needing help setting it up

[ltsdw]

after enabling/starting the systemd service unit I tried to log in into minecraft, but the unit get stopped because pass couldn't write:

× pass-secrets.service - Pass SecretService
     Loaded: loaded (/usr/lib/systemd/user/pass-secrets.service; enabled; vendor preset: enabled)
     Active: failed (Result: signal) since Wed 2021-09-29 10:48:43 -03; 432ms ago
    Process: 3564 ExecStart=/usr/bin/pass-secrets (code=killed, signal=ABRT)
   Main PID: 3564 (code=killed, signal=ABRT)
        CPU: 41ms

set 29 10:48:43 shadow systemd[561]: Starting Pass SecretService...
set 29 10:48:43 shadow systemd[561]: Started Pass SecretService.
set 29 10:48:43 shadow pass-secrets[3564]: Loaded collection /home/mg_user/.password-store/secretservice/0M58kCNVdu2p9fpY9gHBi
set 29 10:48:43 shadow pass-secrets[3564]: Found pass at /usr/bin/pass
set 29 10:48:43 shadow pass-secrets[3564]: terminate called after throwing an instance of 'std::runtime_error'
set 29 10:48:43 shadow pass-secrets[3564]:   what():  pass returned an error while writing!
set 29 10:48:43 shadow systemd[561]: pass-secrets.service: Main process exited, code=killed, status=6/ABRT
set 29 10:48:43 shadow systemd[561]: pass-secrets.service: Failed with result 'signal'.

I probably not setting something right, I followed part of the example from arch wiki and it went all good.

gpg --gen-key # generated a key, set it up a password and all
pass init myemail@here.com
pass insert archlinux.org/wiki/username # again here all went good, set it up a password too, no errors

what more do I need to do?

[nullobsi]

you can try stopping pass-secrets, deleting the entire secretservice dir to reset, and having it recreate the directories
another guess is that the gpg-agent was unable to create password dialog, so you may want to restart your gpg agent and ensure you get a dialog

[ltsdw]

ok, what I tried was deleting the secretservice dir, restarting gpg-agent.service, and trying again, and the result was the same.

ps: not directly related to my problem here, but when starting the pass-secrets.service if there's no .password-store, the unit will fail to start, while this isn't the job of pass-secrets, but pass, shouldn't the directory be created by pass-secrets, instead of failing to start? or I don't know, call pass earlier just for it to create the directories needed (maybe we should add more steps to the instructions on the readme?)

[nullobsi]

the service does a check for the existence of just the "secretservice" dir, but it will fail to create it if parent directories don't exist either. in that case, I think I will add a little more of a guide to the readme

also, does running pass-secrets manually (just from the command line) work? i will see if I can get pass to output its logs to the stderr of pass-secrets as well to make debugging the issue easier

[ltsdw]

the service does a check for the existence of just the "secretservice" dir, but it will fail to create it if parent directories don't exist either. in that case, I think I will add a little more of a guide to the readme

yeah, I think that will really help.

also, does running pass-secrets manually (just from the command line) work? i will see if I can get pass to output its logs to the stderr of pass-secrets as well to make debugging the issue easier

negative, it still fails. Again that would be great, as right now I'm clueless from what is wrong with pass.

like I can set up things manually, gpg --gen-key will pop up the dialog to configure a password and reconfirm it. pass init/pass insert will also goes well.

[nullobsi]

okay, i used a different library to spawn the pass process that puts the stderr onto the main process

if you could recompile and test out the new version, it should show whatever error pass had :)

[ltsdw]

Thank you!

found out why pass is failing.

Loaded collection /home/mg_user/.password-store/secretservice/l6oERZaD931RmHk3AE8Rv
Found pass at /usr/bin/pass
mkdir: created directory '/home/mg_user/.password-store/secretservice/l6oERZaD931RmHk3AE8Rv/89ldasB0tJGCKshtdTaYz'
Error: You must run:
    pass init your-gpg-id
before you may use the password store.

should I generate an key before running the pass-secrets? because I already tried that with gpg --gen-key and after that did pass init <my gpg id> (also tried with the email, no erros), how I should I proceed here?

what I did so far was enabling gpg-agent.service (it's enabled and running), do I need something more besides having agent running?

[nullobsi]

hm, no, that just means that pass was unable to find a .gpg-id file to get the right key ID
the password store should be 100% initialized and working before setting up/running pass-secrets but since you already did that i'm unsure...

[ltsdw]

it shouldn't be looking for it under ~/.gnupg or where the GNUPGHOME was set to?

I'm almost certain I screwed something while setting this.

[ltsdw]

Oh, ok, I got it. Nuked all directories and started all over.

my steps was:

• gpg --gen-key
• copy the id generated
• pass init <pasted the id of the key generated>
• pass-secrets

probably what I was doing wrong was trying set it up with email and the short version of key-id.

we should definitely add more steps to the readme page, while it's not the scope of this project to taught people how to set up gpg, people like me will definitely appreciate an "how to 101 for dummies".

Again thank you for your patience and great project. Closing.

[ltsdw]

now I'm having another issue.

first, the systemd unit will always fail at the time I launch minecraft-launcher:

× pass-secrets.service - Pass SecretService
     Loaded: loaded (/usr/lib/systemd/user/pass-secrets.service; enabled; vendor preset: enabled)
     Active: failed (Result: signal) since Thu 2021-09-30 18:16:52 -03; 10s ago
    Process: 3694 ExecStart=/usr/bin/pass-secrets (code=killed, signal=ABRT)
   Main PID: 3694 (code=killed, signal=ABRT)
        CPU: 26ms

set 30 18:16:52 shadow systemd[544]: Starting Pass SecretService...
set 30 18:16:52 shadow systemd[544]: Started Pass SecretService.
set 30 18:16:52 shadow pass-secrets[3694]: Loaded collection /home/mg_user/.password-store/secretservice/ULDzdHJbVGNetph9snfZ1
set 30 18:16:52 shadow pass-secrets[3694]: Found pass at /usr/bin/pass
set 30 18:16:52 shadow pass-secrets[3701]: gpg: decryption failed: No secret key
set 30 18:16:52 shadow pass-secrets[3694]: terminate called after throwing an instance of 'subprocess::exceptions::command_error'
set 30 18:16:52 shadow pass-secrets[3694]:   what():  command exitstatus 2 : subprocess_error
set 30 18:16:52 shadow systemd[544]: pass-secrets.service: Main process exited, code=killed, status=6/ABRT
set 30 18:16:52 shadow systemd[544]: pass-secrets.service: Failed with result 'signal'.

but running the pass-secrects from a terminal will succeed, the pop up to type the password to unlock the store key will shows up. (almost always, sometimes it will segfault).

when segfaulting (segfaults always when I click to select my minecraft account):

$ pass-secrets 
Loaded collection /home/mg_user/.password-store/secretservice/ULDzdHJbVGNetph9snfZ1
Found pass at /usr/bin/pass
removed '/home/mg_user/.password-store/secretservice/ULDzdHJbVGNetph9snfZ1/gWN34fe_Xq0sWtdNpIf4Q/secret.gpg'
removed '/home/mg_user/.password-store/secretservice/ULDzdHJbVGNetph9snfZ1/gWN34fe_Xq0sWtdNpIf4Q/item.json'
removed directory '/home/mg_user/.password-store/secretservice/ULDzdHJbVGNetph9snfZ1/gWN34fe_Xq0sWtdNpIf4Q/'
zsh: segmentation fault  pass-secrets

if I re-start the pass-secrets before proceeding (typing my email and password from my microsoft account), it will succeed:

Loaded collection /home/mg_user/.password-store/secretservice/ULDzdHJbVGNetph9snfZ1
Found pass at /usr/bin/pass
mkdir: created directory '/home/mg_user/.password-store/secretservice/ULDzdHJbVGNetph9snfZ1/pkH5fGXaclwrrok2pTF7O'
Enter contents of secretservice/ULDzdHJbVGNetph9snfZ1/pkH5fGXaclwrrok2pTF7O/secret and press Ctrl+D when finished:

Enter contents of secretservice/ULDzdHJbVGNetph9snfZ1/Hg3GKMYre00ffdT8GHT0E/secret and press Ctrl+D when finished:

Enter contents of secretservice/ULDzdHJbVGNetph9snfZ1/FE0QEj_5CkJ4BRMtf9YiU/secret and press Ctrl+D when finished:

Enter contents of secretservice/ULDzdHJbVGNetph9snfZ1/7aU2kFYZfefSUjxKlndYP/secret and press Ctrl+D when finished:

Enter contents of secretservice/ULDzdHJbVGNetph9snfZ1/5ZHNltTuOyTzHn_Szi8Wa/secret and press Ctrl+D when finished:

Enter contents of secretservice/ULDzdHJbVGNetph9snfZ1/FG_0Hz_gesCMYA_4K3HCc/secret and press Ctrl+D when finished:

Enter contents of secretservice/ULDzdHJbVGNetph9snfZ1/7aU2kFYZfefSUjxKlndYP/secret and press Ctrl+D when finished:

Enter contents of secretservice/ULDzdHJbVGNetph9snfZ1/7KKZIi81iYEWC5y2KK_X2/secret and press Ctrl+D when finished:

qEnter contents of secretservice/ULDzdHJbVGNetph9snfZ1/7KKZIi81iYEWC5y2KK_X2/secret and press Ctrl+D when finished:

does this gives you any idea? (this time I don't think it's something I did wrong, this time I think it's some kind of incompatibility with minecraft-launcher)

[nullobsi]

I had the segfault issue while doing my test and it happens because the app refers to a closed session
I thought I added a check for it, but obviously it was not enough! ill check it out

[nullobsi]

as for the systemd service, depending on what DE you are using, you need to runsystemctl --user import-environment HOME DISPLAY WAYLAND_DISPLAY or other envvars needed

[ltsdw]

I'm not using any desktop environment right now, starting all with startx and running dwm, does I need some special envar?

I had a problem with gnome-keyring (wasn't working when switching user with su) but solved it with dbus-update-activation-environment --systemd DISPLAY, maybe I should do the same for HOME DISPLAY? As I'm not using wayland I don't think I'll need the last one.

EDIT:

tried the systemctl --user import-environment HOME DISPLAY but the result was the same.

[nullobsi]

in that case doing the same for home and display may be needed for the GPG agent and pass-secrets

dbus activation is a mess unfortunately

[ltsdw]

in that case doing the same for home and display may be needed for the GPG agent and pass-secrets

I'm sorry, what do you mean by that?

[ltsdw]

if what you mean was doing dbus-update-activation-environment --systemd HOME DISPLAY?, in that case it isn't working neither.

[ltsdw]

ok, so I tried dbus-update-activation-environment --systemd --all that did the trick, now it's only the segfault part.

set 30 21:48:12 shadow systemd[544]: Starting Pass SecretService...
set 30 21:48:12 shadow systemd[544]: Started Pass SecretService.
set 30 21:48:12 shadow pass-secrets[165426]: Loaded collection /home/mg_user/.password-store/secretservice/ULDzdHJbVGNetph9snfZ1
set 30 21:48:12 shadow pass-secrets[165426]: Found pass at /usr/bin/pass
set 30 21:49:08 shadow pass-secrets[165426]: terminate called after throwing an instance of 'std::out_of_range'
set 30 21:49:08 shadow pass-secrets[165426]:   what():  map::at
set 30 21:49:08 shadow systemd[544]: pass-secrets.service: Main process exited, code=killed, status=6/ABRT
set 30 21:49:08 shadow systemd[544]: pass-secrets.service: Failed with result 'signal'.

actually I don't know if this is related to the segfaulting when running from command line, terminate called after throwing an instance of 'std::out_of_range' what(): map::at

[ltsdw]

So I wiped all out, started all over again.

- systemctl --user start pass-secrets
- systemctl --user start gpg-agent
- dbus-update-activation-environment --systemd --all

# when setting for the first time

- gpg --gen-key
- copied the id generated
- pass init <pasted the id of the key generated>

It seems all working now, the gpg-agent service gets stopped (I think that's supposed to happen):

out 08 03:11:13 shadow gpg-agent[990]: listening on: std=5 extra=6 browser=3 ssh=4
out 08 03:12:17 shadow gpg-agent[990]: socket is now serviced by another server
out 08 03:12:17 shadow gpg-agent[990]: this process is useless - shutting down
out 08 03:12:21 shadow gpg-agent[990]: gpg-agent (GnuPG) 2.2.29 stopped

and then it sometimes will ask for my password in a infinite loop, only stopping when I re-start gpg-agent, but that is probably another thing that I'm doing wrong.

I'll close this issue though. Thank you for your support!