Keyring for headless Linux installation

[tanto259]

Development environment where the bug occurred

• Db2 Developer Extension version: 1.3.0
• Editor platform: Visual Studio Code
• Editor platform version: 1.60.2
• Operating system on which your editor runs: Ubuntu 20.04.2 under Windows Subsystem for Linux 2 at Windows 10 20H2
• Java Version (Run java -version and paste the details here): JDK 14.0.2 build 14.0.2+12-46
• Log files attached?: No

Problem description

Detailed steps for reproducing the problem:

1. Install the extension in VSCode which is opened on WSL (which is a headless Linux installation)
2. Install JDK and libsecret-1-0
3. Set up profile
4. Connect

I'm able to replicate this issue in code-server on a headless Ubuntu Server 20.04 installation as well.

Observed behavior

• Failed with ERROR: com.github.javakeyring.BackendNotSupportedException: No available keyring backend found

Expected behavior

• Able to connect with the available keyring backend, as Zowe SCS plugin can work on this environment

[katsoohoo]

Hey @tanto259, thanks for reporting. We'll take a look at this issue.

[katsoohoo]

@tanto259 Do you have the libsecret library installed on WSL? This is one of the prerequisites for using the extension on Linux.

[tanto259]

I do, a full log is linked. I have libsecret-1-0 version 0.20.4-0ubuntu1.

Also, on a somewhat-similar issue, I was helping an individual with the IBM Z Xplore courses, and one of the courses uses this extension. The person encounter the same error message on a M1 Macbook Air with OpenJDK 11.0.12 build 11.0.12+7-LTS. Their log message is also attached on the GitHub Gist linked above as the file macbook-log.

As far as I know, no one on the IBM Z Xplore platform encounter the issue on a Macbook with Intel processor. However, the person seems to be the only one reporting the issue so far.

[katsoohoo]

Thanks for the logs. Do you also have the gnome-keyring library installed on WSL? If so, can you also provide the version for that?

[tanto259]

I'm currently at version 3.36.0-1ubuntu1 of gnome-keyring

[b-tsao]

Hi @tanto259, after our investigation, we presume what is happening here is the user that is starting vscode is unable to access the keyring, resulting in the error shown.

You can verify this by running the following command gnome-keyring-daemon
A correct output which shows the keyring is running would be

SSH_AUTH_SOCK=/run/user/0/keyring/ssh

An incorrect output would show

** Message: 12:33:09.257: The gnome-keyring control directory cannot be accessed: /run/user/0/keyring: Permission denied

** (gnome-keyring-daemon:9738): WARNING **: 12:33:09.258: couldn't create socket directory: /run/user/0/keyring-Y1UBD1: Permission denied

** (gnome-keyring-daemon:9738): WARNING **: 12:33:09.258: couldn't bind to control socket: /run/user/0/keyring-Y1UBD1/control: Permission denied

Please try running the command on the user which starts vscode or code-server.

[tanto259]

Unfortunately, running the command on the VSCode terminal seems to work:

hartanto@DESKTOP-5OJMMU0:~$ gnome-keyring-daemon
GNOME_KEYRING_CONTROL=/home/hartanto/.cache/keyring-8IY8C1
SSH_AUTH_SOCK=/home/hartanto/.cache/keyring-8IY8C1/ssh

[katsoohoo]

Hi @tanto259, can you also try this command ps -ef | grep gnome-keyring-daemon to see if gnome-keyring-daemon is running? You should see an output like the one below:

$ ps -ef | grep gnome
wsl      12808    50  0 14:09 pts/0    00:00:00 gnome-keyring-daemon
wsl      12821    51  0 14:11 pts/0    00:00:00 grep --color=auto gnome

If gnome-keyring-daemon is not running, you can launch dbus and start gnome-keyring-daemon like in these issues:

• docker compose Error: Cannot autolaunch D-Bus without X11 $DISPLAY atom/node-keytar#224
• Some CLI features require x11 bitwarden/directory-connector#17

[tanto259]

Sorry to keep you waiting. Unfortunately, it seems that gnome-keyring-daemon as running when the error was encountered.

The way the daemon was set up follows the Zowe SCS instruction, which is adding the following to ~/.bashrc:

if test -z "$DBUS_SESSION_BUS_ADDRESS" ; then
  exec dbus-run-session -- $SHELL
fi

gnome-keyring-daemon --start --components=secrets

Thank you and happy holidays!

[b-tsao]

@tanto259 Happy holidays! Hope you had a great break.

To recap on the problem so far:
The extension is unable to access the running keyring instance. Initially from our internal recreated environment we believed the problem to be due to the user that started vscode instance to not have sufficient privilege in accessing the keyring instance, this turned out to not be the case from your above post. Then we thought it's possible the keyring instance isn't running, which also turns out to not be the case.

Do you think you could provide a docker image with the linux environment you're running with the setup as close as possible?

[ben-j-herbertz]

I am hitting the same Issue using the Microsoft Node Docker Image (VS Code Dev Container):

ARG VARIANT="16-bullseye"
FROM mcr.microsoft.com/vscode/devcontainers/javascript-node:0-${V
RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
    && apt-get -y install --no-install-recommends openjdk-11-jdk libsecret-1-0

[katsoohoo]

Hi @tanto259 and @ben-j-herbertz,

We were able to identify the No available keyring backend found error as an environment issue for both of your environments (WSL2 and VS Code dev container). Both environments had a similar issue where D-Bus and gnome-keyring were set up in a different session. To resolve this issue, we need to make sure VS Code launches from the same session where the D-Bus and gnome-keyring were set up.

To do this in WSL2 with Zowe SCS plugin installed, you will need to run code in the Ubuntu terminal to launch VS Code rather than starting VS Code from Windows side.

For the VS Code dev container, you will need to use the following Dockerfile and devcontainer.json
Dockerfile

ARG VARIANT="16-bullseye"
FROM mcr.microsoft.com/vscode/devcontainers/javascript-node:0-${VARIANT}
RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
    && apt-get -y install --no-install-recommends openjdk-11-jdk libsecret-1-0 gnome-keyring dbus-x11

devcontainer.json

// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at:
// https://github.com/microsoft/vscode-dev-containers/tree/v0.209.6/containers/javascript-node
{
	"name": "Node.js",
	"build": {
		"dockerfile": "Dockerfile",
		// Update 'VARIANT' to pick a Node version: 16, 14, 12.
		// Append -bullseye or -buster to pin to an OS version.
		// Use -bullseye variants on local arm64/Apple Silicon.
		"args": { "VARIANT": "16-bullseye" }
	},

	// Set *default* container specific settings.json values on container create.
	"settings": {},

	// Add the IDs of extensions you want installed when the container is created.
	"extensions": [
		"dbaeumer.vscode-eslint",
		// "ibm.db2forzosdeveloperextension"
	],

	// Use 'forwardPorts' to make a list of ports inside the container available locally.
	// "forwardPorts": [],

	// Use 'postCreateCommand' to run commands after the container is created.
	// "postCreateCommand": "yarn install",
	"postCreateCommand": "dbus-daemon --session --fork --address=${DBUS_SESSION_BUS_ADDRESS} --print-pid --print-address && echo \"<RANDOM-PASSPHRASE>\" | gnome-keyring-daemon -r -d --unlock",

	// Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
	"remoteUser": "node",

  "runArgs": [
    "--privileged"
  ],

	"containerEnv": {
		"DBUS_SESSION_BUS_ADDRESS": "unix:path=/tmp/dbus-session"
	}
}

---

Unfortunately, after resolving the initial error, we hit a new No stored credentials match error. Because of this error, we have to say the extension currently does not support remote development environments like WSL2 and VS Code dev container. Please open a new feature request to have the extension support remote development environments.

[tanto259]

Thank you @katsoohoo!

Just for your information, on the IBM Z Xplore forum page, we have 2 reports of users with the M1 Macbook getting the same no available keyring backend found. Both of them are also using the Azul Zulu build of OpenJDK 11. Since I have no M1 Macbook, I couldn't replicate this, but I thought I'll let y'all know just in case.

OS Info of Individual 1:

OS: macos 12.2.1, ARM64
JVM: 11.0.14.1 (arm64) “Azul Systems, Inc.” - “Zulu 11.54.25” /Library/Java/JavaVirtualMachines/zulu-11.jdk/Contents/Home

OS Info of Individual 2 (not sure on the exact macos version that this person use):

openjdk 11.0.12 2021-07-20 LTS
OpenJDK Runtime Environment Zulu11.50+19-CA (build 11.0.12+7-LTS)
OpenJDK 64-Bit Server VM Zulu11.50+19-CA (build 11.0.12+7-LTS, mixed mode)

Some logs:

2022-02-22T11:29:17.867+0800 DEBUG: Successfully retrieved Db2 connection: 25669046-187a-4f9f-b730-a63c735a0291
2022-02-22T11:29:17.869+0800 DEBUG: Db2LanguageClient:sendRequest: Sending request ibmdb2devext/openConnection to the language server.
2022-02-22T11:29:17.872+0800 INFO : [SERVER] Db2SqlServiceClient:process:stdout: {“requestType”:“openConnection”,“properties”:{“callerId”:“ibm.db2forzosdeveloperextension”}}
2022-02-22T11:29:17.872+0800 DEBUG: usageReporter:sendEvent: Sending the following telemetry data: {“eventName”:“openConnection”,“properties”:{“callerId”:“ibm.db2forzosdeveloperextension”},“measurements”:null}
2022-02-22T11:29:17.873+0800 ERROR: [SERVER] Db2SqlServiceClient:process:stderr: 2022-02-22T11:29:17,872+0800 [ForkJoinPool.commonPool-worker-19] ERROR: com.github.javakeyring.BackendNotSupportedException: No available keyring backend found
2022-02-22T11:29:17.873+0800 ERROR: [o [Error]: No available keyring backend found
at /Users/<redacted>/.vscode/extensions/ibm.db2forzosdeveloperextension-1.3.3/dist/client.js:1:729777
at /Users/<redacted>/.vscode/extensions/ibm.db2forzosdeveloperextension-1.3.3/dist/client.js:1:730071
at Immediate. (/Users/<redacted>/.vscode/extensions/ibm.db2forzosdeveloperextension-1.3.3/dist/client.js:1:730432)
at processImmediate (internal/timers.js:461:21)] {
code: 0,
data: undefined
}
2022-02-22T11:29:17.873+0800 ERROR: Failed to connect to 204.90.115.200/DALLASC: No available keyring backend found

[katsoohoo]

This issue occurs because the extension currently does not support remote development environments. Closing this issue since #70 will address this as an enhancement.