chromium snap upgrade "lost" my passwords

Thanks for the report, Steve.

I agree that it is not user friendly, especially in this case where
things have gone wrong. At least the back up file served its purpose and
you could restore your passwords.

That notice only appears when the user has the password-manager-service
interface connected and no Login Data.old file is present.

Do you remember manually connecting the interface, or anything out of
the ordinary you did with Chromium (e.g. exporting/importing configuration)?

At this point though, we might just be better off getting rid of that,
since the mentioned fix was released about two months ago and, because
of the snap forcing upgrades, the transition should have been done for
practically all users already.

> At this point though, we might just be better off getting rid of that,
since the mentioned fix was released about two months ago and, because
of the snap forcing upgrades, the transition should have been done for
practically all users already.

I confirmed this. Getting rid of the notice.

Actually only the minor part of your problem has been fixed, the password notice.

Still, the passwords, of course, should not disappear. And in my tests in the Ubuntu GNOME desktop they really don't.

However, I just tested in my simplified dwm environment and I can confirm that, although the keyring is running and unlocked, the passwords aren't displayed in Chromium, but they are there in `Login Data`. So Chromium has been failing to detect[1] that Gnome keyring is available.

When you observed that behavior, were you perchance in such a minimal environment — for which I filed LP: 2011474 —, or were you on default Ubuntu?

Also you can verify whether or not Chromium is detecting that the Gnome Keyring is available by enabling logging and grepping for OSCrypt. E.g.:

--->
% chromium --password-store= --enable-logging=stderr --v=1 |& grep 'backend for OSCrypt'
[...] Selected backend for OSCrypt: BASIC_TEXT
% chromium --password-store=gnome --enable-logging=stderr --v=1 |& grep 'backend for OSCrypt'
[...] Selected backend for OSCrypt: GNOME_ANY
<---

[1] https://chromium.googlesource.com/chromium/src/+/master/docs/linux/password_storage.md

[Expired for chromium-browser (Ubuntu) because there has been no activity for 60 days.]

On Mon, Mar 20, 2023 at 11:00:12AM -0000, Nathan Teodosio wrote:
> However, I just tested in my simplified dwm environment and I can
> confirm that, although the keyring is running and unlocked, the
> passwords aren't displayed in Chromium, but they are there in `Login
> Data`. So Chromium has been failing to detect[1] that Gnome keyring is
> available.

> When you observed that behavior, were you perchance in such a minimal
> environment — for which I filed LP: 2011474 —, or were you on default
> Ubuntu?

This is a default Ubuntu environment.

> Also you can verify whether or not Chromium is detecting that the Gnome
> Keyring is available by enabling logging and grepping for OSCrypt. E.g.:

> --->
> % chromium --password-store= --enable-logging=stderr --v=1 |& grep 'backend for OSCrypt'
> [...] Selected backend for OSCrypt: BASIC_TEXT
> % chromium --password-store=gnome --enable-logging=stderr --v=1 |& grep 'backend for OSCrypt'
> [...] Selected backend for OSCrypt: GNOME_ANY
> <---

Output here is:

$ chromium --password-store= --enable-logging=stderr --v=1 |& grep 'backend for OSCrypt'
[4103636:4103636:0519/230949.699268:VERBOSE1:key_storage_linux.cc(122)] Selected backend for OSCrypt: GNOME_ANY
$

chromium continues to be able to *use* my saved passwords. But I don't know
where they're actually saved, and I can't access the plain text of the
passwords through chromium, which continues to be a problem.

In bug description:

1> when I went to use my saved passwords in chromium today, I found that
they were absent.

In your last comment:

2> chromium continues to be able to *use* my saved passwords. But I
don't know where they're actually saved

Which one is correct/up to date?

Likewise for

3> I found that there was a
~/snap/chromium/common/chromium/Default/Login Data.old containing all of
my passwords, and a ~/snap/chromium/common/chromium/Default/Login Data
containing a single password entry

and

4> But I don't know where they're actually saved

It looks impossible that Chromium is accessing passwords from 'Login
Data.old'; there is no longer any reference to that, anywhere, so I
think quote 3 might not be up to date.

Depending on the situation you could try --password-store=basic, but
given the already buggy circumstances, better have those configuration
files backed up.

Without a reproducible case and access to those data files, which of
course you must not share as it contains passwords, this is hard to debug.

On Fri, Sep 08, 2023 at 06:23:22AM -0000, Nathan Teodosio wrote:
> In bug description:

> 1> when I went to use my saved passwords in chromium today, I found that
> they were absent.

> In your last comment:

> 2> chromium continues to be able to *use* my saved passwords. But I
> don't know where they're actually saved

> Which one is correct/up to date?

The second. Somehow the initial problem corrected itself along the way. So
Chromium can *use* passwords and *save* passwords but it will not *display*
passwords.

> Likewise for

> 3> I found that there was a
> ~/snap/chromium/common/chromium/Default/Login Data.old containing all of
> my passwords, and a ~/snap/chromium/common/chromium/Default/Login Data
> containing a single password entry

> and

> 4> But I don't know where they're actually saved

> It looks impossible that Chromium is accessing passwords from 'Login
> Data.old'; there is no longer any reference to that, anywhere, so I
> think quote 3 might not be up to date.

It contained all passwords that had been saved in my browser prior to this
issue.

Currently, I have a ~/snap/chromium/common/chromium/Default/Login Data which
was last modified September 5. So perhaps passwords are still being written
here.

> Depending on the situation you could try --password-store=basic, but
> given the already buggy circumstances, better have those configuration
> files backed up.

> Without a reproducible case and access to those data files, which of
> course you must not share as it contains passwords, this is hard to debug.

So for you, chrome://settings/passwords shows your passwords under 'Saved
Passwords' without having to specify --password-store=basic?

> Currently, I have a ~/snap/chromium/common/chromium/Default/Login Data which
> was last modified September 5. So perhaps passwords are still being written
> here.

Does this file have the expected number of entries, with sites you
recognize as having your saved passwords that you cannot nonetheless
display? I attach one such file as an example. Namely we are looking for

--->
INSERT INTO logins
VALUES('http://example.com','','','username','userPassword',X'763130ea422b31c5606d2e8435833cf73bb492',
...
<---

Also please confirm that version > last_compatible_version in that file.

When you enter a site for which you have a password saved, does the key
button appear in the address bar, as in the attached picture?

> So for you, chrome://settings/passwords shows your passwords under 'Saved
> Passwords' without having to specify --password-store=basic?

Yes. And --password-store=basic should be neither needed nor correct if
password-manager-service is connected, as it is for working without
keyring, but it was worth trying just in case something had gone funky
in that aspect.

And one more thing worth trying is to export your passwords, that is a
button under the vertical dots button in that page. Then look in the
generated CSV and see if the passwords are readable there.

Forgot the attachments, here they are.

On Mon, Sep 11, 2023 at 07:06:46AM -0000, Nathan Teodosio wrote:
> > Currently, I have a ~/snap/chromium/common/chromium/Default/Login Data which
> > was last modified September 5. So perhaps passwords are still being written
> > here.

> Does this file have the expected number of entries, with sites you
> recognize as having your saved passwords that you cannot nonetheless
> display?

Just had a chance to look at this, and yes, it does - 'SELECT * FROM logins'
includes saved credentials that I know were added after this error began to
manifest.

> Also please confirm that version > last_compatible_version in that file.

sqlite> SELECT * FROM meta;
mmap_status|-1
last_compatible_version|33
version|35
sqlite>

> When you enter a site for which you have a password saved, does the key
> button appear in the address bar, as in the attached picture?

Yes.

> > So for you, chrome://settings/passwords shows your passwords under 'Saved
> > Passwords' without having to specify --password-store=basic?

> Yes. And --password-store=basic should be neither needed nor correct if
> password-manager-service is connected, as it is for working without
> keyring, but it was worth trying just in case something had gone funky
> in that aspect.

Ok. I tried running 'chromium --password-store=basic' and still see nothing
in chrome://settings/passwords. This also seems to have been a good way of
logging me out of existing sessions in my browser for some reason.

> And one more thing worth trying is to export your passwords, that is a
> button under the vertical dots button in that page. Then look in the
> generated CSV and see if the passwords are readable there.

Not even an option. The 'Export passwords' menu option is greyed out.