Pithos flatpak and keyring

henrythemouse · March 15, 2023, 6:16pm

I’ve been using the pithos puros package from the repo, but it doesn’t look like it’s getting updated to the latest code and it’s not fully functional UI wise. There is a flatpak version of pithos which is posted by the developer and is always up-to-date. But, I can’t login because of a credentials issue:

Failed to Store Your Pandora Credentials

I contacted the developer, his response was:

This is probably a conversation to have with the Librem folks about their OS on why the keyring is locked. It may also be an issue to work out with gnome-keyring.

Has anyone managed to get the flatpak to work? Or does anyone have any suggestions about what I can do to fix the possible keyring problem?

irvinewade · March 15, 2023, 11:36pm

Well I guess if it were me, I would consider that to be a poor error message. So you would want to know more specifically what went wrong i.e. know what you are trying to fix (or more likely work around).

If it’s just a question of unlocking the keyring then you can unlock it manually before running the app. But, also, if this app is the only app using the keyring on your phone, do you even have a keyring?

So to clarify … is the keyring working properly (i.e. credentials in there and usable) when you use the repo version?

Just for sanity … are you using PureOS amber or byzantium?

lsb_release -c

henrythemouse · March 16, 2023, 1:14am

OK here’s what I have:

I have reinstalled gnome-keyring after first moving .local/share/keyrings. Then I rebooted. I had to create a new Password keyring (using seahorse), none had been created. Then I started pithos flatpak from the command line:

flatpak run io.github.Pithos

An Error message printed to the terminal:

ERROR - util:get_account_password:133 - Failed to lookup password sync, Error: g-io-error-quark: user interaction failed (0)

I then attempted to login, which failed, here’s the terminal output:

WARNING - pithos:_set_player_state:782 - Error changing player state from: NULL to: PAUSED

ERROR - util:on_password_store_finish:149 - Failed to store password, Error: g-io-error-quark: user interaction failed (0)

ERROR - util:get_account_password:133 - Failed to lookup password sync, Error: g-io-error-quark: user interaction failed (0)

When using the repo Pithos, running it from the command line, no terminal output is present and it logs in automatically. Of course the pass is kept in the Pithos config file, so that’s where Pithos is looking.

Now to try to answer some of your questions:

Unlocking or locking the Default keyring (using seahorse) makes no difference, the error messages are the same.

Looking at the previous keyring, there were entries from other apps in a file named Default_keyring.keyring. It is a text file, I had provided an empty pass when asked. Many apps were using it, but the current keyring has no entries.

There is an original saved keyring that is named Login.keyring that is binary, can’t read that one.

The repo version doesn’t use the keyring (maybe the flatpak ver isn’t either?).

I’m using the latest byzantium.

The more I look at this, the more it looks like a file permission error. Maybe I messed up the flatpak directory somehow.

Anyway, thanks for the quick response. BTW flatpak Pithos works fine on my desktop, after I installed gnome-keyring.

Sarcasmo220 · March 16, 2023, 1:51am

This is a shot in the dark as I’m no expert, but you could try replacing the flatpak config file with a copy of the repo config file and see if that works

irvinewade · March 16, 2023, 2:03am

The following looks similar: https://gitlab.gnome.org/World/Authenticator/-/issues/172

I’m not sure that it makes any sense to run an application in a sandbox environment but then to give it access to your keyring(s). At minimum you would need a dedicated keyring.

Can the software be persuaded to store its password in a text file?

henrythemouse · March 16, 2023, 2:27am

I’m not sure that it makes any sense to run an application in a sandbox environment but then to give it access to your keyring(s).

Indeed. And as it turns out my desktop installation has a file named:

~/.var/app/io.github.Pithos/data/keyrings/default.keyring

Looks like the desktop install provides a separate keyring just for Pithos. My L5 does not have this file. I tried coping over the desktop file, but that didn’t help. The desktop file is binary, indicating that it’s encrypted. Maybe that matters.

I’ll keep looking, thanks for the suggestion.

irvinewade · March 16, 2023, 3:03am

Note that it appears that the name of the default keyring is configurable. On my Librem 5 there is a file default that contains Default_keyring and then the latter is the actual .keyring file that contains my passwords. Maybe the default for default is default though.

henrythemouse · March 16, 2023, 3:05am

There seems to be a settings file here:

~/.var/app/io.github.Pithos/config/glib-2.0/settings/keyfile

Yet it’s a different format than the repo installed .ini file Pithos uses. I’ve tried to create one that follows the flatpak format. Never worked. Still, even on my desktop, this file does not contain the pass.

I’m considering purging flatpak on the L5 and re-installing it. I’ve tried the flatpak command: flatpak repair. It didn’t help. Perhaps I can find out how keyring files work in flatpak as that seemed to be the solution to my desktop flatpak install.

Thanks for the suggestion.

henrythemouse · March 16, 2023, 4:27am

Have you verified that pithos has a key stored there or saying that some keys are stored there?

On my debian system, when I installed gnome-keyring no password keyrings were created and none now exist. Still, pithos runs fine. This leads me to believe that flatpak uses and independent keyring. But, I’m guessing. I copied the “settings” file from my desktop to my L5 and now pithos has the username filled in for me when I start it. The pass is another matter I suppose.

irvinewade · March 16, 2023, 4:44am

Maaaaate, I don’t even know what pithos is. So, what I mean is that I know that some passwords belonging to other regular applications are stored there (encrypted) and do work in those applications.

It is my recollection that the default keyring, Default_keyring, was created the first time I used an application that needed the keyring (because it asked me to create a password for the keyring itself) but it was a long time ago …

One thing I have wondered about from time to time is exactly how portable a .keyring file is from one computer to another computer, or even on the same computer but under a different name.

henrythemouse · March 16, 2023, 3:23pm

That’s a good question. In this case I was trying to do it from an x86 architecture to a arm architecture and from different versions of debian and Flatpak. No luck so far. I’d like to find another Flatpak app that uses the keyring, so I can confirm that that functionality is working on the L5.

Thanks for your reply.

henrythemouse · March 16, 2023, 6:58pm

I had forgotten about the Pine phone I had in my closet. I updated it and install the Pithos flatpak. Had zero issues, logged in and everything worked.

While that’s good news for Pithos, it makes the issue more specific to the L5. I’m not sure where to go from here.

henrythemouse · March 16, 2023, 7:28pm

From that link:

I had to set permissions for “read, add change and remove saved passwords” in Ubuntus Software Center.

I see some of the same errors listed there. May indicate that the errors are more generic than I had been thinking. I’ll see if I can find more references.

Thanks for the link.