fix(linux): detect Secret Service via D-Bus to prevent basic_text fallback#1908
fix(linux): detect Secret Service via D-Bus to prevent basic_text fallback#1908krit22 wants to merge 2 commits intogeneralaction:mainfrom
Conversation
Greptile SummaryThis PR fixes startup failures on Linux desktops with modern compositors (Hyprland, sway, i3, etc.) by probing
Confidence Score: 4/5The fix is logically sound but two robustness concerns from prior review threads remain unaddressed in the current code. The D-Bus probe and conditional flag injection are correctly placed before app.isReady(), and the try/catch makes detection fail-safe. What holds the score back is that execFileSync is called without a timeout — a sluggish D-Bus daemon could hang the Electron main process indefinitely at startup — and XDG_CURRENT_DESKTOP values like 'Plasma' (KDE without the 'kde' token) still bypass the KDE guard and would inject gnome-libsecret into a KWallet session. src/main/index.ts — the secretServiceAvailable() function and the surrounding Linux conditional block
|
| Filename | Overview |
|---|---|
| src/main/index.ts | Adds synchronous D-Bus probe at module load to detect Secret Service and conditionally append --password-store=gnome-libsecret; KDE and user-override guards are present but the Plasma-without-KDE edge case remains an open concern from prior review threads. |
Sequence Diagram
sequenceDiagram
participant M as Main Process (index.ts)
participant D as dbus-send
participant DB as D-Bus Session Bus
participant C as Chromium (app.commandLine)
M->>M: module load (platform === linux)
M->>D: execFileSync dbus-send NameHasOwner org.freedesktop.secrets
D->>DB: org.freedesktop.DBus.NameHasOwner
DB-->>D: boolean true or false
D-->>M: stdout true or false
alt Secret Service found AND not KDE AND no user override
M->>C: appendSwitch password-store gnome-libsecret
else No Secret Service or KDE or user override
M->>M: skip default backend
end
M->>M: registerAppScheme app lifecycle continues
Prompt To Fix All With AI
Fix the following 1 code review issue. Work through them one at a time, proposing concise fixes.
---
### Issue 1 of 1
src/main/index.ts:47
Using `.includes('true')` is a substring match — technically, any output containing the word "true" (e.g. a hypothetical diagnostic message) would be a false positive. After `.trim()`, `dbus-send --print-reply=literal` outputs exactly `"true"` or `"false"` for this boolean method, so a strict equality check is both more correct and self-documenting.
```suggestion
return output === 'true';
```
Reviews (2): Last reviewed commit: "Merge branch 'main' into fix/linux-safe-..." | Re-trigger Greptile
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
1 participant
Fixes #1875.
Summary
Chromium picks its keyring backend by inspecting
XDG_CURRENT_DESKTOP. It only recognises a hardcoded set of values (GNOME,XFCE,unity, etc.), so modern compositors like Hyprland, sway, i3, and dwm cause it to silently fall back tobasic_text— even whengnome-keyringis fully operational on the session bus. Emdash'sassertSecureStorageAvailablethen correctly rejectsbasic_text, making the app unusable.This fix probes
org.freedesktop.secretson the session bus viadbus-sendbefore Chromium initialises. If the Secret Service is present, it appends--password-store=gnome-libsecretto Chromium's command line — the upstream-supported way to guide backend selection.Three guards prevent over-reaching:
XDG_CURRENT_DESKTOPcontainskde(Chromium handles KWallet natively)--password-store=manuallyTest plan
Reproduced on Kali Linux (XFCE) with
XDG_CURRENT_DESKTOP=Hyprland:Before — sign-in throws immediately:
After — sign-in completes, token persists across restarts.