gnome-keyring required to stay logged in

[AeliusSaionji]

Would it be possible to supply gnome-keyring as part of this package? Skype will not stay logged in without it.

[TingPing]

I might go the other way. Chromium itself allows setting different keyring types by passing --password-store=basic, I wonder if Skype exposes this in any way.

[bam80]

Any progress? Having Skype logged out every time it closes is pretty annoying.

[AeliusSaionji]

Simply install gnome-keyring yourself in the meantime.

[snaggen]

Doesn't Skype use libsecret ? If so, then kwallet should work also.

[TingPing]

Unless my information is outdated, KDE never implemented the secret service API.

[snaggen]

Maybe this should be part of some xdg-desktop-portal? So, that when something access the keyring api, it could detect that there is no keyring installed and inform the user. And is this really unique for the flatpak version of Skype? Wouldn't any other skype installation behave the same way if you do not have a keyring installed?

[TingPing]

And is this really unique for the flatpak version of Skype? Wouldn't any other skype installation behave the same way if you do not have a keyring installed?

You are correct.

Maybe this should be part of some xdg-desktop-portal?

The future I, and some others, want is where there is no such thing as a Secret Service. It is a concept that doesn't fit with sandboxing. There is a libsecret PR somewhere to just store keys locally.

[zdenek-zikan]

Any progress on this or workaround? I am using KDE, but have gnome-keyring-daemon running (installed by the OS package manager (dnf)). Now I installed Skype from Flatpak and it keeps asking for gnome-keyring password but nothing works. Skype installed from rpm doesn't have this problem.

[WhyNotHugo]

Giving skype access to the host secretservice kinda defeats the purpose of isolation, since secretservice provides no form of authorisation: it simply gives anyone access to all passwords.

That said, the current setup does give Skype access to the host secretservice, and it still doesn't work.

[TingPing]

Current releases of libsecret no longer require access to the host service closing that hole.

[WhyNotHugo]

@TingPing Can you explain how this works? I see that the flatpak has "talk" access to org.freedesktop.secrets; is this access filtered somehow by some part of flatpak?

As far as I can see, skype itself tries to use the secrets API. It fails on Flatpak, but works on Firejail. However, with Firejail it gets unrestricted access to the secrets service, which is not nice at all.

I also tried using bubblewrap + xdg-dbus-proxy directly, and that also works, but, again, giving full access to a secret service.

#131 is strongly related here, and, as per my testing, Skype fails to read from the keyring on Flatpak: #131 (comment)

[TingPing]

@TingPing Can you explain how this works? I see that the flatpak has "talk" access to org.freedesktop.secrets; is this access filtered somehow by some part of flatpak?

No. I'm not sure if it works and this permission might bypass it. libsecret itself is supposed to support being ran in a sandbox transparently.

[Jolly979]

This tutorial works for me: https://www.jwillikers.com/gnome-keyring-in-kde-plasma. If ya using KDE Plasma