:path=/run/user/$UID/bus}
...

> However after playing around with the config and even looking at the
> source code a bit I don't see how it can work with gnome-keyring. I
> haven't read through much Haskell before, so maybe I am missing something.
> 
> But I am seeing file operations in various places in

You are right, if you create above wrapper script you probably need to fake
some dummy gpgFile in order to be able to use it from the current mailctl.
Regarding the config.yaml I think one should be able to adjust it to a
secret-tool/wrapper script.

If you get this working with a wrapper script I have a look at it to see how
much rework would be needed to simplify things. No promises for the rework,
so far nobody asked for gnome-keyring.

  Peter
Details
Message ID
<87bke88c6d.fsf@hpfr.net>
In-Reply-To
<lbealv2n7edcwb6e4wdbxrwewaonsbtgzrtj5dyapnrygqckbz@4zztbavhkq2e> (view parent)
DKIM signature
missing
Download raw message
Attached are a functional wrapper script (tested with KeePassXC’s secret
service provider) and corresponding config.yaml. These could go in the
GitHub wiki or something; I don’t really know how you are managing
things currently, and since you said you might rework things to simplify
I just left it as an email.

The script does not set up any environment variables; I call mailctl
from an established graphical session, so this is not a problem for me.
It seems strange that secret-tool would rely on DISPLAY given that it is
a command line tool. Wayland sessions without Xwayland may not even set
this variable. Anyway, users can probably configure environment
variables necessary for their use case in the systemd unit or cron entry
or whatever happens to be calling mailctl with a restricted environment.

Thanks for making this tool.

—Liam
Details
Message ID
<bqrltckqqvurkaglrhg7y7q4i5fsmvzv4rij3snt24msm2zuwn@6mlzgaoej4xh>
In-Reply-To
<lbealv2n7edcwb6e4wdbxrwewaonsbtgzrtj5dyapnrygqckbz@4zztbavhkq2e> (view parent)
DKIM signature
missing
Download raw message
mailctl 0.9 just have been released and it can directly use the gnome
keyring. No wrapper script is needed, it should work both from command line
and from cron.

  Peter
Reply to thread Export thread (mbox)