https://bugs.kde.org/show_bug.cgi?id=458085
--- Comment #26 from michaelk83 <mk.mat...@gmail.com> --- (In reply to nic.chris...@gmail.com from comment #25) > (In reply to michaelk83 from comment #20) > > And two other experiments: > > 1. After providing the passphrase, if you close the wallet, and then launch > > that app again, do you get the delay again? > No, I don't get any delay in that case. In fact I don't get a prompt at all, > and secrets can be read correctly. > > > 2. If you load the key/passphrase into gpg-agent before accessing KWallet > > for the 1st time, do you still get the delay? > No, I do not get the delay in this case. I don't get any prompt and the > secrets > can be read correctly. Thanks! This confirms that the problem step is when gpg-agent tries to load the key/passphrase for the first time. Once it's loaded and cached in gpg-agent, further use bypasses Secret Service and works as expected. > > could you run `dbus-monitor "destination=org.freedesktop.secrets" > > "sender=org.freedesktop.secrets"` before launching the app that tries to > > access KWallet, and until the passphrase prompt shows up? > > ... > if I run dbus-monitor on a console before I log into KDE, I get the > following output before the prompt for the wallet password appears: > > ... > method call time=1661782321.269761 sender=:1.378 -> destination=:1.371 > serial=7 path=/org/freedesktop/secrets; > interface=org.freedesktop.DBus.Properties; member=GetAll > string "org.freedesktop.Secret.Service" > method call time=1661782346.297437 sender=:1.378 -> destination=:1.371 > serial=8 path=/org/freedesktop/secrets; > interface=org.freedesktop.Secret.Service; member=OpenSession > string "dh-ietf1024-sha256-aes128-cbc-pkcs7" > variant array of bytes [ > <redacted> > ] > Presumably, this is gpg-agent trying to open a session with Secret Service, to retrieve the key passphrase. If this is the only output, then it seems kwalletd is stuck on the `OpenSession` call until it eventually times out. Then gpg-agent gives up and shows the prompt. So short-circuiting `OpenSession` while waiting on GPG should fix this, IMO. It should return something like `InvalidMethodCall`, or simply `NotSupported`. Also, the GPG unlock call needs to be asynchronous, so it won't block the Secret Service API handler. The two lines of interest are: https://invent.kde.org/frameworks/kwallet/-/blob/master/src/runtime/kwalletd/kwalletfreedesktopservice.cpp#L261 and https://invent.kde.org/frameworks/kwallet/-/blob/master/src/runtime/kwalletd/backend/backendpersisthandler.cpp#L625 (or one of its callers, see the backtrace in comment 15). I don't have an environment set up to make a patch, but hopefully @Nicolas Fella or someone else can pick this up from here. Btw, there's another small bug in `kwalletfreedesktopservice.cpp` line 264 - according to the specs, it should return `org.freedesktop.DBus.Error.NotSupported`, instead of `InvalidArgs`: https://specifications.freedesktop.org/secret-service/latest/ch07.html#idm46274163163312 > If a service does not support a specific set of algorithms, a > org.freedesktop.DBus.Error.NotSupported > error is returned, and the client is free to try another set of algorithms. -- You are receiving this mail because: You are watching all bug changes.
