chezmoi hangs if keepassxc exits with errors in open mode

[MorphBonehunter]

Describe the bug

First and foremost...sorry to annoy you again with another keepass issue.

During testing for issue #3482 i had an typo in my Keepass password.
While in non open mode chezmoi give me an error about this like

chezmoi: template: private_dot_ssh/id_ed25519_underverse.pub.tmpl:2:4: executing "private_dot_ssh/id_ed25519_underverse.pub.tmpl" at <keepassxcAttribute "SSH / GPG/Underverse - ed25519" "public-key">: error calling keepassxcAttribute: /usr/sbin/keepassxc-cli show /mnt/c/Users/daniel/Nextcloud/KeePassXC_dwe/Vault.kdbx 'SSH / GPG/Underverse - ed25519' --attributes public-key --quiet --show-protected: exit status 1

in open mode chezmoi hangs after entering the wrong password.
The process list shows an defunct keepassxc-cli process:

daniel     29719   26588  1 19:31 pts/2    00:00:00 chezmoi apply .ssh/id_ed25519_underverse.pub
daniel     29732   29719  6 19:31 pts/2    00:00:00 [keepassxc-cli] <defunct>

This behavior could also seen if the database specified in the config doesn't exist.
Chezmoi doctor detects that this file does not exist

RESULT    CHECK                       MESSAGE
...
info      keepassxc-db                /mnt/c/Users/daniel/Nextcloud/KeePassXC_dwe/Vault.kdbxl does not exist
...

also doesn't prompt for a password (that's different from the non open mode which still ask for a password) but calls then keepassxc-cli which errored and hangs.

To reproduce

Configure an non exiting database in chezmoi config, generate a template with an keepass function and try to apply this.

Expected behavior

chezmoi exits with an error.

Output of command with the --verbose flag

There ist no output after entering the password (in case of wong password), no output at all with not existing database.

Output of chezmoi doctor

$ chezmoi doctor
RESULT    CHECK                       MESSAGE
warning   version                     v2.45.0, built at 2024-01-13T20:55:45Z
ok        latest-version              v2.45.0
ok        os-arch                     linux/amd64 (Arch Linux)
ok        uname                       Linux cassandra 5.15.133.1-microsoft-standard-WSL2 #1 SMP Thu Oct 5 21:02:42 UTC 2023 x86_64 GNU/Linux
ok        go-version                  go1.21.6 (gc)
ok        executable                  /usr/bin/chezmoi
ok        config-file                 ~/.config/chezmoi/chezmoi.yaml, last modified 2024-01-16T19:44:11+01:00
warning   source-dir                  ~/.local/share/chezmoi is a git working tree (dirty)
ok        suspicious-entries          no suspicious entries
warning   working-tree                ~/.local/share/chezmoi is a git working tree (dirty)
ok        dest-dir                    ~ is a directory
ok        umask                       022
ok        cd-command                  found /bin/bash
ok        cd-args                     /bin/bash
info      diff-command                not set
ok        edit-command                found /usr/bin/vim
ok        edit-args                   /usr/bin/vim
ok        git-command                 found /usr/sbin/git, version 2.43.0
ok        merge-command               found /usr/sbin/vimdiff
ok        shell-command               found /bin/bash
ok        shell-args                  /bin/bash
info      age-command                 age not found in $PATH
ok        gpg-command                 found /usr/sbin/gpg, version 2.4.3
info      pinentry-command            not set
info      1password-command           op not found in $PATH
info      bitwarden-command           bw not found in $PATH
info      bitwarden-secrets-command   bws not found in $PATH
info      dashlane-command            dcli not found in $PATH
info      doppler-command             doppler not found in $PATH
info      gopass-command              gopass not found in $PATH
ok        keepassxc-command           found /usr/sbin/keepassxc-cli, version 2.7.6
info      keepassxc-db                /mnt/c/Users/daniel/Nextcloud/KeePassXC_dwe/Vault.kdbxl does not exist
info      keeper-command              keeper not found in $PATH
info      lastpass-command            lpass not found in $PATH
info      pass-command                pass not found in $PATH
info      passhole-command            ph not found in $PATH
info      rbw-command                 rbw not found in $PATH
ok        vault-command               found /usr/sbin/vault, version 1.15.4
info      vlt-command                 vlt not found in $PATH
info      secret-command              not set

[halostatue]

@MorphBonehunter Don't apologize. You’re providing excellent bug reports on a very subtle chain of interactions.

[twpayne]

+1 thank you @MorphBonehunter for your work here. Every problem that you report now is one less problem that thousands of chezmoi users will not encounter in the future. If you, as a highly-technical user, didn't report these problems early then we would be swamped with support requests from the wider user base later and would probably burn out. By reporting problems early, you are actually saving us :)

On this specific issue, it's very clearly a bug in chezmoi's current implementation. Specifically, chezmoi's interaction with keepassxc-cli currently assumes that the keepassxc.database exists. Of course, this is not a correct assumption, and there are a bunch of other problems that also might occur (e.g. the user does not enter the correct database password on their first try, an important process is killed, etc. etc.). All of these lead to keepassxc-cli not giving the prompt that chezmoi currently expects.

I suspect that the robust solution to this is to add a timeout to chezmoi's interaction with keepassxc-cli open.

[MorphBonehunter]

My cautious attitude comes from bad experiences with other projects, where it was obviously a burden when new issues/requests were opened. So I'm always a bit cautious with new projects... 😄