I am running the gnome3 desktop and using mailnag.
Recently mailnag was upgraded from 1.3.0 to 2.0.0. Part of this changed
involved going from using libgnome-keyring to libsecret.
Since then, mailnag does not remember passwords between sessions. When I run mailnag-config the password fields are empty, and when I fill them in mailnag it restarts and runs correctly. However when I rerun mailnag-config or restart my login session the passwords disappear and mailnag warns the the passwords are invalid.
Seahorse shows the passwords when i look them up. I can’t figure out how to do a wildcard search in secret-tool to see if it can find them.
Is there a problem with the setup for gnome-keyring-demon which seem to be working for everything else.
This may not be the answer you may look for, but: I just moved to Gnome from a tiling WM and using mailnag has been one of the delights I always craved for, that’s why I wrote #85979. TIL, that installing mailnag plugins such as the one for Gnome’s online accounts, is not trivial for NixOS (as usual). That’s why I wrote:
https://github.com/NixOS/nixpkgs/pull/94202
I think gnome online accounts is a way to hook things like your google account to gnome. I don’t have any online account set up through Gnome. The gnome keyring is a way to store general confidental
information in an encrypted form in a store which gets unlocked with your password when you log in.
Gnome used to use libgnome-keyring API to store that information. Since 2014 this was replaced with libsecret. I know that other programs like gpg store info using the gnome keyring, and I can look at info using the seahorse application that was put there by gpg and mailnag. However when mailnag changed from 1.3.0 to 2.0.0 it replaced the libgnome-keyring3 code with libsecret, and mailnag could not save passwords anymore. The Gnome documentation references this change obsolescing libgnome-keyring and support for libsecrets but I cannot find anything about how this all works. Is the Gnome Keyring now supposed to support libsecrets? Is there a new daemon?
I just hoped someone here could clarify what is expected.
1 Like
@barryfm I understand your issue, no need to repeat yourself both here and at the PR. I’ve just tested mailnag with a Gmail account and with the online-accounts plugin disabled: I created the account, rebooted and I was able to see the account there again and had no passwords errors.
There is. Let’s ask some questions:
- Do you have seahorse enabled?
- What more
services.gnome3.* do you have enabled?
- What do these commands print:
echo $XDG_DATA_DIRS | sed 's/:/\n/g' | sort -u
echo $GI_TYPELIB_PATH | sed 's/:/\n/g' | sort -u
?
1 Like
Sorry about repeating myself. I shouldn’t have posted to the PR.
I do not have seahorse enabled. This is the first time I have heard that seahorse worked as a service. I had thought it was just an GUI application.
echo $XDG_DATA_DIRS | sed 's/:/\n/g' | sort -u
etc/profiles/per-user/barry/share
/home/barry/.nix-profile/share
/nix/store/01djnnw9gh2cazjr1nqakazdsag8xsc0-ibus-1.5.21/share
/nix/store/01djnnw9gh2cazjr1nqakazdsag8xsc0-ibus-1.5.21/share/gsettings-schemas/ibus-1.5.21
/nix/store/1181hzayb3bw71s2vlhid69npy0spik3-libgweather-3.34.0/share/gsettings-schemas/libgweather-3.34.0
/nix/store/79s3dn1snyvblcd0g21k69pz1wj699wj-gsettings-desktop-schemas-3.34.0/share/gsettings-schemas/gsettings-desktop-schemas-3.34.0
/nix/store/9apjfg5bh1d4rp268dvrwv7gwnid266h-mutter-3.34.6/share/gsettings-schemas/mutter-3.34.6
/nix/store/9p353v37zghdh1k7d0gsna7phgvwwl69-evolution-data-server-3.34.4/share/gsettings-schemas/evolution-data-server-3.34.4
/nix/store/a9h152qh8lkdad41lsmav7mm95w44812-network-manager-applet-1.8.24/share
/nix/store/ar60sfi23bmlzx79q8w0751wbgbr2bgm-gnome-settings-daemon-3.34.2/share/gsettings-schemas/gnome-settings-daemon-3.34.2
/nix/store/awrdsxmr9zmy9p4shy7kly7w6nh862li-gdm-3.34.1/share/gsettings-schemas/gdm-3.34.1
/nix/store/crs7zzp337d84g5nxzbqid9nbkda72jq-gnome-shell-extensions-3.34.2/share/gsettings-schemas/gnome-shell-extensions-3.34.2
/nix/store/gy6paf4sj8xakx1lyshcl7yibrg5s8iy-gnome-terminal-3.34.2/share
/nix/store/gy6paf4sj8xakx1lyshcl7yibrg5s8iy-gnome-terminal-3.34.2/share/gsettings-schemas/gnome-terminal-3.34.2
/nix/store/hxs5qmc5dvqh8prqaiw3iaig389ikb3r-gnome-shell-3.34.5/share
/nix/store/hxs5qmc5dvqh8prqaiw3iaig389ikb3r-gnome-shell-3.34.5/share/gsettings-schemas/gnome-shell-3.34.5
/nix/store/iabiw73qjpzc3pdb3dxxy67mfh2bq7a9-nautilus-3.34.3/share/gsettings-schemas/nautilus-3.34.3
/nix/store/ii6xlybrjqmixw6m228v0hkvfl8ifg9j-gnome-bluetooth-3.34.1/share
/nix/store/iswss4xpllmd4x5szj4ya1fjvxzx881y-network-manager-applet-1.8.24-lib/share/gsettings-schemas/network-manager-applet-1.8.24
/nix/store/j1aann2dzgnd9q5dk4qk03dhjinmknpp-telepathy-logger-0.8.2/share/gsettings-schemas/telepathy-logger-0.8.2
/nix/store/kim0q9jqqcgqn2n97rz9p7q7yraq4nmj-gnome-clocks-3.34.0/share
/nix/store/kim0q9jqqcgqn2n97rz9p7q7yraq4nmj-gnome-clocks-3.34.0/share/gsettings-schemas/gnome-clocks-3.34.0
/nix/store/m3xlgsji0jvpa2kibz4c3m5lbnnxv6k5-hicolor-icon-theme-0.17/share
/nix/store/m7c2qnp60ghng6xzmh0mrpcbflgah0rv-adwaita-icon-theme-3.34.3/share
/nix/store/mmswyr5l5kcr251iq94v3x8kc1bjmwf2-gnome-mimeapps/share
/nix/store/nk5s9rbqq0lb8g4gkhm1i6rf60igjva1-gpaste-3.34.1/share/gsettings-schemas/gpaste-3.34.1
/nix/store/paxgi6ajzwqm11cm3bpkxaql009bi51q-gnome-session-3.34.2/share
/nix/store/paxgi6ajzwqm11cm3bpkxaql009bi51q-gnome-session-3.34.2/share/gsettings-schemas/gnome-session-3.34.2
/nix/store/s3hp0m6j793p2shlj59alm87sp79z2zv-gnome-keyring-3.34.0/share/gsettings-schemas/gnome-keyring-3.34.0
/nix/store/syrw9vbnjwkv2px07gfbc2715fpvx06r-gtk+3-3.24.21/share
/nix/store/syrw9vbnjwkv2px07gfbc2715fpvx06r-gtk+3-3.24.21/share/gsettings-schemas/gtk+3-3.24.21
/nix/store/wadi8s0908mcxb7dlfgr7rk0amd4bvin-gjs-1.58.8/share/gsettings-schemas/gjs-1.58.8
/nix/store/xq0nsv2vj26v1icl8pwqa54bs854z7l7-cups-2.3.3/share
/nix/store/y8zplr8a7r2nynmm0vwzsb3wgmm5srfr-shared-mime-info-1.13.1/share
/nix/store/ylx1d6mm523ydihm4zi6n6dm4is23lp4-gcr-3.34.0/share
/nix/store/ylx1d6mm523ydihm4zi6n6dm4is23lp4-gcr-3.34.0/share/gsettings-schemas/gcr-3.34.0
/nix/var/nix/profiles/default/share
/run/current-system/sw/share
echo $GI_TYPELIB_PATH | sed 's/:/\n/g' | sort -u
nix/store/01djnnw9gh2cazjr1nqakazdsag8xsc0-ibus-1.5.21/lib/girepository-1.0
/nix/store/1181hzayb3bw71s2vlhid69npy0spik3-libgweather-3.34.0/lib/girepository-1.0
/nix/store/2j71zkvld1r8vhyk44xilcid9sybjpqw-gstreamer-1.16.2/lib/girepository-1.0
/nix/store/2j7zb8qsxw4m4myhq3cgy19d627zvkqd-upower-0.99.11/lib/girepository-1.0
/nix/store/789ac60d8hdyhgbi5arx26m34zp410ik-gst-plugins-base-1.16.2/lib/girepository-1.0
/nix/store/79s3dn1snyvblcd0g21k69pz1wj699wj-gsettings-desktop-schemas-3.34.0/lib/girepository-1.0
/nix/store/8b20phgy2df14a79xhcc1axfj6izgmnk-at-spi2-core-2.34.0/lib/girepository-1.0
/nix/store/8cwavgbqy7zql30qyw27kd5pvii9wn2b-telepathy-glib-0.24.1/lib/girepository-1.0
/nix/store/9p353v37zghdh1k7d0gsna7phgvwwl69-evolution-data-server-3.34.4/lib/girepository-1.0
/nix/store/adz7ks9j187dzbd1qpnx0jbr5brc6lfw-json-glib-1.4.4/lib/girepository-1.0
/nix/store/awrdsxmr9zmy9p4shy7kly7w6nh862li-gdm-3.34.1/lib/girepository-1.0
/nix/store/cklz5y6rqcd0c93r85jibpypf9xywlkz-libgudev-233/lib/girepository-1.0
/nix/store/flvlzs0z0fnc1zsnr9241biz7xwlmpc4-pango-1.44.7/lib/girepository-1.0
/nix/store/gqqny2pl5zrhcnykspaah25zsacvymgi-accountsservice-0.6.55/lib/girepository-1.0
/nix/store/hm3c159y0q2fslqq328gcmkfnwxmpmhx-gnome-autoar-0.2.4/lib/girepository-1.0
/nix/store/ii6xlybrjqmixw6m228v0hkvfl8ifg9j-gnome-bluetooth-3.34.1/lib/girepository-1.0
/nix/store/iswss4xpllmd4x5szj4ya1fjvxzx881y-network-manager-applet-1.8.24-lib/lib/girepository-1.0
/nix/store/ixyxjxyrbnv5ii259winl2l7dpbig8dm-gobject-introspection-1.62.0/lib/girepository-1.0
/nix/store/j1aann2dzgnd9q5dk4qk03dhjinmknpp-telepathy-logger-0.8.2/lib/girepository-1.0
/nix/store/jslgzyrv01cq2km0fxpp5vnn8w3gz6w9-polkit-0.116/lib/girepository-1.0
/nix/store/kh689v6iz7h9hljqx769imb4xd7q4wbc-clutter-1.26.4/lib/girepository-1.0
/nix/store/nk5s9rbqq0lb8g4gkhm1i6rf60igjva1-gpaste-3.34.1/lib/girepository-1.0
/nix/store/nmsb3s1mgzvmr2jflky1lzs6k6kv3j1z-gnome-desktop-3.34.7/lib/girepository-1.0
/nix/store/p1d2c82dfy4kn8wgp5np0x5dy7ixi97q-libical-3.0.7/lib/girepository-1.0
/nix/store/qiblx8fknsb45yfzwm3c19qv8dph1qyw-geoclue-2.5.5/lib/girepository-1.0
/nix/store/qpxrlwdjai5pnbks3ryc693zas49qf7c-librsvg-2.46.4/lib/girepository-1.0
/nix/store/rd3s91pyy3p1nwkzpkamx62szhryw4q1-network-manager-1.22.14/lib/girepository-1.0
/nix/store/syrw9vbnjwkv2px07gfbc2715fpvx06r-gtk+3-3.24.21/lib/girepository-1.0
/nix/store/vfzafmq3skvpa5332vjzwi0rqvpilbvs-libsoup-2.68.4/lib/girepository-1.0
/nix/store/w9hbx5lgl4b2d7n4p0sjn34jxpja9i1d-cogl-1.22.8/lib/girepository-1.0
/nix/store/ylx1d6mm523ydihm4zi6n6dm4is23lp4-gcr-3.34.0/lib/girepository-1.0
/nix/store/z3pjmsmk60wg3bklnndra12g7lgq3fik-atk-2.34.1/lib/girepository-1.0
/nix/store/zc66pg8gzxx7i5s7jc4cr3nkyx8vsnk2-gdk-pixbuf-2.40.0/lib/girepository-1.0
/nix/store/ziqyf7pcmhw2clyjlvbar8k8zfv4wghp-libsecret-0.20.3/lib/girepository-1.0
I enabled the seahorse service in gnome3 and things now are working. Thank you very much for your help.
I used:
programs.seahorse.enabled = true;
services.gnome3 = {
...
seahorse.enabled = true;
};
I’m not sure if both is needed.
After looking explicitly for the seahorse service I found web references. However, it was not mentioned
in reference to the obsoleting of libgnome-keyring in the gnome3 documentation or in the NixOS manual’s short reference to enabling the gnome3 desktop. I also find no references to how it should be setup, since it has a program.seahorse.enable flag and could be listed in services.gnome3 or maybe even services.dbus.packages. Often the nixpkgs code allows for multiple ways, but its a bit confusing there are few NixOS wide published conventions. This seems like something the NixOS manual could do.
Hi, GNOME maintainer in nixos here 
services.gnome3.seahorse.enable was renamed to programs.seahorse.enable in 20.03 IIRC. So they would do exactly the same thing.
As far as I can tell, I’m don’t think I have a clue how enabling seahorse fixed your issue. Unless you used seahorse to modify your login keyring somehow.
1 Like
I spoke to soon. The confusing part is that in the seahorse app the Default keyring is show as locked,
but I can quickly unlock it just by clicking on the lock symbol, without asking me for a password. If I then restart mailnag it works fine. The paswords involved are in the Default_keyring.
So it knows the password, it just does not unlock it at login.
If this works OK for others, then its probably not a NixOS issue. I have brought up the issue on the gnome-list to see if they input about what is going on.
Do you have any of these options enabled: NixOS Search ?
This was not a problem in my nix setup.
After I looked at the key setup on a Fedora and an Arch system I noticed that these did not have a Default_keyring, and all the passwords were in the Login keyring. The Login keyring only had a key to unlock the Default_keyring. I then:
- Deleted all the mailnag keys in the default keyring.
- Right clicked on the Login keyring and made it the default keyring
- Ran mailnag-config and reentered my passwords.
The new entries ended up in the Login keyring, and when I rebooted and logged in mailnag was
able to find them.
I’m not sure how the keyrings got set up the way they did, but I have been running Gnome from before the time that the pam setup had been worked out and I was regularly prompted by the gnome-keyring for my password every time I logged in.
Thanks for the help and sounding board to work out the issue. At least there is some documentation on the net about a solution. I know I looked a long time and found nothing.
1 Like
Yep, the keyring getting unlocked on login used to be a problem in nixos and we fixed that a couple releases back. So it’s likely that is exactly what happened.