mitya57 / secretstorage Goto Github PK

View Code? Open in Web Editor NEW

99.0 8.0 20.0 266 KB

Python bindings to Freedesktop.org Secret Service API

Home Page: https://secretstorage.readthedocs.io/en/latest/

License: BSD 3-Clause "New" or "Revised" License

Python 100.00%

python secret-service dbus

secretstorage's Introduction

Module description

This module provides a way for securely storing passwords and other secrets.

It uses D-Bus Secret Service API that is supported by GNOME Keyring, KWallet (since version 5.97) and KeePassXC.

The main classes provided are secretstorage.Item, representing a secret item (that has a label, a secret and some attributes) and secretstorage.Collection, a place items are stored in.

SecretStorage supports most of the functions provided by Secret Service, including creating and deleting items and collections, editing items, locking and unlocking collections.

The documentation can be found on secretstorage.readthedocs.io.

Building the module

SecretStorage requires Python ≥ 3.9 and these packages to work:

To build SecretStorage, use this command:

python3 -m build

If you have Sphinx installed, you can also build the documentation:

python3 -m sphinx docs build/sphinx/html

Testing the module

First, make sure that you have the Secret Service daemon installed. The GNOME Keyring is the reference server-side implementation for the Secret Service specification.

Then, start the daemon and unlock the default collection, if needed. The testsuite will fail to run if the default collection exists and is locked. If it does not exist, the testsuite can also use the temporary session collection, as provided by the GNOME Keyring.

Then, run the Python unittest module:

python3 -m unittest discover -s tests

If you want to run the tests in an isolated or headless environment, run this command in a D-Bus session:

dbus-run-session -- python3 -m unittest discover -s tests

Get the code

SecretStorage is available under BSD license. The source code can be found on GitHub.

secretstorage's People

Contributors

Stargazers

Watchers

secretstorage's Issues

Migrate to supported alternative to pycrypto?

Pycrypto has not been updated in 2 years with a fairly long list of open pull requests. There are alternatives:
-- using pycryptodome (less desirable due to conflict with pycrypto install)
-- using pycryptodomex and modifying the imports from Crypto to Cryptodomex
-- using cryptography and modifying more code

Release?

Hey, I was wondering when will this get a new release 😊. I wanted to update to at least Jeepney 0.5 in Arch Linux, preferably 0.6. That is blocked as the current release doesn't seem to be compatible, correct?

int_from_bytes depreciated error

Hello,

secretstorage is a dependency of keychain, and that module attempts to load dhcrypto.py and util.py. Unfortunately, the version of SecretStorage on pypi caused the following errors:

/home/dnasar/.local/share/virtualenvs/opstools-kTlo0iS7/lib/python3.8/site-packages/secretstorage/dhcrypto.py:16: CryptographyDeprecationWarning: int_from_bytes is deprecated, use int.from_bytes instead
  from cryptography.utils import int_from_bytes
/home/dnasar/.local/share/virtualenvs/opstools-kTlo0iS7/lib/python3.8/site-packages/secretstorage/util.py:25: CryptographyDeprecationWarning: int_from_bytes is deprecated, use int.from_bytes instead
  from cryptography.utils import int_from_bytes

Is there a timeline on when a new release might be pushed? I noticed that these changes were recently corrected. Thanks!

collection.unlock() and collection.is_locked() both return True

I tried the following; collection.unlock() and collection.is_locked() both return True. I must be doing something wrong, but don't know enough about secretstorage to identify what my error is. Please help!

    $ python3
    Python 3.8.10 (default, Jun  2 2021, 10:49:15) 
    [GCC 9.4.0] on linux
    Type "help", "copyright", "credits" or "license" for more information.
    >>> import secretstorage
    >>> collection = secretstorage.get_default_collection(secretstorage.dbus_init())
    >>> collection.is_locked()
    True
    >>> collection.unlock()
    True
    >>> collection.is_locked()
    True
    >>>

pip list says SecretStorage 3.3.1

Support alternative bindings for Dbus

Presently, the code uses dbus-python for DBus support.

However, that binding cannot be used with pypy, because it has a C binding, and pypy tries to avoid that as much as possible.

Please support using another DBus binding instead. Of the official list of DBus bindings, the only usable option is txdbus, because the others also require compiling a C extension.

ItemNotFoundException while iterating all items

Using this script:

#!/usr/bin/env python3
import secretstorage
connection = secretstorage.dbus_init()
collections = secretstorage.get_all_collections(connection)
for coll in collections:
    if not coll.is_locked():
        print(f"Keyring: {coll.get_label()}")
        for item in coll.get_all_items():
            print(f"{item.get_label()} -> {item.get_secret()}")

OS: Ubuntu Linux 22.04 64 bit intel, fully updated
Package versions:

 python3-secretstorage                      3.3.1-1
python3-jeepney                            0.7.1-3
python3-cryptography                       3.4.8-1ubuntu2

It's a freshly installed VM I was used for testing. There're two keyrings (Login and awsvault) with one entry each. Output:

user@user-ubuntu:~/Desktop$ ./dumpall.py
Keyring: Login
My first item -> b'pa$$word'
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/secretstorage/util.py", line 46, in send_and_get_reply
    return self._connection.send_and_get_reply(msg, unwrap=True)
  File "/usr/lib/python3/dist-packages/jeepney/io/blocking.py", line 190, in send_and_get_reply
    return unwrap_msg(msg_in)
  File "/usr/lib/python3/dist-packages/jeepney/wrappers.py", line 214, in unwrap_msg
    raise DBusErrorResponse(msg)
jeepney.wrappers.DBusErrorResponse: [org.freedesktop.DBus.Error.UnknownMethod] ('Object does not exist at path “/org/freedesktop/secrets/collection/login/1”',)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/user/Desktop/./dumpall.py", line 8, in <module>
    for item in coll.get_all_items():
  File "/usr/lib/python3/dist-packages/secretstorage/collection.py", line 86, in get_all_items
    yield Item(self.connection, item_path, self.session)
  File "/usr/lib/python3/dist-packages/secretstorage/item.py", line 31, in __init__
    self._item.get_property('Label')
  File "/usr/lib/python3/dist-packages/secretstorage/util.py", line 64, in get_property
    (signature, value), = self.send_and_get_reply(msg)
  File "/usr/lib/python3/dist-packages/secretstorage/util.py", line 49, in send_and_get_reply
    raise ItemNotFoundException('Item does not exist!') from resp
secretstorage.exceptions.ItemNotFoundException: Item does not exist!

It appears that the get_all_items() method fumble after properly fetching the only entry in the keyring.

I tried dumping the Items property in the get_all_items() method call and I get this:

['/org/freedesktop/secrets/collection/login/2', '/org/freedesktop/secrets/collection/login/1']

So, it seems more items are enumerated than actually there?

dependency on cryptography pulls in rust on low-end systems

In #6 the cryptographic backend was switched to "cryptography" .

It would be great if some other backend were available, as the cryptography package requires an install-time compile using rust on many systems, and secretstorage is a core package in the dependency tree of twine.

cannot pass bytearray to pycrypto's bytes_to_long() in python2

introduced with commit 70a041a

pycrypto uses struct.unpack() in bytes_to_long() which cannot accept a bytearray (as passed in by dhcrypto.py).

$ PYTHONPATH=. python2 -c 'import secretstorage'
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "secretstorage/__init__.py", line 14, in <module>
    from secretstorage.collection import Collection, create_collection, \
  File "secretstorage/collection.py", line 21, in <module>
    from secretstorage.item import Item
  File "secretstorage/item.py", line 15, in <module>
    from secretstorage.util import InterfaceWrapper, bus_get_object, \
  File "secretstorage/util.py", line 13, in <module>
    from secretstorage.dhcrypto import Session
  File "secretstorage/dhcrypto.py", line 42, in <module>
    DH_PRIME_1024 = bytes_to_long(DH_PRIME_1024_BYTES)
  File "secretstorage/dhcrypto.py", line 33, in <lambda>
    bytes_to_long = lambda b: _to_long(bytearray(b))
  File "/usr/lib/python2.7/dist-packages/Crypto/Util/number.py", line 431, in bytes_to_long
    acc = (acc << 32) + unpack('>I', s[i:i+4])[0]
struct.error: unpack requires a string argument of length 4

the change even fails the dhcrypto tests (ie tests/test_dhcrypto.py).

test results and experimentation in this gist.

for now i've modified secretstorage from "bytearray(b)" to "str(bytearray(b))", which is not a solution for python3, but i'm only using secretstorage with python2.

3.3.2: pytest is failing

I'm packaging your module as an rpm package so I'm using the typical PEP517 based build, install and test cycle used on building packages from non-root account.

python3 -sBm build -w --no-isolation
because I'm calling build with --no-isolation I'm using during all processes only locally installed modules
install .whl file in </install/prefix>
run pytest with PYTHONPATH pointing to sitearch and sitelib inside </install/prefix>

Here is lis of modules installed in build env:

Package                       Version
----------------------------- -----------------
alabaster                     0.7.12
attrs                         22.1.0
Babel                         2.10.2
build                         0.8.0
cffi                          1.15.1
charset-normalizer            2.1.0
codespell                     2.1.0
cryptography                  36.0.2
dbus-python                   1.2.18
distro                        1.7.0
docutils                      0.18.1
extras                        1.0.0
fixtures                      4.0.0
gpg                           1.17.1-unknown
idna                          3.3
imagesize                     1.4.1
importlib-metadata            4.12.0
iniconfig                     1.1.1
jeepney                       0.8.0
Jinja2                        3.1.1
libcomps                      0.1.18
MarkupSafe                    2.1.1
packaging                     21.3
pbr                           5.9.0
pep517                        0.12.0
pip                           22.2.1
pluggy                        1.0.0
ply                           3.11
py                            1.11.0
pycparser                     2.21
Pygments                      2.12.0
PyGObject                     3.42.2
pyparsing                     3.0.9
pytest                        7.1.2
python-dateutil               2.8.2
pytz                          2022.1
requests                      2.28.1
rpm                           4.17.0
setuptools                    63.4.2
six                           1.16.0
snowballstemmer               2.2.0
Sphinx                        5.1.1
sphinxcontrib-applehelp       1.0.2.dev20220730
sphinxcontrib-devhelp         1.0.2.dev20220730
sphinxcontrib-htmlhelp        2.0.0
sphinxcontrib-jsmath          1.0.1.dev20220730
sphinxcontrib-qthelp          1.0.3.dev20220730
sphinxcontrib-serializinghtml 1.1.5
testtools                     2.5.0
tomli                         2.0.1
transaction                   3.0.1
urllib3                       1.26.11
wheel                         0.37.1
zipp                          3.8.1
zope.event                    4.5.0
zope.interface                5.4.0

Add a link to secretstorage-setup

Notify keyring and SecretStorage projects to see if they are interested in linking to us.

Support other Jeepney I/O options?

Hi @mitya57 🙂

As you know, SecretStorage is probably the biggest user of Jeepney. One aim of Jeepney is to decouple the structure of messages from sending and receiving data. It should be possible to define the methods for something like the secrets service in a way that can easily be used with different I/O options, like asyncio or Trio.

Would you be interested in exploring what this might look like for SecretStorage? I don't have a specific use case that needs it, but I'd be interested to see how well the principle works in a real module.

Raise SecretServiceNotAvailableException if Gnome-keyring isn't installed

I believe this error should be caught in the secretstorage package.

borgbase/vorta#235

Python3 - object has no attribute 'send_and_get_reply'

Hi,

I use your lib in my tool and during some tests, I had an error depending on which version of python I used.
Everything works fine with:

Python 2.7.12
SecretStorage: 2.3.1

However, it fails with python3:

Python 3.5.2
SecretStorage: 3.0.1

Here is my traceback:

[-] Traceback (most recent call last):
  File "/home/test/Linux/lazagne/softwares/wallet/libsecret.py", line 30, in run
    collections = list(secretstorage.collection.get_all_collections(bus))
  File "/home/test/.local/lib/python3.5/site-packages/secretstorage/collection.py", line 138, in get_all_collections
    for collection_path in service.get_property('Collections'):
  File "/home/test/.local/lib/python3.5/site-packages/secretstorage/util.py", line 59, in get_property
    (signature, value), = self.send_and_get_reply(msg)
  File "/home/test/.local/lib/python3.5/site-packages/secretstorage/util.py", line 41, in send_and_get_reply
    return self._connection.send_and_get_reply(msg)
AttributeError: 'BusConnection' object has no attribute 'send_and_get_reply'

Thanks a lot for your work.

Remove dependency on dbus-python

Hi!

We are using the secretstorage module in one of our tools. Unfortunately, after the release of version 2.2.0, users of both MacOSX and Ubuntu Linux could not install it via pip any more. On both systems, this was caused by the newly introduced dependency on dbus-python, which failed to compile.

From your Travis tests I saw that I need to install libdbus-glib-1-dev, and this fixed the problem. I think, however, that the situation before the dependency was added was better:

Before dependency was added:

works out of the box on Ubuntu & MacOSX
in case it does not work, install the 'dbus-python' package (Ubuntu has it packaged, no need to use pip)

After the dependency was added:

does not work out of the box on Ubuntu & MacOSX
to install on Ubuntu, you need
- a C-compiler with additional tools (which I happened to have)
- the package libdbus-glib-1-dev (which might be called differently on other Linux distributions)

Expose whether individual items are locked or unlocked

The spec states that items may be locked individually, separately from the collection. It does not appear that an API is exposed to unlock individual items. In fact, when returning items, it puts the locked and unlocked items in the same result without any differentiation between them.

Deprecation: int_from_bytes is deprecated

Hi!

I just upgraded cryptography to 3.4.1 and I got this error:

/usr/local/lib/python3.8/dist-packages/secretstorage/dhcrypto.py:16: CryptographyDeprecationWarning: int_from_bytes is deprecated, use int.from_bytes instead
  from cryptography.utils import int_from_bytes
/usr/local/lib/python3.8/dist-packages/secretstorage/util.py:25: CryptographyDeprecationWarning: int_from_bytes is deprecated, use int.from_bytes instead
  from cryptography.utils import int_from_bytes

Would you please fix this?
Thanks in advance.

DBus authentication failure in jeepney doesn't get wrapped in SecretServiceNotAvailableException

This epic was started by JonnyJD/musicbrainz-isrcsubmit#119.

When jeepney (and in turn secretstorage) is used in a fakeroot environment, DBus authentication fails.

This causes DBus to return "REJECTED EXTERNAL", triggering a raise Exception() here. Or at least it would, if not for this coding error. Right now it raises the ValueError seen in the isrcsubmit issue above.
dbus_init() only checks for KeyError and ConnectionError, thus allowing the Exception/ValueError through.

dbus_init should probably check for this failure mode of jeepney too. Right now, that's a little difficult, with it either raising a generic Exception or ValueError - both of which are pretty much catch-alls. If you're fine with that, __init__.py:44 could be modified to just catch any BaseException and wrap that, which in my opinion is a valid use of a catch-all - it's just being wrapped in another exception, after all.

Alternatively, we could wait for this other jeepney MR to go through, which raises a special exception in the case of an authentication failure. That could take quite a while though, I don't think that maintainer is particularly active and propagation might also take some time.

Need API for `unlock(pwd="password")`

Hi, I've been using gnomekeyring, but it has since been deprecated. So I'm looking for an alternative, and this project seems most promising.

Script Using gnomekeyring:

import gnomekeyring
import getpass
gnomekeyring.unlock_sync(None, getpass.getpass('Password: '))

The current api provided(unlock()) will not work if X is not running at all. So, an unlock(password="") would be appreciated.

Wheel support

http://pythonwheels.com/

Right now, only the tar.gz file is being distributed on PyPI for secretstorage, which isn't that much of an issue, but it does add some time to installing the package.

This package should be compatible with the Wheel format, considering it doesn't appear to have any C dependencies and it is compatible with both Python 2 and 3. As a result, you should only need to generate a universal wheel and then everyone (on all systems) will get the ability to install secretstorage with just the wheel, without having to do any extra work.

org.freedesktop.DBus.Error.UnknownMethod error on remote ssh machine

When using poetry (1.2.2.) on a remote ssh machine, the installation fails (see logs below).
Using sudo apt-get remove gnome-keyring and rebooting solves the problem.

I guess the issue is some missing desktop component, as the machine is purely remote.

The latest version (1.2.2) is already installed.
echo yes | ~/.local/bin/poetry cache clear . --all
~/.local/bin/poetry env use python3.8
Using virtualenv: /home/maxjeblick/.cache/pypoetry/virtualenvs/project_name-lXxudBnh-py3.8
~/.local/bin/poetry install --no-root
Installing dependencies from lock file

Package operations: 156 installs, 2 updates, 0 removals

  • Installing markupsafe (2.1.1)
  • Installing pyparsing (3.0.9)
  • Updating setuptools (65.0.2 -> 65.5.1)
  • Updating wheel (0.37.1 -> 0.38.4)
  • Installing zipp (3.10.0)

  DBusErrorResponse

  [org.freedesktop.DBus.Error.UnknownMethod] ('No such interface “org.freedesktop.DBus.Properties” on object at path /org/freedesktop/secrets/collection/login',)

  at ~/.local/share/pypoetry/venv/lib/python3.8/site-packages/secretstorage/util.py:48 in send_and_get_reply
       44│     def send_and_get_reply(self, msg: Message) -> Any:
       45│         try:
       46│             resp_msg: Message = self._connection.send_and_get_reply(msg)
       47│             if resp_msg.header.message_type == MessageType.error:
    →  48│                 raise DBusErrorResponse(resp_msg)
       49│             return resp_msg.body
       50│         except DBusErrorResponse as resp:
       51│             if resp.name in (DBUS_UNKNOWN_METHOD, DBUS_NO_SUCH_OBJECT):
       52│                 raise ItemNotFoundException('Item does not exist!') from resp

The following error occurred when trying to handle this error:


  ItemNotFoundException

  Item does not exist!

after update no longer works with threads

Hi,
after secretstorage was updated in fedora it breaks software that uses threads. We have a tool that has backend part that stores some passwords in gnome keyring. It communicates with webui frontend through web rest api. That is handled by python http simple server that creates threads for incoming requests. If required, some request may need to query gnome keyring and this is where it breaks because updated secretstorage no longer works when used in a thread.

used version secretstorage-3.1.1

Actual results:

  File "/usr/lib/python3.7/site-packages/keyring/backends/SecretService.py", line 79, in set_password
    collection = self.get_preferred_collection()
  File "/usr/lib/python3.7/site-packages/keyring/backends/SecretService.py", line 50, in get_preferred_collection
    bus = secretstorage.dbus_init()
  File "/usr/lib/python3.7/site-packages/secretstorage/__init__.py", line 37, in dbus_init
    connection = connect_and_authenticate()
  File "/usr/lib/python3.7/site-packages/jeepney/integrate/blocking.py", line 82, in connect_and_authenticate
    conn = DBusConnection(sock)
  File "/usr/lib/python3.7/site-packages/jeepney/integrate/blocking.py", line 20, in __init__
    hello_reply = self.bus_proxy.Hello()
  File "/usr/lib/python3.7/site-packages/jeepney/integrate/blocking.py", line 64, in inner
    return self._connection.send_and_get_reply(msg)
  File "/usr/lib/python3.7/site-packages/jeepney/integrate/blocking.py", line 45, in send_and_get_reply
    future = self.send_message(message)
  File "/usr/lib/python3.7/site-packages/jeepney/integrate/blocking.py", line 24, in send_message
    future = self.router.outgoing(message)
  File "/usr/lib/python3.7/site-packages/jeepney/routing.py", line 26, in outgoing
    self.awaiting_reply[msg.header.serial] = handle = self.handle_factory()
  File "/usr/lib64/python3.7/asyncio/events.py", line 644, in get_event_loop
    % threading.current_thread().name)
RuntimeError: There is no current event loop in thread 'Thread-1'.

if you run reproducer directly, without thread it will work. Same if you downgrade to
secretstorage-2.3.1

reproducer:
drop .txt suffix
run attached threadwrap.py

threadwrap.py.txt
gnomekeyringtest.py.txt

ImportError: No module named gi.repository

I'm seeing this failure:

  File "build/bdist.linux-x86_64/egg/secretstorage/collection.py", line 158, in get_default_collection
  File "build/bdist.linux-x86_64/egg/secretstorage/collection.py", line 137, in create_collection
  File "build/bdist.linux-x86_64/egg/secretstorage/util.py", line 127, in exec_prompt_glib
ImportError: No module named gi.repository

Apparently there is also a dependency on some module 'gi'?

3.* wheel is built for Python 2 too

Therefor, I think, when installing the package with pip,

it tries to downloaded the 3.* version instead of lower one-

user@ubuntu:~$ pip2 install SecretStorage
Collecting SecretStorage
  Using cached https://files.pythonhosted.org/packages/02/de/e4590cf025c714635637d4b2d19acfb1015f2d0c6cfe843b2b8f776ec819/SecretStorage-3.0.0-py2.py3-none-any.whl
SecretStorage requires Python '>=3.5' but the running Python is 2.7.14

Tested with pip version 9.0.3 and 10.0.1

I think building the wheel only for Python 3 will prevent pip to try installing the 3.* version.

See here

Uncaught exception

I receive the following on boot of my computer:

Uncaught exception, please file a report with this text at
https://github.com/borgbase/vorta/issues/new
Traceback (most recent call last):
  File "/app/lib/python3.9/site-packages/vorta/application.py", line 186, in set_borg_details_result
    self.scheduler.reload_all_timers()  # Start timer after Borg version is set.
  File "/app/lib/python3.9/site-packages/vorta/scheduler.py", line 333, in reload_all_timers
    self.set_timer_for_profile(profile.id)
  File "/app/lib/python3.9/site-packages/vorta/scheduler.py", line 274, in set_timer_for_profile
    self.create_backup(profile_id)
  File "/app/lib/python3.9/site-packages/vorta/scheduler.py", line 380, in create_backup
    msg = BorgCreateJob.prepare(profile)
  File "/app/lib/python3.9/site-packages/vorta/borg/create.py", line 74, in prepare
    ret = super().prepare(profile)
  File "/app/lib/python3.9/site-packages/vorta/borg/borg_job.py", line 152, in prepare
    ret['password'] = cls.keyring.get_password('vorta-repo', profile.repo.url)
  File "/app/lib/python3.9/site-packages/vorta/keyring/secretstorage.py", line 50, in get_password
    if self.is_unlocked:
  File "/app/lib/python3.9/site-packages/vorta/keyring/secretstorage.py", line 66, in is_unlocked
    return not (self.collection.is_locked() and self.collection.unlock())
  File "/app/lib/python3.9/site-packages/secretstorage/collection.py", line 67, in unlock
    return unlock_objects(self.connection, [self.collection_path])
  File "/app/lib/python3.9/site-packages/secretstorage/util.py", line 151, in unlock_objects
    dismissed, (signature, unlocked) = exec_prompt(connection, prompt)
  File "/app/lib/python3.9/site-packages/secretstorage/util.py", line 138, in exec_prompt
    assert dismissed is not None
AssertionError

Sometime after this, the backups were completing successfully, so I'm not really sure what the error is.

I'm using Vorta 0.8.6 on Mint 20.3.

I created an issue at Vorta and they suggested posting here.

Collection.create_item() does not execute prompt

When executing create_item, and a prompt is returned, secretstorage does not check for it or execute it, which leads the following Item() return value to fail because the Item was not created.

secretstorage use deprecated int_from_bytes

nova-manage and many other OpenStack CLIs use secretstorage indirectly via keyring which si uses by python-keystoneclient (part of OpenStack)

ubuntu@nova-healthchecks:~$ OS_NO_CACHE=True nova-manage --help 2>&1
/usr/lib/python3/dist-packages/secretstorage/dhcrypto.py:15: CryptographyDeprecationWarning: int_from_bytes is deprecated, use int.from_bytes instead
from cryptography.utils import int_from_bytes
/usr/lib/python3/dist-packages/secretstorage/util.py:19: CryptographyDeprecationWarning: int_from_bytes is deprecated, use int.from_bytes instead
from cryptography.utils import int_from_bytes

python-keystoneclient uses keyring to provide an optional token cache but this error still persists with it disabled because its triggered
on import. i could hide this by making that import also conditional on the env var but it probably makes sense to just
fix this in secretstorage so I though I would open this issue.

i have not spent time looking at the fix yet, from the readme I see secretstorage support python 3.6+ so any fix would have
to work nativly with 3.6 and or check the version.

if int.from_bytes exits on 3.6 I will try and create a pr with a fix that just replaces the import if not ill do a version check

Add support for flatpak's secret portal

It's currently not possible to use secretstorage inside flatpak without opening a hole for org.freedesktop.secrets. This allows cross application password access.
When using the portal only the application that stored the password can read it.

For details see flatpak/xdg-desktop-portal#359

Thanks

Setting schema not supported

It seems to me like there is no way of setting schema metadata in Python. Is it only possible via C or did I miss something?

Deprecation warning with secretstorage 3.3.1 and jeepney 0.8.0

.../.venv/lib/python3.8/site-packages/secretstorage/util.py:46: UserWarning: Passing unwrap= to .send_and_get_reply() is deprecated and will break in a future version of Jeepney.
  return self._connection.send_and_get_reply(msg, unwrap=True)
[]

content_type is always text/plain no matter what type is specified

The following code:

connection = secretstorage.dbus_init()
collection = secretstorage.collection.get_default_collection(connection)
attributes = {'key': 'test'}
item = collection.create_item('test', attributes, b'\xff\xfe\xfd\xfc', replace=True, content_type='octet-stream')
print('content_type =', item.get_secret_content_type())

prints
content_type = text/plain

It does not matter what value is passed as the 'content_type' argument, the content type of the stored item is always 'text/plain'. Is this a restriction of the keyring daemon as there is nothing in the code which explains this behaviour ?

AttributeError for encoding secrets of type None

Hi,

I use secretstorage with the module keyring and I had myself faced with a AttributeError for a password with type None:

Traceback (most recent call last):
  File "/qt_prototypes/examples/connectiondialog2.py", line 350, in change_connection_information
    keyring.set_password(service_name, current_connection_username, current_connection_password)
  File "/qt_prototypes/venv/lib/python3.7/site-packages/keyring/core.py", line 61, in set_password
    _keyring_backend.set_password(service_name, username, password)
  File "/qt_prototypes/venv/lib/python3.7/site-packages/keyring/backends/SecretService.py", line 90, in set_password
    collection.create_item(label, attributes, password, replace=True)
  File "/qt_prototypes/venv/lib/python3.7/site-packages/secretstorage/collection.py", line 118, in create_item
    _secret = format_secret(self.session, secret, content_type)
  File "/qt_prototypes/venv/lib/python3.7/site-packages/secretstorage/util.py", line 101, in format_secret
    secret = secret.encode('utf-8')
AttributeError: 'NoneType' object has no attribute 'encode'

It'd be awesome if there were some kind of preventing this Error, maybe with a TypeCheck and an exception or so.

Thank you!

tests/test_item.py fails with TypeError: a bytes-like object is required, not 'list'

Using cryptography version 2.5. Stack trace:

Traceback (most recent call last):
  File "/home/zrhoffman/github.com/python/mitya57/secretstorage/tests/test_item.py", line 59, in test_secret
    self.assertEqual(self.item.get_secret(), b'pa$$word')
  File "/home/zrhoffman/github.com/python/mitya57/secretstorage/secretstorage/item.py", line 106, in get_secret
    padded_secret = decryptor.update(encrypted_secret) + decryptor.finalize()
  File "/usr/lib/python3.7/site-packages/cryptography/hazmat/primitives/ciphers/base.py", line 149, in update
    return self._ctx.update(data)
  File "/usr/lib/python3.7/site-packages/cryptography/hazmat/backends/openssl/ciphers.py", line 124, in update
    n = self.update_into(data, buf)
  File "/usr/lib/python3.7/site-packages/cryptography/hazmat/backends/openssl/ciphers.py", line 140, in update_into
    self._backend._ffi.from_buffer(data), len(data)
TypeError: a bytes-like object is required, not 'list'

This broke from 3c68250ad9 in pyca/cryptography because ffi.from_buffer() needs an object which supports the buffer interface, which lists do not. This change is reflected in cryptography version 2.5 but not version 2.4.2.

Full log (click to expand)

[zrhoffman@computer secretstorage]$ python3 -m unittest discover -s tests
../usr/lib/python3.7/importlib/_bootstrap_external.py:525: ResourceWarning: unclosed <socket.socket fd=3, family=AddressFamily.AF_UNIX, type=SocketKind.SOCK_STREAM, proto=0, raddr=/run/user/1000/bus>
  code = marshal.loads(data)
ResourceWarning: Enable tracemalloc to get the object allocation traceback
/usr/lib/python3.7/importlib/_bootstrap_external.py:525: ResourceWarning: unclosed <socket.socket fd=7, family=AddressFamily.AF_UNIX, type=SocketKind.SOCK_STREAM, proto=0, raddr=/run/user/1000/bus>
  code = marshal.loads(data)
ResourceWarning: Enable tracemalloc to get the object allocation traceback
..sssss.........../usr/lib/python3.7/tokenize.py:376: ResourceWarning: unclosed <socket.socket fd=7, family=AddressFamily.AF_UNIX, type=SocketKind.SOCK_STREAM, proto=0, raddr=/run/user/1000/bus>
  return readline()
ResourceWarning: Enable tracemalloc to get the object allocation traceback
/usr/lib/python3.7/tokenize.py:376: ResourceWarning: unclosed <socket.socket fd=10, family=AddressFamily.AF_UNIX, type=SocketKind.SOCK_STREAM, proto=0, raddr=/run/user/1000/bus>
  return readline()
ResourceWarning: Enable tracemalloc to get the object allocation traceback
/usr/lib/python3.7/tokenize.py:376: ResourceWarning: unclosed <socket.socket fd=12, family=AddressFamily.AF_UNIX, type=SocketKind.SOCK_STREAM, proto=0, raddr=/run/user/1000/bus>
  return readline()
ResourceWarning: Enable tracemalloc to get the object allocation traceback
/usr/lib/python3.7/tokenize.py:376: ResourceWarning: unclosed <socket.socket fd=13, family=AddressFamily.AF_UNIX, type=SocketKind.SOCK_STREAM, proto=0, raddr=/run/user/1000/bus>
  return readline()
ResourceWarning: Enable tracemalloc to get the object allocation traceback
/usr/lib/python3.7/tokenize.py:376: ResourceWarning: unclosed <socket.socket fd=14, family=AddressFamily.AF_UNIX, type=SocketKind.SOCK_STREAM, proto=0, raddr=/run/user/1000/bus>
  return readline()
ResourceWarning: Enable tracemalloc to get the object allocation traceback
/usr/lib/python3.7/tokenize.py:376: ResourceWarning: unclosed <socket.socket fd=15, family=AddressFamily.AF_UNIX, type=SocketKind.SOCK_STREAM, proto=0, raddr=/run/user/1000/bus>
  return readline()
ResourceWarning: Enable tracemalloc to get the object allocation traceback
/usr/lib/python3.7/tokenize.py:376: ResourceWarning: unclosed <socket.socket fd=16, family=AddressFamily.AF_UNIX, type=SocketKind.SOCK_STREAM, proto=0, raddr=/run/user/1000/bus>
  return readline()
ResourceWarning: Enable tracemalloc to get the object allocation traceback
/usr/lib/python3.7/tokenize.py:376: ResourceWarning: unclosed <socket.socket fd=17, family=AddressFamily.AF_UNIX, type=SocketKind.SOCK_STREAM, proto=0, raddr=/run/user/1000/bus>
  return readline()
ResourceWarning: Enable tracemalloc to get the object allocation traceback
/usr/lib/python3.7/tokenize.py:376: ResourceWarning: unclosed <socket.socket fd=18, family=AddressFamily.AF_UNIX, type=SocketKind.SOCK_STREAM, proto=0, raddr=/run/user/1000/bus>
  return readline()
ResourceWarning: Enable tracemalloc to get the object allocation traceback
E..s
======================================================================
ERROR: test_secret (test_item.ItemTest)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/zrhoffman/github.com/python/mitya57/secretstorage/tests/test_item.py", line 59, in test_secret
    self.assertEqual(self.item.get_secret(), b'pa$$word')
  File "/home/zrhoffman/github.com/python/mitya57/secretstorage/secretstorage/item.py", line 106, in get_secret
    padded_secret = decryptor.update(encrypted_secret) + decryptor.finalize()
  File "/usr/lib/python3.7/site-packages/cryptography/hazmat/primitives/ciphers/base.py", line 149, in update
    return self._ctx.update(data)
  File "/usr/lib/python3.7/site-packages/cryptography/hazmat/backends/openssl/ciphers.py", line 124, in update
    n = self.update_into(data, buf)
  File "/usr/lib/python3.7/site-packages/cryptography/hazmat/backends/openssl/ciphers.py", line 140, in update_into
    self._backend._ffi.from_buffer(data), len(data)
TypeError: a bytes-like object is required, not 'list'

----------------------------------------------------------------------
Ran 24 tests in 0.634s

FAILED (errors=1, skipped=6)
[zrhoffman@computer secretstorage]$ exit

Secretstorage fails to install on Ubuntu 16.04

Secretstorage as of version 2.2.0 is trying to install python-dbus; however, this causes an installation failure on Ubuntu 16.04 as the dbus-1 package is no more, it's just dbus, and at least intermediate dependencies have not been updated to reflect this change.

FYI - python-dbus is not pip installable, and seems to be a system-level package. Do you really need dbus access? I suspect many user may not - in my case, I'm working on a RESTful API and secretstorage got pulled in by a dependency we won't have dbus running on our servers; might be good to make this optional for 2.2.1 or 2.3.

dbus_init() hangs when called in a script that calls another instance via sudo --preserve-env

I'm not certain if this is a jeepney or secretstorage issue, but I'm opening it here. The bug context is that if you have a script (a.py) which performs a secretstorage.dbus_init() and the script uses subprocess to execute another script (b.py) using sudo --preserve-env, the second secretstorage.dbus_init() hangs.

a.py:

#!/usr/bin/env python3
import os
import secretstorage
import secretstorage.exceptions as exceptions
import subprocess


def launch():
    print('a launch()')
    try:
        print('a dbus_init()')
        bus = secretstorage.dbus_init()
    except exceptions.SecretStorageException as e:
        raise RuntimeError("Unable to initialize SecretService: %s" % e)
    p = os.getcwd()
    cmd = ['sudo', '--preserve-env', 'python3', '{}/b.py'.format(p)]
    #cmd = ['python3', '{}/b.py'.format(p)]
    try:
        print('a subprocess')
        subprocess.check_call(cmd)
    except Exception as e:
        print('a exception')
        raise
    print("a done")

if __name__ == '__main__':
    print('a main()')
    launch()

b.py

#!/usr/bin/env python3
import secretstorage
import secretstorage.exceptions as exceptions

def launch():
    print("b launch()")
    try:
        print('b dbus_init()')
        bus = secretstorage.dbus_init()
    except exceptions.SecretStorageException as e:
        raise RuntimeError("Unable to initialize SecretService: %s" % e)
    print("b done")


if __name__ == '__main__':
    print('b main()')
    launch()

Resulting output

[centos@undercloud test]$ ./a.py 
a main()
a launch()
a dbus_init()
a subprocess
b main()
b launch()
b dbus_init()

It will hang on the second dbus_init. A ctrl+c results in this traceback:

^CTraceback (most recent call last):
  File "/home/centos/test/b.py", line 17, in <module>
    launch()
  File "/home/centos/test/b.py", line 9, in launch
    bus = secretstorage.dbus_init()
  File "/usr/lib/python3.6/site-packages/secretstorage/__init__.py", line 37, in dbus_init
    connection = connect_and_authenticate()
  File "/usr/lib/python3.6/site-packages/jeepney/integrate/blocking.py", line 102, in connect_and_authenticate
    conn = DBusConnection(sock)
  File "/usr/lib/python3.6/site-packages/jeepney/integrate/blocking.py", line 40, in __init__
    hello_reply = self.bus_proxy.Hello()
  File "/usr/lib/python3.6/site-packages/jeepney/integrate/blocking.py", line 84, in inner
    return self._connection.send_and_get_reply(msg)
  File "/usr/lib/python3.6/site-packages/jeepney/integrate/blocking.py", line 67, in send_and_get_reply
    self.recv_messages()
  File "/usr/lib/python3.6/site-packages/jeepney/integrate/blocking.py", line 55, in recv_messages
    b = self.sock.recv(4096)
KeyboardInterrupt
a exception
Traceback (most recent call last):
  File "/usr/lib64/python3.6/subprocess.py", line 289, in call
    return p.wait(timeout=timeout)
  File "/usr/lib64/python3.6/subprocess.py", line 1477, in wait
    (pid, sts) = self._try_wait(0)
  File "/usr/lib64/python3.6/subprocess.py", line 1424, in _try_wait
    (pid, sts) = os.waitpid(self.pid, wait_flags)
KeyboardInterrupt

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "./a.py", line 28, in <module>
    launch()
  File "./a.py", line 20, in launch
    subprocess.check_call(cmd)
  File "/usr/lib64/python3.6/subprocess.py", line 306, in check_call
    retcode = call(*popenargs, **kwargs)
  File "/usr/lib64/python3.6/subprocess.py", line 291, in call
    p.kill()
  File "/usr/lib64/python3.6/subprocess.py", line 1610, in kill
    self.send_signal(signal.SIGKILL)
  File "/usr/lib64/python3.6/subprocess.py", line 1600, in send_signal
    os.kill(self.pid, sig)
PermissionError: [Errno 1] Operation not permitted

This is on CentOS8.

Pip freeze

alembic==1.3.1
amqp==2.5.2
ansible==2.8.8
ansible-config-template==1.0.1
ansible-pacemaker==1.0.4
ansible-role-atos-hsm==0.1.1
ansible-role-chrony==1.0.2
ansible-role-container-registry==1.1.1
ansible-role-openstack-operations==0.0.1
ansible-role-thales-hsm==0.2.1
ansible-role-tripleo-modify-image==1.1.1
ansible-runner==1.4.4
anyjson==0.3.3
aodhclient==1.5.0
appdirs==1.4.3
asn1crypto==0.24.0
attrs==17.4.0
Babel==2.5.1
bcrypt==3.1.7
beautifulsoup4==4.8.2
boto==2.49.0
Bottleneck==1.2.1
cachetools==4.0.0
cffi==1.13.2
chardet==3.0.4
cliff==2.18.0
cmd2==0.9.16
colorama==0.4.1
configobj==5.0.6
contextlib2==0.5.5
croniter==0.3.27
cryptography==2.8
cssselect==0.9.2
cycler==0.10.0
dbus-python==1.2.4
debtcollector==1.22.0
decorator==4.4.0
dib-utils==0.0.11
diskimage-builder==2.33.1.dev18
dnspython==1.15.0
docutils==0.14
dogpile.cache==0.9.0
entrypoints==0.3
eventlet==0.25.1
fasteners==0.14.1
flake8==3.7.7
fluidity-sm==0.2.0
funcsigs==1.0.2
futurist==1.10.0
gevent==1.2.2
gitdb2==2.0.3
GitPython==3.0.2
gpg==1.10.0
greenlet==0.4.13
heat-cfntools==1.4.2
html5lib==0.999999999
idna==2.5
importlib-metadata==0.23
invoke==1.4.0
ironic-python-agent-builder==1.1.1.dev44
iso8601==0.1.11
jeepney==0.4.1
Jinja2==2.10.1
jmespath==0.9.0
jsonpatch==1.21
jsonpointer==1.10
jsonschema==2.6.0
keyring==21.0.0
keystoneauth1==3.18.0
keystonemiddleware==8.0.0
kiwisolver==1.1.0
kombu==4.6.6
lexicon==1.0.0
lockfile==0.11.0
logutils==0.3.5
lxml==4.2.3
Mako==1.0.6.dev0
MarkupSafe==0.23
matplotlib==3.1.1
mccabe==0.6.1
metalsmith==0.16.0
mistral-lib==1.4.0
mock==3.0.5
monotonic==1.5
msgpack==0.6.2
munch==2.3.2
netaddr==0.7.19
netifaces==0.10.6
networkx==2.3
neutron-lib==1.31.0
numexpr==2.7.1
numpy==1.14.3
openstack-heat==13.1.0.dev143
openstacksdk==0.40.0
os-apply-config==11.0.1.dev1
os-client-config==1.34.0.dev6
os-collect-config==11.0.0
os-ken==0.4.1
os-net-config==12.1.1.dev1
os-refresh-config==10.4.1.dev1
os-service-types==1.7.0
os-traits==2.2.0
osc-lib==2.0.0
oslo.cache==1.38.1
oslo.concurrency==3.31.0
oslo.config==6.12.0
oslo.context==2.23.0
oslo.db==6.0.0
oslo.i18n==3.25.1
oslo.log==3.45.2
oslo.messaging==10.5.0
oslo.middleware==3.38.1
oslo.policy==2.4.1
oslo.reports==1.31.1
oslo.rootwrap==5.17.1
oslo.serialization==2.29.2
oslo.service==1.41.1
oslo.upgradecheck==0.3.2
oslo.utils==3.42.1
oslo.versionedobjects==1.37.0
osprofiler==2.9.0
ovs==2.12.0
pandas==0.25.3
paramiko==2.7.1
passlib==1.7.1
Paste==3.2.4
PasteDeploy==2.0.1
paunch==6.0.2.dev2
pbr==5.4.3
pciutils==2.3.6
pecan==1.3.2
perf==0.1
pexpect==4.7.0
Pillow==5.1.1
ply==3.9
prettytable==0.7.2
psutil==5.6.3
ptyprocess==0.5.2
pyasn1==0.4.6
pycadf==2.10.0
pycairo==1.16.3
pycodestyle==2.5.0
pycparser==2.14
pydot==1.4.1
pyflakes==2.1.1
pygobject==3.28.3
pygraphviz==1.5
pyinotify==0.9.6
PyMySQL==0.8.0
PyNaCl==1.3.0
pyngus==2.3.0
pyOpenSSL==18.0.0
pyparsing==2.4.6
pyperclip==1.6.4
PySocks==1.6.8
pystache==0.5.4
python-barbicanclient==4.9.0
python-cinderclient==5.0.0
python-daemon==2.2.3
python-dateutil==2.6.1
python-designateclient==3.0.0
python-dmidecode==3.12.2
python-editor==1.0.4
python-glanceclient==2.17.0
python-heatclient==1.18.0
python-ironic-inspector-client==3.7.0
python-ironicclient==3.1.1
python-keystoneclient==3.22.0
python-linux-procfs==0.6
python-magnumclient==2.16.0
python-manilaclient==1.29.0
python-memcached==1.58
python-mistralclient==3.10.0
python-monascaclient==1.16.0
python-neutronclient==6.14.0
python-novaclient==16.0.0
python-octaviaclient==2.0.0
python-openstackclient==4.0.0
python-qpid-proton==0.30.0
python-saharaclient==2.3.0
python-swiftclient==3.8.1
python-tripleoclient==13.1.1.dev59
python-troveclient==3.2.0
python-zaqarclient==1.12.0
pytz==2017.2
pyudev==0.21.0
PyYAML==5.3
pyzmq==18.1.0
repoze.lru==0.7
requests==2.22.0
requestsexceptions==1.4.0
rfc3986==1.2.0
rhnlib==2.8.6
Routes==2.4.1
rpm==4.14.2
rsa==3.4.2
schedutils==0.6
scipy==1.0.0
SecretStorage==3.1.1
selinux==2.9
sepolicy==1.1
setools==4.2.2
setproctitle==1.1.10
shade==1.32.0
simplegeneric==0.8.1
simplejson==3.17.0
singledispatch==3.4.0.3
six==1.14.0
slip==0.6.4
slip.dbus==0.6.4
smmap2==2.0.3
sos==3.7
soupsieve==1.9.2
SQLAlchemy==1.3.2
sqlalchemy-migrate==0.13.0
sqlparse==0.2.4
statsd==3.2.1
stevedore==1.31.0
syspurpose==1.25.17
tables==3.5.2
Tempita==0.5.1
tenacity==5.1.1
tinyrpc==1.0.3
tripleo-ansible==1.2.1
tripleo-common==12.1.1.dev38
tripleo-heat-templates==12.1.1.dev94
tripleo-image-elements==11.0.2.dev1
tripleo-ipsec==9.2.1
tripleo-puppet-elements==12.1.1.dev1
tripleo-repos==0.0.1.dev96
tripleo-validations==12.1.1.dev4
urllib3==1.25.7
vine==1.3.0
waitress==1.4.2
warlock==1.3.3
wcwidth==0.1.7
webencodings==0.5.1
WebOb==1.8.5
websocket-client==0.56.0
WebTest==2.0.33
Werkzeug==0.16.0
wrapt==1.11.2
yappi==1.0
yaql==1.1.3
zipp==0.5.1

This is the stripped down version of the issue. This also happens if you just import keyring which makes it even harder to track down.

How to use this to read/write passwords?

This is a high level question and hope to hear wisdom from Dmitry or community.

Background: My use case is to read/write password on Linux. And I have been able to successfully read/write password, using libsecret, with the help of PyGObject, following this set of examples there. It works but the installation of PyGObject has dependency on graphic library pycairo which I would like to avoid, if at all possible.

SecretStorage has cleaner dependency, however my first attempt failed because DBUS_SESSION_BUS_ADDRESS was not defined. After my tentatively defining it to match a dbus socket in my Debian desktop, DBUS_SESSION_BUS_ADDRESS=unix:abstract=/var/run/dbus/system_bus_socket (but I omit the guid suffix because I don't know where to find it), it raises another exception:

Traceback (most recent call last):
  File "/home/demo/Live-usb-storage/env37/lib/python3.7/site-packages/secretstorage/__init__.py", line 69, in dbus_init
    connection = connect_and_authenticate()
  File "/home/demo/Live-usb-storage/env37/lib/python3.7/site-packages/jeepney/integrate/blocking.py", line 115, in connect_and_authenticate
    sock.connect(bus_addr)
ConnectionRefusedError: [Errno 111] Connection refused

Before I dig deeper, I would appreciate some high level guidance here.

Is SecureStorage the right choice for my background/goal described above? I'm attempting to use SecureStorage as an alternative to my already-successful PyGObject-based experiment, but then I happen to also notice this old issue saying SecureStorage could still depend on PyGObject?
In general, what is the recommended approach with minimal dependency, for a Python script running on Linux to read/write password (stored in/via libsecret?)? In a conversation here, @mitya57 hinted another Keyring project could be an alternative "If you need some simple API to store passwords in a command-line application, I think you should use something like python-keyring instead", but that keyring project seems actually uses SecureStorage as (one of) its own dependency.

In other words, what solution would give a reasonably-well password encryption on Linux, and with minimal dependency?

Collection.unlock() blocks indefinitely

Environment

operating system: Debian
Python version: 3.9
SecretStorage==3.3.1

Issue

I am trying to get my keyring configuration via this command: keyring get https://upload.pypi.org/legacy/ <my-username>.

However, this command blocks indefinitely. Terminating the command returns this traceback:

^CTraceback (most recent call last):
  File "/usr/local/home/karanshukla/.local/bin/keyring", line 8, in <module>
    sys.exit(main())
  File "/usr/local/home/karanshukla/.local/lib/python3.9/site-packages/keyring/cli.py", line 135, in main
    return cli.run(argv)
  File "/usr/local/home/karanshukla/.local/lib/python3.9/site-packages/keyring/cli.py", line 68, in run
    return method()
  File "/usr/local/home/karanshukla/.local/lib/python3.9/site-packages/keyring/cli.py", line 76, in do_get
    password = get_password(self.service, self.username)
  File "/usr/local/home/karanshukla/.local/lib/python3.9/site-packages/keyring/core.py", line 55, in get_password
    return get_keyring().get_password(service_name, username)
  File "/usr/local/home/karanshukla/.local/lib/python3.9/site-packages/keyring/backends/SecretService.py", line 78, in get_password
    collection = self.get_preferred_collection()
  File "/usr/local/home/karanshukla/.local/lib/python3.9/site-packages/keyring/backends/SecretService.py", line 65, in get_preferred_collection
    collection.unlock()
  File "/usr/local/home/karanshukla/.local/lib/python3.9/site-packages/secretstorage/collection.py", line 67, in unlock
    return unlock_objects(self.connection, [self.collection_path])
  File "/usr/local/home/karanshukla/.local/lib/python3.9/site-packages/secretstorage/util.py", line 153, in unlock_objects
    dismissed, (signature, unlocked) = exec_prompt(connection, prompt)
  File "/usr/local/home/karanshukla/.local/lib/python3.9/site-packages/secretstorage/util.py", line 139, in exec_prompt
    dismissed, result = connection.recv_until_filtered(signals).body
  File "/usr/local/home/karanshukla/.local/lib/python3.9/site-packages/jeepney/io/blocking.py", line 181, in recv_until_filtered
    self.recv_messages(timeout=deadline_to_timeout(deadline))
  File "/usr/local/home/karanshukla/.local/lib/python3.9/site-packages/jeepney/io/blocking.py", line 116, in recv_messages
    msg = self.receive(timeout=timeout)
  File "/usr/local/home/karanshukla/.local/lib/python3.9/site-packages/jeepney/io/blocking.py", line 101, in receive
    b = self._read_some_data(timeout=deadline_to_timeout(deadline))
  File "/usr/local/home/karanshukla/.local/lib/python3.9/site-packages/jeepney/io/blocking.py", line 105, in _read_some_data
    for key, ev in self.selector.select(timeout):
  File "/usr/lib/python3.9/selectors.py", line 469, in select
    fd_event_list = self._selector.poll(timeout, max_ev)
KeyboardInterrupt

It seems Collection.unlock() is blocking indefinitely. What is causing this, and how can this be fixed?

re-release on pypi while building using fresh setuptools

apparently (according to experts, see below) having python_requires='>=3.5', was not sufficient "by itself" to produce a pypi release so that previous versions would be automagically installed when using python2. Without it having current release python 3 only breaks any other module which might depend on secretstorage somewhere down the chain

here is a cut/paste from the #pypa IRC

21:22   yoh: Question about pip:  Shouldn't presence of python_requires='>=3.5',
21:22   yoh: force installation of previous version (which still supports python 2) if pip is ran within 
             python2 virtualenv?
21:23  <-- Sasazuka [~Sasazuka@unaffiliated/sasazuka] has quit (Quit: My MacBook has gone to sleep. ZZZzzz…)
21:24   yoh: secretstorage module seems has done everything "by the book" (has aforementioned python_requires, 
             also python 3 only classifiers...  but  pip install -r requirements.txt started to fail for us on 
             travis while building using python2
21:37   toad_polo: yoh: I suspect they built their release with an old version of setuptools
21:37   toad_polo: See this: https://pypi.org/project/python-dateutil/
21:38   toad_polo: There's a "requires" line under the "maintainer" line.
21:38   toad_polo: No such line here: https://pypi.org/project/SecretStorage/
----------------------------------------------------------------------------------------------------------------
21:56   njs: yoh: make sure you're using a recent version of pip
21:58   njs: also
22:14  * yoh asks for a pardon for staying silent -- bus went into the woods
22:14   yoh: njs: our pip is the most recent ;) 
22:16   yoh: so, if I got it right, the verdict is that I should ask secretstorage folks to release a new minor 
             version which would just be a rebuild using some recent setuptools
22:16   yoh: toad_polo: ^, thanks ;)