Charmcraft and the "No keyring found" error

charmcraft
1

One of the improvements we did to Charmcraft in the last few months (well, actually to the Craft Store library which is used by Charmcraft) is to securely store the credentials obtained from the user’s login to Charmhub in a keyring in the user’s machine.

But sometimes Charmcraft fails to find a keyring in the user’s environment. The environment may not have a keyring, or it may not be accessible from the snap in which Charmcraft runs.

One simple workaround for this is to install the gnome-keyring package. It’s recommended even in non-GNOME environments (the name is misleading, it’s a simple package and will not bring a zillion dependencies).

In some cases it is more complicated. Please explore the documentation for the Python keyring library which shows several tips for different environments.

All that said, generally there are no keyrings by default in CI/CD or other remote systems; for Charmcraft to work in those environments the user should login in their machine and export the credentials, and then use them in the remote system, as is explained in this forum post.

Please comment on this post with your experience, issues, problems and how/if you solved them. Thanks!

1 Like
2

Hey, cool! I got this working with gnome-keyring.

It’s a little bit of a headache to get the keyring unlocked from the CLI, though. I found a hacky script that prompts for the current user’s password, then restarts the daemon. It didn’t feel super great to do things that way, though. How are you unlocking the keyring from the CLI?

1 Like
3

unfortunately, working not like a charm…

a solution that worked for me, but I could not expect people to use it:

sudo apt install gnome-keyring

dbus-run-session -- bash --noprofile --norc

that opens a new bash session, then:

rm -rf ~/.local/share/keyrings
echo -n 'db' | gnome-keyring-daemon --unlock

after that I try to fetch libs:

charmcraft fetch-lib charms.data_platform_libs.v0.database_requires

but since I am in multipass instance, it cannot open a browser. But charmcratft provides a link, and copying it to browser on a host machine solve auth issue.

4

also see the workflow from snapcraft: https://snapcraft.io/docs/snapcraft-authentication

5

@facundo gnome-keyring being installed no longer resolves this problem for me with charmcraft. I had it installed and still had issues. I tried @beliaev-maksim’s workaround without success. Nor did uninstalling and reinstalling gnome-keyring help.

I’m using charmcraft 2.2.0 and ubuntu server 22.04.

6

@hmlanigan another solution I found and documented as part of the tutorial: Juju | Integrate your charm with PostgreSQL

copy it here to be preserved:

<----------------------------------------------------->
To log in to Charmhub, run:

charmcraft login --export ~/secrets.auth

This should output:

Opening an authorization web page in your browser.
If it does not open, please open this URL:
 https://api.jujucharms.com/identity/login?did=48d45d919ca2b897a81470dc5e98b1a3e1e0b521b2fbcd2e8dfd414fd0e3fa96

As we are inside a Multipass instance, this will not open the authorization web page directly. Copy-paste the provided web link into your web browser instead. Use your Ubuntu SSO to log in.

When you’re done, you should see in your terminal the following:

Login successful. Credentials exported to '~/secrets.auth'.

Now set an environment variable with the new token:

export CHARMCRAFT_AUTH=$(cat ~/secrets.auth)

Read more: How to authenticate Charmcraft in remote environments

6 Likes
7

Why does a developer or a CI/CD pipeline job need to login to Charmhub for fetching charm interface libraries? e.g.

charmcraft fetch-lib charms.data_platform_libs.v0.data_interfaces

Shouldn’t that download be possible to perform anonymously?

8

Looks like anonymous fetching of library modules was made possible in version 2.3.0.