not sure if this is a good place to ask such a question, nevertheless, I’d like to try
I am the developer of the app OpenTodoList, which is - among others - also packaged as a Flatpak app. This app uses QtKeychain to save and load passwords/tokens. Internally, this library uses any available backend for storing such information - within Flatpak, this means that it uses
libsecret for getting the job done. This worked fine most of the time.
Since some weeks (unfortunately, I cannot tell exactly when), I noticed that the app would not load any passwords at all. Before that, I occasionally had this, but usually restarting the app would cure this and passwords would be back again.
I tried to debug this as far as I could and what I can tell so far: It seems that QtKeychain calls
libsecret (specifically, the simple API which - according to the information I found - should use some special Flatpak magic to store passwords in an app specific keystore). However, the callbacks that are passed into the
libsecret functions never get called.
From there, I wasn’t sure on how to continue. I experimented a bit and found an amazingly simple workaround for the issue: Before reading passwords, I simply wait for 2 seconds. For me - but this is just a guess - it seems like there’s some kind of race condition: If the app starts too fast, something isn’t ready yet and the calls to
libsecret basically never “return” (alas, call back), which then cause the code further up the stack to misbehave.
Long story short:
- Does anyone else experience this kind of issues?
- Are there other, proper ways to tackle this issue? For me, the most important thing is that with this 2s delay, I have at least something at hand. However, I have no clue if these 2s are enough. Maybe, on another machine, the required waiting time might be higher… so, is there some kind of signalling so the app can “know” that it safely can call the
- I have the feeling this issue probably should be reported to somewhere… the question is where? First, I was inclined to raise an issue against QtKeychain, but I actually don’t think there’s anything that can be done there. So, is this something that could be fixed in
libsecret? Or is there a better place to report this kind of issue?