Release fix for password storage.

https://launchpad.net/bugs/1997168 

3 files changed, 85 insertions, 1 deletions

diff --git a/firstrun/password-en.html b/firstrun/password-en.html
new file mode 100644
index 0000000..39a7f07
--- /dev/null
+++ b/firstrun/password-en.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <title>A note about Chromium password storage</title>
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+ <meta charset="UTF-8">
+ <style>*{background-color:linen}tt{background-color:lightgray}pre code{display:block;background-color:lightgray}</style>
+</head>
+<body>
+
+<h1>Password storage in Chromium</h1>
+ <p>
+ Password storage via the Gnome keyring has been fixed,
+ but for it to work, you have to rename your old
+ <tt>/home/{your-user-name}/snap/chromium/common/chromium/Default/Login Data</tt>
+ file so that a new, working one can replace it.
+ </p>
+
+ <p>
+ We suggest you to rename it to <tt>Login Data.old</tt>. You can do
+ so through your file manager or by opening a terminal and entering
+ </p>
+
+ <pre><code>cd ~/snap/chromium/common/chromium/Default/
+mv "Login Data" "Login Data.old"</code></pre>
+
+ <p>
+ This way, in case something goes wrong (and please file a bug report if
+ so), you can always reverse the action:
+ </p>
+
+ <pre><code>cd ~/snap/chromium/common/chromium/Default/
+cp "Login Data.old" "Login Data"</code></pre>
+
+<hr>
+
+ <b>
+ <p>
+ Disable this message by creating the file
+ </p>
+
+ <pre><code>/home/{your-user-name}/snap/chromium/common/chromium/Default/Login Data.old</code></pre>
+ </b>
+</body>
+</html>
diff --git a/launcher/chromium.launcher b/launcher/chromium.launcher
index ad0bab3..fe69300 100755
--- a/launcher/chromium.launcher
+++ b/launcher/chromium.launcher
@@ -66,14 +66,35 @@ if [ -d "$SNAP_POLICIES" ]; then
 fi
 fi
 
+# With libsecret 19, Chromium stopped being able to store passwords encrypted
+# with the keyring (https://gitlab.gnome.org/GNOME/libsecret/-/issues/49).
+# This leaves the user with a "invalid" Login Data (passwords file).
+# The issue was fixed, but for it to work the invalid file must be moved away.
+# Ref: https://launchpad.net/bugs/1997168
+warn_password_fixed() {
+ passwords="$SNAP_USER_COMMON/chromium/Default/Login Data"
+ oldpasswords="$passwords.old"
+ if [ ! -e "$oldpasswords" ]; then
+ if [ ! -s "$passwords" ]; then
+ mkdir -p "$(dirname "$oldpasswords")"
+ printf "%s\n" "This is a placeholder file to disable password
+ storage informational note." > "$oldpasswords"
+ else
+ PASSWORD_PAGE="$SNAP/firstrun/password-en.html"
+ fi
+ fi
+}
+
 # Specify that no encrypted password store (keyring) should be used when the
 # password-manager-service interface is not plugged, because Chromium won't
 # fall back to the basic store (no encryption) if it fails to talk to the
 # default password store for the current desktop environment.
 # Ref: https://launchpad.net/bugs/1763829
-PASSWORD_STORE=basic
 if snapctl is-connected password-manager-service; then
 PASSWORD_STORE= # an empty string means detect the store based on the current DE (os_crypt::SelectBackend())
+ warn_password_fixed # inserting this here to avoid double call to snapctl
+else
+ PASSWORD_STORE=basic
 fi
 
 # Custom version string for chrome://version
@@ -108,6 +129,9 @@ if [ $WANT_HEADLESS -eq 0 ] ; then
 if [ ! -z "$FIRSTRUN_PAGE" ]; then
 set -- "$@" "$FIRSTRUN_PAGE"
 fi
+ if [ ! -z "$PASSWORD_PAGE" ]; then
+ set -- "$@" "$PASSWORD_PAGE"
+ fi
 fi
 
 case "$CHROMIUM_FLAGS" in
diff --git a/snapcraft.yaml b/snapcraft.yaml
index e8d7376..53aa82c 100644
--- a/snapcraft.yaml
+++ b/snapcraft.yaml
@@ -277,6 +277,8 @@ parts:
 $SNAPCRAFT_PART_SRC/chrome/app/resources/manpage.1.in \
 > $SNAPCRAFT_PART_INSTALL/man1/chrome.1
 gzip -9n $SNAPCRAFT_PART_INSTALL/man1/chrome.1
+ stage:
+ - -usr/lib/*/libsecret-*
 prime:
 - -etc/init.d
 - -etc/xdg
@@ -337,6 +339,19 @@ parts:
 cd usr/bin
 ln -s /usr/bin/xdg-open xdg-email
 
+ libsecret:
+ source: https://gitlab.gnome.org/GNOME/libsecret.git
+ source-depth: 1
+ source-tag: '0.20.5'
+ plugin: meson
+ meson-parameters:
+ - --prefix=/usr
+ - -Dgtk_doc=false
+ - -Dmanpage=false
+ - -Dgcrypt=false # https://gitlab.gnome.org/GNOME/libsecret/-/issues/49
+ stage:
+ - usr/lib/*/libsecret-*
+
 # VA-API drivers for HW-accelerated video decoding
 va-drivers:
 plugin: nil