A while ago, Chromium 56 ‘stable’ was released. It took a while for me to release Slackware 14.1 packages because of a crash bug in XFCE (and probably other non-KDE desktops too). I have been trying to find ways around the crash and been looking for patches, but there does not seem to be a solution for Slackware 14.1 other than working around it and losing some functionality.
So, what’s the issue?
Chrome/Chromium can optionally store credentials (user accounts, passwords) that you type in to access online secure web sites. The Password Store is a sqlite database. On Linux, its location is “~/.config/chromium/Default/Login Data” for Chromium and “~/.config/google-chrome/Default/Login Data” for Chrome.
Chromium/Chrome on Linux wants to store your online credentials in a safe way, but it does not have the code itself to encrypt its own Password Store. Instead, it tries to rely on the availability of an external encryption provider. On KDE desktop environment, it will use the KDE Wallet system, while on other desktops it will try to use Gnome Keyring. If none of these are found, then Chrome/Chromium will fall back to storing unencrypted passwords in the above sqlite file.
Coming back to Slackware 14.1: there is a bug in it – probably in glib2 because that is where the segmentation faults are reported – which prevents recent versions of Chromium from using the Gnome Keyring. Within seconds of accessing the first web page in Chromium on Slackware 14.1, the browser will crash if you are running XFCE or some other non-KDE desktop. Note that you can use Chromium just fine in KDE on Slackware 14.1!
This issue does not exist in Slackware 14.2 or -current, probably because all the package updates between 14.1 and 14.2 solved the underlying issue. Therefore this bug is not something that will be solved in the chromium code by reporting it to Google… it is a OS related bug.
This means, if you are running XFCE you have to prevent Chromium from trying to use gnome-keyring. I tried to enforce the use of kwallet when running XFCE but that did not work, so you need to entirely disable the use of an encryption provider by adding the parameter “–password-store=basic” to the chromium commandline. The consequence will be that your online passwords will be stored unencrypted and anyone who gets hold of a copy of that sqlite file, will be able to extract all your credentials.
So here are some strategies for working with Chromium and not get bitten by the gnome-keyring induced crashes and keep your passwords safely encrypted:
- Encrypt your homedirectory or even your complete filesystem. With your files encrypted (using a password only you know) you reduce the risk of having Chromium store your credentials in plain-text in a sqlite file.
Disk encryption using LUKS is something which Slackware supports during the installation. Full disk encryption is always recommended if you are using a laptop.
If you did not opt for disk encryption during installation, but you still have more free disk space available than your /home directory tree is currently using, then you can create a new – encrypted – /home and move your existing data in there. This is an exercise that requires knowledge about cryptsetup and goes beyond the scope of this blog post.
- Switch to KDE. The kwallet storage is encrypted and it will not crash chromium like gnome-keyring does.
- Upgrade to Slackware 14.2. The gnome-keyring of this version of Slackware (and newer) will not crash chromium , so you can encrypt your online credentials in XFCE too.
And here is a chromium configuration file for Slackware 14.1 which will detect your Desktop Environment and will automatically add the parameter “–password-store=basic” to Chromium’s commandline for you if you are not using KDE. Copy the text below into a file called (for instance): “/etc/chromium/10-passwordstore.conf”:
# Use the basic (un-encrypted) password store, # unless we are running KDE: if [ ! "$XDG_SESSION_DESKTOP" = "KDE" ]; then CHROMIUM_FLAGS="$CHROMIUM_FLAGS --password-store=basic" fi
Encrypting the passwords of your online identities will not make you 100% safe of course… even when your passwords are encrypted, Chrome/Chromium will make them plainly visible inside a browser window, by visiting the URL chrome://settings/passwords .
Note 1: The Windows version of Chrome encrypts the passwords it stores in “%UserProfile%\AppData\Local\Google\Chrome\User Data\Default\Login Data” because it makes use of a Windows API which requires the logged-in user’s password for the decryption.
Note 2: When you use the browser’s sync feature to store a copy of your online credentials in your Google Account, then those copies will be encrypted with your sync password, that only you know.
Download the Chromium packages for Slackware 14.1 (they were already available for 14.2 and -current for some time) from a mirror like these:
- http://www.slackware.com/~alien/slackbuilds/ (US master site)
- http://bear.alienbase.nl/mirrors/people/alien/slackbuilds/ (my own mirror)
- http://alien.slackbook.org/slackbuilds/ (US)
- http://ftp.lip6.fr/pub/linux/distributions/slackware/people/alien/slackbuilds/ (FR mirror)
- http://slackware.uk/people/alien/slackbuilds/ (UK – fast mirror!)
Have fun! Eric