Gnome-keyring dependency and chromium browsers

Quiksilver · January 10, 2025, 1:48am

So I just did a full upgrade and now I get prompted to unlock the keyring for Brave browser everytime its launched.

In the past when I was distrohopping another distro that had xfce I would get that same prompt with Ungoogled-chromium and also Vivaldi which are both chromium based.
Its weird considering I never even use a browser keyring password manager I dont get why it prompts this.

Anyway the fix always used to be purge gnome-keyring however this doesn’t seem to be the best choice.

When you type sudo apt purge gnome-keyring it will show the other dependencies to remove are kicksecure-desktop-environment-essential-xfce and other Kicksecure specific ones so obviously I chose NOT to go forward.

The only fix in the meantime that is better is to add the chrome flag --password-store=basic which will ingore using GNOME keyring or kwallet (KDE).

So you would edit your launcher Exec=/usr/bin/browser --password-store=basic for the browser application or you could edit your /usr/share/application/browser.desktop file for desktop file but this might get updated with new updates so launcher seems like the safer bet.

Back to the point why is gnome-keyring dependency needed and could something be added to Kicksecure like above to automatically fix this pesky issue or to the wiki regarding chromium unlock keyring prompt with gnome-keyring.

Solution add the chrome flag --password-store=basic

Patrick · January 10, 2025, 11:50am

You can follow the history of that here:

This is documented here:

Feel free to experiment with removal of gnome-keyring. This should be easily possible thanks to dummy-dependency, Removal Instructions.

sudo dummy-dependency --yes --purge gnome-keyring

Even if we find a technical solution to do this reliably by default [1], I am not sure we should change chromium default keystore settings. Comments welcome.

[1] We would probably have to solve the stackable wrappers issue.

github.com

Kicksecure/proposals/blob/master/634-stackable-wrappers.md

# Stackable Wrappers (Proposal 634)

- Ticket: https://forums.whonix.org/t/write-draft-for-stackable-wrappers-on-debian-devel/18776
- File: https://github.com/Kicksecure/proposals/blob/master/634-stackable-wrappers.md

# Description

In Debian, there is no such thing as stackable wrappers. It would be desirable to have them.

A wrapper in this context is defined as a minimal script that automatically prepends something in front of a program the user wants to run or appends something, such as default command-line parameters.

Here are some examples of commands to prepend:

* `firejail firefox`
* `torsocks gpg`
* `LD_PRELOAD="$LD_PRELOAD":libeatmydata.so rsync`
* `bindp`, `timeprivacy`, and probably a lot more
* Likely quite a few `dpkg` diversions are used for this purpose

Here are some examples of commands to append:

This file has been truncated. show original

Quiksilver · January 24, 2025, 8:34pm

Its a bad idea security wise to use a password manager in any browser aka saving passwords in the browser.

Is my understanding wrong that is what this is relates to kinda tho? As I stated I never stored any so idk why it needed to unlock anything when there was no passwords to begin with?

Patrick · January 25, 2025, 12:17pm

Maybe it is but also a popular feature. For example, browser internal password storage function can be safely used for low importance logins (those unlikely or unimportant if these get hacked).