You are not logged in.

Pages: 1

#1 2024-01-13 11:56:22

argonfox
Member
Registered: 2024-01-13
Posts: 2

secret-tool: The name is not activatable

Hi! I'm very new to Arch, so I apologize for my lack of understanding.

I'm trying to use secret-tool to store some of my credentials. However, when running the following commands:

secret-tool store --label='My password' key1 value1 key2 value2
Password: hunter2

The only output I'm getting is 

secret-tool: The name is not activatable

. If I run the command as root (which I don't think I'm supposed to do), I get the following error: 

secret-tool: Error spawning command line “dbus-launch --autolaunch=4479988cd3304bcf8c187562c7efc154 --binary-syntax --close-stderr”: Child process exited with code 1

I haven't really found a web resource on this exact combination, but there's quite a bit of noise out there regarding the "name not activatable" error, which seems to be coming from the bus directly?

The same problem pops up in 1Password when trying to store my 2FA token:

WARN  2024-01-13T11:58:32.433 tokio-runtime-worker(ThreadId(11)) [1P:op-b5-client/src/internal/unauthorized_session.rs:1067] Error retrieving an account's 2FA token: SystemKeyringError(LinuxError(DBus(MethodError(OwnedErrorName(ErrorName(Str(Owned("org.freedesktop.DBus.Error.ServiceUnknown")))), Some([b]"The name is not activatable"[/b]), Msg { type: Error, sender: UniqueName(Str(Borrowed("org.freedesktop.DBus"))), reply-serial: 2, body: Signature("s") })))). Falling back to a prompt.

Checking under /usr/share/dbus-1/services/, I can see that there's no org.freedesktop.Secrets.* files at all. I'm not entirely sure how to get them.

I have 

polkit

installed for authentication and I haven't observed any issues with it.

I'm a bit stuck at this point, and not sure where to keep looking. If someone has an idea, I'd grateful for any help smile

Last edited by argonfox (2024-01-13 12:06:23)

Offline

#2 2024-04-29 17:40:05

silverqx
Member
Registered: 2024-04-29
Posts: 3

Re: secret-tool: The name is not activatable

I ran into the same problem now. I have installed Arch as the server (w/o DM, console only) and as the root user (no other user on this system).

I'm using gh (Github CLI) on this server and gh auth login needs to store credentials in the secure keyring, if the keyring isn't accessible then it stores them in plaintext.
It prints something like: 'Authentication credentials saved in plain text'. (during gh auth login)

So I started investigating this, created an issue at GH Cli, and found out that it needs the Gnome Keyring to work correctly.

On Arch is installed libsecret that should provide Secret Service API which should be exactly what is needed to make this work as is described at Arch wiki GNOME Keyring.

So I tried something like:

secret-tool store --label='test1' a1 v1

To test this Secret Service API if it works and I get exactly the same message or error as you described above:

secret-tool: The name is not activatable

I suppose that this Secret Service API doesn't work correctly, would be nice if anybody would know where the problem is. Currently, I'm lost.

Now I tried the same on the Ubuntu server and there it doesn't work as well, but the difference is that on Ubuntu server gh auth login can somehow access this secret keyring store and doesn't save passwords in plaintext.

Did you find out why it doesn't work?

Offline

#3 2024-04-29 20:20:23

argonfox
Member
Registered: 2024-01-13
Posts: 2

Re: secret-tool: The name is not activatable

Unfortunately, I haven't had the time to look further into this, and I've been away from that machine for a few weeks now. I'm glad I'm not the only one though. Hoping to get back to my Arch setup in a few weeks and likely to keep exploring then, as it's currently a major productivity blocker for me.

Offline

#4 2024-04-29 21:01:07

silverqx
Member
Registered: 2024-04-29
Posts: 3

Re: secret-tool: The name is not activatable

Ok, maybe one day we figure it out ?

Offline

#5 2024-04-29 21:49:37

silverqx
Member
Registered: 2024-04-29
Posts: 3

Re: secret-tool: The name is not activatable

Now I have found that on Ubuntu pam configuration contains:

# Create a new session keyring.
session    optional   pam_keyinit.so force revoke

Arch doesn't contain or doesn't use this pam_keyinit module, I think this can be a reason why on Ubuntu gh auth login can use keyring and on Arch can't.

From man 8 pam_keyinit:

pam_keyinit - Kernel session keyring initialiser module

The pam_keyinit PAM module ensures that the invoking process has a session keyring other than the user default session keyring.

What means it's the Kernel keyring that is attached to every process or thread. I don't know if libsecret can use this Kernel keyring if Gnome keyring isn't available but it looks like it can be it. I didn't find any other systemd units or anything else that can provide keyring, only this pam_keyinit module. But I only spent a few minutes on it, took me much longer to write this reply. smile

I tried to enable pam_keyinit on Arch and it didn't help, secret-tool store --label='test1' a1 v1 still prints the same error. I'm confused. big_smile It could still have something to do with the dbus.

Last edited by silverqx (2024-04-29 21:55:45)

Offline

Pages: 1

Board footer

Powered by FluxBB