From 5c5c764a5b84d8c7fee2445ac2268904e19092ab Mon Sep 17 00:00:00 2001From: Nathan Pratta Teodosio <nathan.teodosio@canonical.com>Date: Wed, 18 Jan 2023 16:49:24 -0300Subject: Release fix for password storage.https://launchpad.net/bugs/1997168--- firstrun/password-en_html | 45 +++++++++++++++++++++++++++++++++++++++++++++ launcher/chromium.launcher | 26 +++++++++++++++++++++++++- snapcraft.yaml | 15 +++++++++++++++ 3 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 firstrun/password-en_htmldiff --git a/firstrun/password-en_html b/firstrun/password-en_htmlnew file mode 100644index 0000000..39a7f07--- /dev/null+++ b/firstrun/password-en_html@@ -0,0 +1,45 @@+<!DOCTYPE html>+<html>+<head>+ <title>A note about Chromium password storage</title>+ <meta name="viewport" content="width=device-width, initial-scale=1.0">+ <meta charset="UTF-8">+ <style>*{background-color:linen}tt{background-color:lightgray}pre code{display:block;background-color:lightgray}</style>+</head>+<body>++<h1>Password storage in Chromium</h1>+ <p>+ Password storage via the Gnome keyring has been fixed,+ but for it to work, you have to rename your old+ <tt>/home/{your-user-name}/snap/chromium/common/chromium/Default/Login Data</tt>+ file so that a new, working one can replace it.+ </p>++ <p>+ We suggest you to rename it to <tt>Login Data.old</tt>. You can do+ so through your file manager or by opening a terminal and entering+ </p>++ <pre><code>cd ~/snap/chromium/common/chromium/Default/+mv "Login Data" "Login Data.old"</code></pre>++ <p>+ This way, in case something goes wrong (and please file a bug report if+ so), you can always reverse the action:+ </p>++ <pre><code>cd ~/snap/chromium/common/chromium/Default/+cp "Login Data.old" "Login Data"</code></pre>++<hr>++ <b>+ <p>+ Disable this message by creating the file+ </p>++ <pre><code>/home/{your-user-name}/snap/chromium/common/chromium/Default/Login Data.old</code></pre>+ </b>+</body>+</html>diff --git a/launcher/chromium.launcher b/launcher/chromium.launcherindex ad0bab3..fe69300 100755--- a/launcher/chromium.launcher+++ b/launcher/chromium.launcher@@ -66,14 +66,35 @@ if [ -d "$SNAP_POLICIES" ]; then fi fi+# With libsecret 19, Chromium stopped being able to store passwords encrypted+# with the keyring (https://gitlab.gnome.org/GNOME/libsecret/-/issues/49).+# This leaves the user with a "invalid" Login Data (passwords file).+# The issue was fixed, but for it to work the invalid file must be moved away.+# Ref: https://launchpad.net/bugs/1997168+warn_password_fixed() {+ passwords="$SNAP_USER_COMMON/chromium/Default/Login Data"+ oldpasswords="$passwords.old"+ if [ ! -e "$oldpasswords" ]; then+ if [ ! -s "$passwords" ]; then+ mkdir -p "$(dirname "$oldpasswords")"+ printf "%s\n" "This is a placeholder file to disable password+ storage informational note." > "$oldpasswords"+ else+ PASSWORD_PAGE="$SNAP/firstrun/password-en_html"+ fi+ fi+}+ # Specify that no encrypted password store (keyring) should be used when the # password-manager-service interface is not plugged, because Chromium won't # fall back to the basic store (no encryption) if it fails to talk to the # default password store for the current desktop environment. # Ref: https://launchpad.net/bugs/1763829-PASSWORD_STORE=basic if snapctl is-connected password-manager-service; then PASSWORD_STORE= # an empty string means detect the store based on the current DE (os_crypt::SelectBackend())+ warn_password_fixed # inserting this here to avoid double call to snapctl+else+ PASSWORD_STORE=basic fi # Custom version string for chrome://version@@ -108,6 +129,9 @@ if [ $WANT_HEADLESS -eq 0 ] ; then if [ ! -z "$FIRSTRUN_PAGE" ]; then set -- "$@" "$FIRSTRUN_PAGE" fi+ if [ ! -z "$PASSWORD_PAGE" ]; then+ set -- "$@" "$PASSWORD_PAGE"+ fi fi case "$CHROMIUM_FLAGS" indiff --git a/snapcraft.yaml b/snapcraft.yamlindex c70ea2a..514e7d9 100644--- a/snapcraft.yaml+++ b/snapcraft.yaml@@ -277,6 +277,8 @@ parts: $SNAPCRAFT_PART_SRC/chrome/app/resources/manpage.1.in \ > $SNAPCRAFT_PART_INSTALL/man1/chrome.1 gzip -9n $SNAPCRAFT_PART_INSTALL/man1/chrome.1+ stage:+ - -usr/lib/*/libsecret-* prime: - -etc/init.d - -etc/xdg@@ -337,6 +339,19 @@ parts: cd usr/bin ln -s /usr/bin/xdg-open xdg-email+ libsecret:+ source: https://gitlab.gnome.org/GNOME/libsecret.git+ source-depth: 1+ source-tag: '0.20.5'+ plugin: meson+ meson-parameters:+ - --prefix=/usr+ - -Dgtk_doc=false+ - -Dmanpage=false+ - -Dgcrypt=false # https://gitlab.gnome.org/GNOME/libsecret/-/issues/49+ stage:+ - usr/lib/*/libsecret-*+ # VA-API drivers for HW-accelerated video decoding va-drivers: plugin: nil--cgit v1.2.3