[opensuse-buildservice] osc use_keyring without windowmanager
Dear all, I would like to use osc with use_keyring without a windowmanager i.e. on a server without X/wayland. Is this possible as according to the documentation [1]. use_keyring only supports (For KDE the KWallet is used, for GNOME it is Seahorse.). I've currently have a windowmanager installed on my server VM but I don't want this anymore as it makes the server slower, uses more resources and uses more power. Regards, Joop. [1] https://openbuildservice.org/help/manuals/obs-user-guide/cha.obs.osc.html -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
Hi, On 1/20/20 4:36 PM, Joop Boonen wrote:
Dear all,
I would like to use osc with use_keyring without a windowmanager i.e. on a server without X/wayland.
That is currently not supported by osc right now.
Is this possible as according to the documentation [1]. use_keyring only supports (For KDE the KWallet is used, for GNOME it is Seahorse.).
Nowadays osc uses python3-keyring and its backends to determine what can be used. There ist a python3-keyrings.alt package that can be installed to provide additional backends as well. For the keyring stuff you can choose between SecretStorage (used by Gnome) and kWallet. You can workaround this using a dbus session as described here [1] in Chapter Ten (but without any guarantee that this will work or will be stable).
I've currently have a windowmanager installed on my server VM but I don't want this anymore as it makes the server slower, uses more resources and uses more power.
Regards,
Joop.
[1] https://openbuildservice.org/help/manuals/obs-user-guide/cha.obs.osc.html
[1] https://readthedocs.org/projects/keyring/downloads/pdf/latest/ -- SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90471 Nürnberg (HRB 36809, AG Nürnberg), Geschäftsführer: Felix Imendöffer -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
Am Dienstag, 21. Januar 2020, 11:18:32 CET schrieb Marco Strigl:
Hi,
On 1/20/20 4:36 PM, Joop Boonen wrote:
Dear all,
I would like to use osc with use_keyring without a windowmanager i.e. on a server without X/wayland.
That is currently not supported by osc right now.
Is this possible as according to the documentation [1]. use_keyring only supports (For KDE the KWallet is used, for GNOME it is Seahorse.).
Nowadays osc uses python3-keyring and its backends to determine what can be used. There ist a python3-keyrings.alt package that can be installed to provide additional backends as well.
For the keyring stuff you can choose between SecretStorage (used by Gnome) and kWallet.
You can workaround this using a dbus session as described here [1] in Chapter Ten (but without any guarantee that this will work or will be stable).
And there is: https://build.opensuse.org/package/show/home:frispete:python/python-keyrings... If you give it a try, please report back... Cheers, Pete -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
On 1/22/20 8:53 PM, Hans-Peter Jansen wrote:
Am Dienstag, 21. Januar 2020, 11:18:32 CET schrieb Marco Strigl:
Hi,
On 1/20/20 4:36 PM, Joop Boonen wrote:
Dear all,
I would like to use osc with use_keyring without a windowmanager i.e. on a server without X/wayland.
That is currently not supported by osc right now.
Is this possible as according to the documentation [1]. use_keyring only supports (For KDE the KWallet is used, for GNOME it is Seahorse.).
Nowadays osc uses python3-keyring and its backends to determine what can be used. There ist a python3-keyrings.alt package that can be installed to provide additional backends as well.
For the keyring stuff you can choose between SecretStorage (used by Gnome) and kWallet.
You can workaround this using a dbus session as described here [1] in Chapter Ten (but without any guarantee that this will work or will be stable).
And there is: https://build.opensuse.org/package/show/home:frispete:python/python-keyrings...
If you give it a try, please report back...
I just installed it and it works nice and without problems. The only downside is that you have to enter the password for the keyring (cryptfile) everytime. Or am I missing something?
Cheers, Pete
-- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
On 2020-01-23 11:01:03 +0100, Marco Strigl wrote:
On 1/22/20 8:53 PM, Hans-Peter Jansen wrote:
Am Dienstag, 21. Januar 2020, 11:18:32 CET schrieb Marco Strigl:
Hi,
On 1/20/20 4:36 PM, Joop Boonen wrote:
Dear all,
I would like to use osc with use_keyring without a windowmanager i.e. on a server without X/wayland.
That is currently not supported by osc right now.
Is this possible as according to the documentation [1]. use_keyring only supports (For KDE the KWallet is used, for GNOME it is Seahorse.).
Nowadays osc uses python3-keyring and its backends to determine what can be used. There ist a python3-keyrings.alt package that can be installed to provide additional backends as well.
For the keyring stuff you can choose between SecretStorage (used by Gnome) and kWallet.
You can workaround this using a dbus session as described here [1] in Chapter Ten (but without any guarantee that this will work or will be stable).
And there is: https://build.opensuse.org/package/show/home:frispete:python/python-keyrings...
If you give it a try, please report back...
I just installed it and it works nice and without problems. The only downside is that you have to enter the password for the keyring (cryptfile) everytime. Or am I missing something?
We could "chain" it with the python-keyring-keyutils [1] keyring and store the "master" password in the session keyring (kernel). But one should read the security considerations [2] before using the python-keyring-keyutils package (which is still WIP). Marcus [1] https://github.com/marcus-h/python-keyring-keyutils [2] https://github.com/marcus-h/python-keyring-keyutils#security-considerations -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
Am Donnerstag, 23. Januar 2020, 21:23:18 CET schrieb Marcus Hüwe:
On 2020-01-23 11:01:03 +0100, Marco Strigl wrote:
On 1/22/20 8:53 PM, Hans-Peter Jansen wrote:
And there is: https://build.opensuse.org/package/show/home:frispete:python/python-keyr ings.cryptfile
If you give it a try, please report back...
I just installed it and it works nice and without problems. The only downside is that you have to enter the password for the keyring (cryptfile) everytime. Or am I missing something?
We could "chain" it with the python-keyring-keyutils [1] keyring and store the "master" password in the session keyring (kernel). But one should read the security considerations [2] before using the python-keyring-keyutils package (which is still WIP).
Sounds interesting. If you attempt to experiment with it, keep me in the loop, please. Cheers, Pete
Marcus
[1] https://github.com/marcus-h/python-keyring-keyutils [2] https://github.com/marcus-h/python-keyring-keyutils#security-considerations
-- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
Am Donnerstag, 23. Januar 2020, 11:01:03 CET schrieb Marco Strigl:
On 1/22/20 8:53 PM, Hans-Peter Jansen wrote:
Am Dienstag, 21. Januar 2020, 11:18:32 CET schrieb Marco Strigl:
And there is: https://build.opensuse.org/package/show/home:frispete:python/python-keyrin gs.cryptfile
If you give it a try, please report back...
I just installed it and it works nice and without problems.
Thanks for the feedback, Marco, and sorry for the delay.
The only downside is that you have to enter the password for the keyring (cryptfile) everytime. Or am I missing something?
No, that's correct. Of course, you can provide the key by other means, but then, you fiddle with plaintext passwords again, hence it doesn't buy you anything. The aim of keyrings.cryptfile was to provide a secure portable storage of secrets in the least complex fashion (for auditing purposes). It attempts to narrow the attack vector to short code passages, but isn't secured against runtime attacks well, yet. If you have ideas, how to improve the keyring password handling for osc, let me know. Cheers, Pete -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
participants (4)
-
Hans-Peter Jansen -
Joop Boonen -
Marco Strigl -
Marcus Hüwe