-
Notifications
You must be signed in to change notification settings - Fork 208
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
backintime-qt: Fails to access password with new keyring package (ChainerBackend not supported) #1410
Comments
Thanks for logging this so prominently here. I support the proposed fix. In regards to Debian we are a bit in a hurry as Bookworm, the upcoming stable release, will enter the hard freeze phase on March, 12th which means the fix should have been applied in Debian before this date. Regards, Sven |
fixes can be applied as debian/patches with new upload also after the hard freeze (if maintainer will accept them), packages with autopkgtests have migration of 20 days and other will need request unblock to release team, and after full freeze need request unblock all. |
@Fantu I have now prepared and tested the fix to support the chainer backend in my PR #1413. Could you please have a look at my changes (not much code changed, but more comments ;-) We could prepare a new release or the changes could be applied via a patch from the diff: |
@aryoda, I built a Debian package containing your patch in my local environment though tests unfortunately failed. Test Result DetailsChainerBackend is recognized as supported now and a password is reportedly available while unlocking the SSH private key fails. Even after having stored the password anew (via the GUI) a restarted instance of BiT fails to unlock the SSH private key. A GUI dialog says
Debug output says
Hope this helps to hunt down the issue. Sven |
@aryoda, further tests revealed the above problem only appears when the "Cache Password for Cron" option is checked in the settings dialog. |
THX a lot for testing my proposed fix with different scenarios! The "Cache Password for Cron" setting is completely independent of the keyring:
https://backintime.readthedocs.io/en/latest/settings.html#ssh AFAIR the password cache uses
I need to exactly understand your testing scenario to investigate this:
Edit:
|
I cannot confirm this. With BiT 1.3.3 and python3-keyring configured like
everything worked without issues for me.
This is correct. In addition two background processes are started.
Correct.
Both options have been checked.
It happens when I start up the GUI for the first time after having logged in to the desktop. It is reproducible by killing the background process
and then starting up the GUI again.
After having confirmed the error message it is enough to store the unchanged config again, without typing in the password. Every restart of Bit works fine as long as the pw-chache process is running. No backup have been started during all this.
With only "Save Password to Keyring" everything works flawlessly.
No (see my first statement in this post posting). I even cloned your repo https://github.com/aryoda/backintime and built branch 1410-add-chainer-keyring-support. This version of BiT shows the same behaviour as my patched Debian build. You should be able to reproduce things in your environment therefore. Happy to help with more testing if needed. |
More details: The problem also disappears in case I start up the background process
explicitly from the command line, before calling |
@aryoda, please accept my apologies! All the above was result of my way testing things. After a reboot of my machine my patched Debian package worked as expected. Why killing the background process and then running backintime-qt behaves different is a separate issue. |
@68420948 THX a lot for investing so much time (and no need to apology for anything, things are complicated and I have learned a lot debugging the source code and hope to write a little documentation about the password cache and keyring things one day)
We have an open issue with quite a similar observation (but still not reproducible on our side): I also had some strange effects with the pw cache but could not reproduce it so I could not find the the reason... |
The fix was committed to the dev branch in March 5, 2023 so I close this issue now. If a new problem should occur using the fixed version please open a new issue. |
Overview
A bug report at Debian (many thanks to Sven Geuer) and also others here (see tag
Keyrings
) showed thatthe new
ChainerBackend
of thekeyring
package is now the default backend and it is not supported in BiT(which white-lists the supported keyring backends).
Symptoms
Logging output (DEBUG log level):
For details see also this FR #1330 which explains the backgrounds.
Proposed fix
I propose to fix this bug ASAP by enabling
ChainerBackend
support in BiT.I had already documented and prepared this fix three months ago:
backintime/common/tools.py
Lines 889 to 897 in e22c7f2
Chainer
will loop over all installed keyring backends (password safes) and tries to find the requested password:https://github.com/jaraco/keyring/blob/7ffff5b285d6f9d9b8cba33a9d5e9071cdd507b9/keyring/backends/chainer.py#L47-L51
Possibly unwanted side-effect: Setting a password uses the highest-ranked password safe (if more than one is installed) so updating a password may leave the old password in a lower-ranked password safe untouched and create a new entry in another higher-ranked password safe. This "change in password-safe ranking" may e.g. occur if another password safe is installed...
https://github.com/jaraco/keyring/blob/7ffff5b285d6f9d9b8cba33a9d5e9071cdd507b9/keyring/backends/chainer.py#L53-L58
Alternatives
Probe the supported backends for already stored BiT credentials and choose the matching backend automatically
(if only one: How to cope with password in different password safes if BiT does only pick one?)
BiT could update an existing password in the same backend where the old password exists
(may not be the same backend chosen by ChainerBackend!)
The text was updated successfully, but these errors were encountered: