Desktop client does not start without secret storage

[Ahmed-E-86]

Describe the bug
Tutanot desktop client stopped working after the last update. I tried both AppImage, and the one on Flathub.

[2 zypak-helper] Portal v4 is not available
the monkey has been patched
version:   3.82.17
(node:2) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
[2021-04-10T01:32:01.157Z] alarm storage failed to initialize: [Error: The name org.freedesktop.secrets was not provided by any .service files]
[2021-04-10T01:32:01.161Z] Could not load config [Error: The name org.freedesktop.secrets was not provided by any .service files]
libGL error: MESA-LOADER: failed to retrieve device information
[10 zypak-sandbox] Dropping 0xf22250 (3) because of connection closed
[10 zypak-sandbox] Host is gone, preparing to exit...
[10 zypak-sandbox] Quitting Zygote...
libGL error: Version 4 or later of flush extension not found
libGL error: failed to load driver: i915

Desktop (please complete the following information):

• OS: KDE neon User Edition 5.21.4 (Ubuntu 20.04)
• Desktop Environment, if applicable (on Linux): KDE Plasma DE 5.21.4
• Version: 3.82.17

[aliencoder-ni]

desktop Client not loading as well, with a bit different error:
the monkey has been patched
version: 3.82.17
(node:4438) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.

(tutanota-desktop:4438): Gtk-WARNING **: 10:19:38.330: Theme parsing error: gtk.css:73:46: The style property GtkScrolledWindow:scrollbars-within-bevel is deprecated and shouldn't be used anymore. It will be removed in a future version
[2021-04-10T08:19:38.455Z] alarm storage failed to initialize: [Error: The name org.freedesktop.secrets was not provided by any .service files]
[2021-04-10T08:19:38.457Z] Could not load config [Error: The name org.freedesktop.secrets was not provided by any .service files]

Operating System: Manjaro Linux
KDE Plasma Version: 5.21.3
KDE Frameworks Version: 5.80.0
Qt Version: 5.15.2
Kernel Version: 5.11.10-1-MANJARO
OS Type: 64-bit
Graphics Platform: X11
Processors: 4 × AMD Ryzen 3 3200G with Radeon Vega Graphics
Memory: 13,7 GiB of RAM
Graphics Processor: AMD Radeon™ Vega 8 Graphics

[Ahmed-E-86]

I guess the common thing that both of us use KDE desktop environment. The desktop client is completely broken right now. I guess this bug deserves to be a high priority.

[jowlo]

@aliencoder-ni It looks like the bug you are seeing is a different from the one in this issue and a duplicate of #2928. Please track the progress over there to keep things organized here.

[jowlo]

The error libGL error: failed to load driver: i915 suggests that your graphics driver cannot be loaded.
Did you do a system update including Tutanota and your graphic drivers without a reboot afterwards?

Nevermind, sometimes it doesn't help to read error messages from the bottom up...

[charlag]

We depend on keytar and it in turn depends on libsecret. It didn't change now, we required it or push notiffictaions over a year. Now we need it to encrypt/decrypt data on your disk.

We could build in some fallback solution but I would like to understand how do other apps work without secret storage.

[jowlo]

So, this appears to be an open issue on node-keytar atom/node-keytar#74 and there is a recent PR on the KWallet repo to finally integrate libsecret support. It does not really look like it will be merged anytime soon though.

I guess we could get some pointers for how other apps are handling this from the issue on the keytar repo and everybody else who references that

[antanicus]

KDE Neon is affected as well, please get this sorted ASAP

[PrivacyDragon]

I have the same problem on OpenSuse Leap 15.1 with KDE.

the monkey has been patched
** Message: Remote error from secret service: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.secrets was not provided by any .service files
version:   3.82.17
(node:7288) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
** Message: Remote error from secret service: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.secrets was not provided by any .service files
[2021-04-12T15:57:04.305Z] alarm storage failed to initialize: [Error: The name org.freedesktop.secrets was not provided by any .service files]
[2021-04-12T15:57:04.307Z] Could not load config [Error: The name org.freedesktop.secrets was not provided by any .service files]

[matthk0309]

The same with me, Debian 9 with KDE-Plasma 5.8.6, KDE-Framework 5.28.0. After the last update the desktop client does not start anymore.

Fontconfig warning: "/etc/fonts/fonts.conf", line 100: unknown element "blank"
the monkey has been patched
** Message: Remote error from secret service: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.secrets was not provided by any .service files
version:   3.82.17
(node:7083) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
** Message: Remote error from secret service: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.secrets was not provided by any .service files

(tutanota-desktop:7083): Gtk-WARNING **: Theme parsing error: gtk.css:68:35: The style property GtkButton:child-displacement-x is deprecated and shouldn't be used anymore. It will be removed in a future version

(tutanota-desktop:7083): Gtk-WARNING **: Theme parsing error: gtk.css:69:35: The style property GtkButton:child-displacement-y is deprecated and shouldn't be used anymore. It will be removed in a future version

(tutanota-desktop:7083): Gtk-WARNING **: Theme parsing error: gtk.css:73:46: The style property GtkScrolledWindow:scrollbars-within-bevel is deprecated and shouldn't be used anymore. It will be removed in a future version
[2021-04-12T16:43:43.420Z] alarm storage failed to initialize: [Error: The name org.freedesktop.secrets was not provided by any .service files]
[2021-04-12T16:43:43.421Z] Could not load config [Error: The name org.freedesktop.secrets was not provided by any .service files]

[charlag]

So a bit of clarification:

• we didn't change dependency now. If you see this now it means that the client didn't work for you before (or at least notifications didn't)
• we need secret storage. Both things from KDE are unfinished so you need to either use gnome-keyring or KeePassXC (see It still requires gnome-keyring even on KDE atom/node-keytar#74 (comment)
• we will document it better before going out of beta but it's unlikely that we will allow running without secret storage. We will depend on it only more in the future.

[jowlo]

To make this clear, to solve this you should install gnome-keyring via your package manager. It should be available on pretty much all distributions. gnome-keyring despite its name is standalone and should not interfere with your KDE desktop.

[Donearm]

Before installing gnome-keyring I had the same error as @PrivacyDragon . After installing it I get now:

the monkey has been patched
version:   3.82.17
(node:255085) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
device key not found, generating a new one
device key not found, generating a new one
[2021-04-13T08:01:11.137Z] alarm storage failed to initialize: [Error: No such interface “org.freedesktop.Secret.Collection” on object at path /org/freedesktop/secrets/collection/login]
[2021-04-13T08:01:11.140Z] Could not load config [Error: No such interface “org.freedesktop.Secret.Collection” on object at path /org/freedesktop/secrets/collection/login]

The two lines device key not found were never present before and are now appearing every time I attempt to run the client. I will try building it from sources, as I am now using the binary package, but I doubt it will make any difference (edit: indeed it didn't).

If it can help, I am neither running Gnome nor KDE but i3

[jowlo]

@Donearm it seems that yours is a different issue again. While before the app could not access any secret storage, now it cannot find the login keyring (if i understand correctly).
While gnome-keyring is standalone, you need some additional setup if you dont use it in combination with one of the "usual" desktop environments (that automatically create and open your login keyring). Please have a look at this guide on the ArchLinux wiki and see if that could help you setting up the login keyring.

I would like to hear from the others experiencing this issue that are on KDE to see if installing gnome-keyring fixes the issue for them.

[Donearm]

@jowlo that's the guide I followed, as I am using ArchLinux. gnome-keyring is running at start through xinitrc and the SSH_AUTH_SOCK variable is present but I still get the same error messages I've posted earlier.

One thing is not clear to me though: gnome-keyring ran through xinitrc doesn't export the SSH_AUTH_SOCK variable, while manually running ssh-agent does. Is it possible to use just ssh-agent instead of gnome-keyring or the latter offers functionalities that the tutanota client needs? If so, I will need to investigate how to run it properly.

edit: I've tweaked xinitrc to make gnome-ring export the SSH_AUTH_SOCK at boot but tutanota client continues to fail with the same error messages. Only gnome-ring is running as a ssh agent and keyring, no other similar software is even installed.

[charlag]

I'm not sure how SSH_AUTH_SOCK realtes to Tutanota. We need a keychain to store things in.

[jowlo]

@Donearm So the keyring functionality that we need for keytar (ie libsecret support) is something different than providing an SSH agent. gnome-keyring provides both and it sounds like you set up the SSH part correctly.

You could try installing seahorse and checking whether you have a keychain there and whether it is unlocked. If you do not have one, try creating a new one.

[Donearm]

@jowlo thanks, seahorse fixed that. I had to create a keychain with seahorse and the directory to host it (should be ~/.local/share/keyrings). Apparently Gnome does it all for you but when not using a DE you have to set it up yourself.

[matthk0309]

Installation of gnome-keyring solved the problem for me. I only installed gnome-keyring and had to set up the password store again. After that Tutanota desktop started.

[jowlo]

As this is a OS dependency we cannot really do much about it (apart from making our dependency on gnome-keyring more explicit).
Hopefully KDE will implement/merge libsecret support some time in the future to at least fix the issue for KWallet users.

Closing as out of scope. Feel free to reopen if you see a way we could handle this on our side (without compromising secure storage).

[Ahmed-E-86]

After installing gnome-keyring, I get this error message everytime I open Tutanota

[2 zypak-helper] Portal v4 is not available
the monkey has been patched
version:   3.82.17
(node:2) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
config up to date
creating alarm notification!
alarm storage initialized
libGL error: MESA-LOADER: failed to retrieve device information
libGL error: Version 4 or later of flush extension not found
libGL error: failed to load driver: i915
libGL error: failed to open /dev/dri/card0: No such file or directory
libGL error: failed to load driver: i965
[2021-04-13T14:01:57.352Z] failed to schedule alarm! TypeError: Cannot read property 'getUTCHours' of undefined
    at Object.hc (/app/lib/tutanota/resources/app.asar/desktop/DesktopMain.js:13:90376)
    at Object._scheduleAlarms (/app/lib/tutanota/resources/app.asar/desktop/DesktopMain.js:13:226957)
    at /app/lib/tutanota/resources/app.asar/desktop/DesktopMain.js:13:225824
    at async Object.rescheduleAll (/app/lib/tutanota/resources/app.asar/desktop/DesktopMain.js:13:228064)
startFile:  file:///app/lib/tutanota/resources/app.asar/index-desktop.html
default mailto handler: false
[2021-04-13T14:01:57.464Z] unexpected error: ee [CryptoError]: invalid mac
    at /app/lib/tutanota/resources/app.asar/desktop/DesktopMain.js:1:414970
    at Object.aes256Decrypt (/app/lib/tutanota/resources/app.asar/desktop/DesktopMain.js:1:415310)
    at Object.aesDecryptObject (/app/lib/tutanota/resources/app.asar/desktop/DesktopMain.js:13:200504)
    at Object._getEncryptedVar (/app/lib/tutanota/resources/app.asar/desktop/DesktopMain.js:13:203890)
    at async Object.start (/app/lib/tutanota/resources/app.asar/desktop/DesktopMain.js:13:228671)
Webapp ready
no update info on disk, disabling updater.
desktop file exists, checking version...
(node:2) electron: The default of contextIsolation is deprecated and will be changing from false to true in a future release of Electron.  See https://github.com/electron/electron/issues/23506 for more information

[charlag]

key in your keychain does not match your config, it cannot be decrypt it

[Ahmed-E-86]

key in your keychain does not match your config, it cannot be decrypt it

I am sorry! How can I fix that?

[charlag]

Delete your config, most likely at .config/tutanota-desktop/conf.json

[Ahmed-E-86]

Delete your config, most likely at .config/tutanota-desktop/conf.json

That works for Appimage of Tutanota. I do not know where the Flatpak version stores its config files.

[charlag]

Check this comment to find it out for sure:
flatpak/flatpak#1214 (comment)

[bedhub]

This error is reported often and we need to show a better error message in this case:

Client: linux
Type: PREMIUM
Tutanota version: 3.82.17
Timestamp (UTC): Mon, 12 Apr 2021 10:02:46 GMT
User agent:
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) tutanota-desktop/3.82.17 Chrome/87.0.4280.141 Electron/11.3.0 Safari/537.36
Error
Error message: The name org.freedesktop.secrets was not provided by any .service files
Stacktrace:
Error: The name org.freedesktop.secrets was not provided by any .service files

[charlag]

Test notes

• Set up a user/VM without keychain/secret storage. See that the special error dialog is shown but no error report is engaged.

[johnbotris]

The link in the dialog is not clickable, maybe needs a https://, and also the faq entry doesn't exist

[charlag]

This dialog does not support links, we tried that. We passed FAQ info to Hanna, I will ask her

[jowlo]

Yes, sadly, it is not supposed to be clickable, that would be much more effort and since this is a quite uncommon error case @ivk and i settled on just giving the quite short link to the FAQ that should exist soon.

[callmenoodles]

Deleting .config/tutanota-desktop and reinstalling the AUR version (tutanota-desktop-bin) worked for me.