Created attachment 151784 [details] Helper script to list items in DBus `org.freedesktop.secrets` API. SUMMARY When passwords are renamed non-uniquely in KWalletManager (or presumably via `org.kde.kwalletd5` API), they appear missing in via DBus `org.freedesktop.secrets` API and in Seahorse (and presumably in other Secret Service clients). STEPS TO REPRODUCE Create a blowfish wallet in KWalletManager (a GPG wallet should act the same, but not tested). While observing in Seahorse and DBus, edit as follows in KWalletManager: 1. Create a password "test". 2. Create a 2nd password "test2". 3. Attempt to rename "test2" to "test" (KWalletManager refuses). 4. Restart Seahorse and KWalletManager. 5. Attempt to rename "test2" to "test3". 6. Restart Seahorse and KWalletManager again. OBSERVED RESULT 1. Created sussessfully, immediately shows up in Seahorse. Shows up via DBus `org.freedesktop.secrets` API. 2. Likewise, created successfully and shows up. 3. KWalletManager refuses the rename, no changes shown in Seahorse. 4. Seahorse shows duplicated entry "test", and no "test2" entry. Same via DBus `org.freedesktop.secrets` API. KWalletManager correctly shows "test" and "test2". 5. Rename succeeds in KWalletManager, no change in Seahorse and `org.freedesktop.secrets` API (still duplicated "test", missing "test2" and "test3"). 6. KWalletManager correctly shows "test" and "test3"; Seahorse and `org.freedesktop.secrets` API still show duplicated "test", missing "test2" and "test3". EXPECTED RESULT All changes should be reflected correctly in Seahorse and `org.freedesktop.secrets` API: 1. "test" should show up. 2. "test" and "test2" should show up. 3. "test2" should remain as is (and "test" too). 4. "test" and "test2" should show up as before. 5. "test2" should be renamed to "test3" and show up correctly, "test" should remain as is and not duplicated. 6. "test" and "test3" should show up with no duplications. SOFTWARE/OS VERSIONS Seahorse 3.36-1 KWalletManager 22.08.0 KDE Frameworks Version: 5.97.0 KDE Plasma Version: 5.25.4 Qt Version: 5.15.5 ADDITIONAL INFORMATION My guess is that the Secret Service implementation attempts to follow the rename commands from the old API (`org.kde.kwalletd5`), but doesn't enforce the same uniqueness rules as KWalletManager. It should instead just list the items from `org.kde.kwalletd5` as they are (read-only), and let the `org.kde.kwalletd5` backend handle renames for those items. Likewise for deletes - https://invent.kde.org/frameworks/kwallet/-/merge_requests/11#note_432567 : > I did notice while poking around with Seahorse and KWalletManager that > if I delete a password entry in KWalletManager Seahorse updates immediately > and the corresponding entry also disappears, but if I delete the folder instead > then Seahorse doesn't notice, and it doesn't disappear even if I restart Seahorse. (I didn't open a separate bug for deletion, since it seems a less likely edge-case, and can probably be handled by the same fix.)
A possibly relevant merge request was started @ https://invent.kde.org/frameworks/kwallet/-/merge_requests/37
Git commit 75d9e1a08ad1cb69286947ac62609edd751f2102 by Marco Martin. Committed on 11/04/2025 at 13:22. Pushed by mart into branch 'master'. When renaming, refuse to overwrite an already existing entry if an entry is attempted to be renamed check if an item with same label, folder and wallet already exists and refuse to rename if it does M +7 -0 src/runtime/kwalletd/secretserviceclient.cpp https://invent.kde.org/frameworks/kwallet/-/commit/75d9e1a08ad1cb69286947ac62609edd751f2102