slack.sh: Ensure existence of secret service#338
Open
siddhpant wants to merge 1 commit intoflathub:masterfrom
Open
slack.sh: Ensure existence of secret service#338siddhpant wants to merge 1 commit intoflathub:masterfrom
siddhpant wants to merge 1 commit intoflathub:masterfrom
Conversation
Slack stores its token in the keyring and reads from it at application start (in the same way as chromium). We can have cases where the secret service does not exist at some point of time, because the keyring provider is another non-DE program, like keepassxc. And this can especially happen on startup - both keepassxc and Slack would be startup applications, and there is no ordering enforced by (let's say) GNOME. Keyring is available for access only when keepassxc gets started. So it must start earlier. But due to lack of ordering, Slack could start before keepassxc. Since Slack won the race, it can't use the secret service (i.e. the keyring access would fail), and thus can't see the token. When that happens, Slack resets the session. And even upon subsequent availability of the secret service, Slack does not restore the session, even after gaining access to the keyring / token - the destruction of the session is stored somewhere outside I think, so it disregards the token or does not attempt to connect using it. So let's ensure the existence of the keyring before actually starting Slack. Yes, this is kind of an upstream bug, but we can "fix" this up in our scripts. Signed-off-by: Siddh Raman Pant <25429745+siddhpant@users.noreply.github.com>
Contributor
|
🚧 Test build enqueued. |
Contributor
|
🚧 Started test build. |
Author
|
What I currently do to mitigate the startup race is to use a wrapper script which calls flatpak after a sleep of 5 seconds. But I think it's better if we can just add it in here for a more general mitigation. I am a noob to flatpak dev, so I did not test this though. Please let me know if I put this in the wrong place. |
Contributor
|
🚧 Test build succeeded. To test this build, install it from the testing repository: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Slack stores its token in the keyring and reads from it at application start (in the same way as chromium).
We can have cases where the secret service does not exist at some point of time, because the keyring provider is another non-DE program, like keepassxc.
And this can especially happen on startup - both keepassxc and Slack would be startup applications, and there is no ordering enforced by (let's say) GNOME.
Keyring is available for access only when keepassxc gets started. So it must start earlier. But due to lack of ordering, Slack could start before keepassxc.
Since Slack won the race, it can't use the secret service (i.e. the keyring access would fail), and thus can't see the token.
When that happens, Slack resets the session. And even upon subsequent availability of the secret service, Slack does not restore the session, even after gaining access to the keyring / token - the destruction of the session is stored somewhere outside I think, so it disregards the token or does not attempt to connect using it.
So let's ensure the existence of the keyring before actually starting Slack.
Yes, this is kind of an upstream bug, but we can "fix" this up in our scripts.