OSCrypt supports encryption with KWallet

OSCrypt supports encryption with KWallet

Implemented KeyStorageLinux for KWallet.

BUG=602624
Committed: https://crrev.com/2e6729a44f5a07c939209bce99f803dc90c5966f
Cr-Commit-Position: refs/heads/master@{#407746}

[cfroussios, 2016-07-19 08:40:05]

The CQ bit was checked by cfroussios@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-07-19 08:40:29]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[cfroussios, 2016-07-19 09:50:54]

The CQ bit was checked by cfroussios@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-07-19 09:51:16]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-07-19 10:16:31]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-07-19 10:16:32]

Dry run: Try jobs failed on following builders:
  linux_chromium_compile_dbg_ng on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)

[cfroussios, 2016-07-19 10:57:22]

The CQ bit was checked by cfroussios@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-07-19 10:57:38]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[cfroussios, 2016-07-19 11:20:30]

cfroussios@chromium.org changed reviewers:
+ thestig@chromium.org

[cfroussios, 2016-07-19 11:20:31]

Hi! This is the implementation with kwallet for os_crypt. Can you review?
Thanks!

[commit-bot: I haz the power, 2016-07-19 11:40:11]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-07-19 11:40:12]

Dry run: This issue passed the CQ dry run.

[Lei Zhang, 2016-07-20 01:08:26]

No serious concerns, 1000 nits below:

https://codereview.chromium.org/2150543002/diff/80001/components/components_t...
File components/components_tests.gyp (right):

https://codereview.chromium.org/2150543002/diff/80001/components/components_t...
components/components_tests.gyp:1592:
'os_crypt/key_storage_kwallet_unittest.cc',
alphabetical order please

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
File components/os_crypt/key_storage_kwallet.cc (right):

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
components/os_crypt/key_storage_kwallet.cc:17: const char kFolderName[] =
"Chrome Keys";
Any chance we can share these with the libsecret impl?

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
components/os_crypt/key_storage_kwallet.cc:28: : desktop_env_(desktop_env),
handle_(0), app_name_(std::move(app_name)) {}
Should |handle_| be initialized to -1? Is 0 a valid value?

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
components/os_crypt/key_storage_kwallet.cc:58: if (result ==
InitResult::TEMPORARY_FAIL)
if (result == InitResult::TEMPORARY_FAIL && kwallet_dbus_->StartKWalletd())
  result = InitWallet();

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
File components/os_crypt/key_storage_kwallet.h (right):

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
components/os_crypt/key_storage_kwallet.h:17: explicit
KeyStorageKWallet(base::nix::DesktopEnvironment desktop_env,
nit explicit

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
components/os_crypt/key_storage_kwallet.h:18: std::string app_name);
Just pass by ref and set app_name_?

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
File components/os_crypt/key_storage_kwallet_unittest.cc (right):

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
components/os_crypt/key_storage_kwallet_unittest.cc:116: // Tests are an
unofficial build, so only Chromium will be used.
Umm, I think there exists an internal waterfall that runs tests for official
builds.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
components/os_crypt/key_storage_kwallet_unittest.cc:138: EXPECT_EQ("butter",
password);
Can we do EXPECT_STREQ(), and just drop |password|? Ditto on line 152 and more
below, and mmm, butter.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
File components/os_crypt/key_storage_linux.cc (right):

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
components/os_crypt/key_storage_linux.cc:21: base::LazyInstance<std::string>
g_product_name_ = LAZY_INSTANCE_INITIALIZER;
Sorry if I missed it earlier, but g_foo doesn't need the trailing underscore
since it's not a class member.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/kwa...
File components/os_crypt/kwallet_dbus.cc (right):

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/kwa...
components/os_crypt/kwallet_dbus.cc:361: if (!response.get()) {
No need for .get() here, ditto on line 390, and 414.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/kwa...
components/os_crypt/kwallet_dbus.cc:362: LOG(ERROR) << "Error contacting << " <<
kwalletd_name_
did you want the extra "<< " in the string? Ditto on line 391 and 415.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/kwa...
File components/os_crypt/kwallet_dbus.h (right):

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/kwa...
components/os_crypt/kwallet_dbus.h:106: // Writes a password to the current
folder.
"Write" to be consistent with all the comments above.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/kwa...
components/os_crypt/kwallet_dbus.h:115: // Returns "" if no such password
exists.
Clear |password_ptr| if no such password exists.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/kwa...
File components/os_crypt/kwallet_dbus_unittest.cc (right):

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/kwa...
components/os_crypt/kwallet_dbus_unittest.cc:286: if (i != int_1)
You put int_1 on the right side, but moved str_N to the left side below.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/kwa...
components/os_crypt/kwallet_dbus_unittest.cc:819: EXPECT_EQ("password",
password);
Can you use EXPECT_STREQ() here?

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/kwa...
components/os_crypt/kwallet_dbus_unittest.cc:855: EXPECT_EQ(true, success);
EXPECT_TRUE(success)

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/kwa...
components/os_crypt/kwallet_dbus_unittest.cc:869: EXPECT_EQ(false, success);
EXPECT_FALSE

[cfroussios, 2016-07-20 14:10:42]

The CQ bit was checked by cfroussios@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-07-20 14:11:09]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-07-20 15:06:29]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-07-20 15:06:30]

Dry run: This issue passed the CQ dry run.

[cfroussios, 2016-07-20 15:10:57]

Patchset #6 (id:100001) has been deleted

[cfroussios, 2016-07-20 15:12:26]

The CQ bit was checked by cfroussios@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-07-20 15:12:45]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[cfroussios, 2016-07-20 15:22:47]

https://codereview.chromium.org/2150543002/diff/80001/components/components_t...
File components/components_tests.gyp (right):

https://codereview.chromium.org/2150543002/diff/80001/components/components_t...
components/components_tests.gyp:1592:
'os_crypt/key_storage_kwallet_unittest.cc',
On 2016/07/20 01:08:26, Lei Zhang wrote:
> alphabetical order please

Done.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
File components/os_crypt/key_storage_kwallet.cc (right):

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
components/os_crypt/key_storage_kwallet.cc:17: const char kFolderName[] =
"Chrome Keys";
On 2016/07/20 01:08:26, Lei Zhang wrote:
> Any chance we can share these with the libsecret impl?

I moved them to KeyStorageLinux, mostly because these are also visible to the
user and should be consistent. Conceptually, reusing those doesn't mean much,
since KWallet and Libsecret have diffent structures. Libsecret doesn't even have
folders and doesn't rely on the name for lookup.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
components/os_crypt/key_storage_kwallet.cc:28: : desktop_env_(desktop_env),
handle_(0), app_name_(std::move(app_name)) {}
On 2016/07/20 01:08:26, Lei Zhang wrote:
> Should |handle_| be initialized to -1? Is 0 a valid value?

Both are invalid values, but let's just use -1, since that is what we check for
in line 99.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
components/os_crypt/key_storage_kwallet.cc:58: if (result ==
InitResult::TEMPORARY_FAIL)
On 2016/07/20 01:08:26, Lei Zhang wrote:
> if (result == InitResult::TEMPORARY_FAIL && kwallet_dbus_->StartKWalletd())
>   result = InitWallet();

I am not a big fan of conditions where the order of execution matters. I tend to
not pay attention, and I am not the only one. In this case, StartKWalletd is
costly (response times vary, up to several seconds) and we explicitly avoid
calling it when unnecessary.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
File components/os_crypt/key_storage_kwallet.h (right):

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
components/os_crypt/key_storage_kwallet.h:17: explicit
KeyStorageKWallet(base::nix::DesktopEnvironment desktop_env,
On 2016/07/20 01:08:26, Lei Zhang wrote:
> nit explicit

Done.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
components/os_crypt/key_storage_kwallet.h:18: std::string app_name);
On 2016/07/20 01:08:26, Lei Zhang wrote:
> Just pass by ref and set app_name_?

For constructors, this is supposed to perform better on average than passing by
reference. Not that this is likely to ever become hot. Is that a pattern we
don't care for in Chrome?

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
File components/os_crypt/key_storage_kwallet_unittest.cc (right):

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
components/os_crypt/key_storage_kwallet_unittest.cc:116: // Tests are an
unofficial build, so only Chromium will be used.
On 2016/07/20 01:08:26, Lei Zhang wrote:
> Umm, I think there exists an internal waterfall that runs tests for official
> builds.

Done. I added a comment about why I'm not pulling the values from
KeyStorageLinux itself.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
components/os_crypt/key_storage_kwallet_unittest.cc:138: EXPECT_EQ("butter",
password);
On 2016/07/20 01:08:26, Lei Zhang wrote:
> Can we do EXPECT_STREQ(), and just drop |password|? Ditto on line 152 and more
> below, and mmm, butter.

Butter from peanuts. 

GetKey() doesn't return a C string. |password| was just redundant.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
File components/os_crypt/key_storage_linux.cc (right):

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
components/os_crypt/key_storage_linux.cc:21: base::LazyInstance<std::string>
g_product_name_ = LAZY_INSTANCE_INITIALIZER;
On 2016/07/20 01:08:26, Lei Zhang wrote:
> Sorry if I missed it earlier, but g_foo doesn't need the trailing underscore
> since it's not a class member.

Done.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/kwa...
File components/os_crypt/kwallet_dbus.cc (right):

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/kwa...
components/os_crypt/kwallet_dbus.cc:361: if (!response.get()) {
On 2016/07/20 01:08:26, Lei Zhang wrote:
> No need for .get() here, ditto on line 390, and 414.

Done.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/kwa...
components/os_crypt/kwallet_dbus.cc:362: LOG(ERROR) << "Error contacting << " <<
kwalletd_name_
On 2016/07/20 01:08:26, Lei Zhang wrote:
> did you want the extra "<< " in the string? Ditto on line 391 and 415.

Done.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/kwa...
File components/os_crypt/kwallet_dbus.h (right):

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/kwa...
components/os_crypt/kwallet_dbus.h:106: // Writes a password to the current
folder.
On 2016/07/20 01:08:26, Lei Zhang wrote:
> "Write" to be consistent with all the comments above.

Done.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/kwa...
components/os_crypt/kwallet_dbus.h:115: // Returns "" if no such password
exists.
On 2016/07/20 01:08:26, Lei Zhang wrote:
> Clear |password_ptr| if no such password exists.

Done.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/kwa...
File components/os_crypt/kwallet_dbus_unittest.cc (right):

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/kwa...
components/os_crypt/kwallet_dbus_unittest.cc:286: if (i != int_1)
On 2016/07/20 01:08:26, Lei Zhang wrote:
> You put int_1 on the right side, but moved str_N to the left side below.

Done.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/kwa...
components/os_crypt/kwallet_dbus_unittest.cc:819: EXPECT_EQ("password",
password);
On 2016/07/20 01:08:26, Lei Zhang wrote:
> Can you use EXPECT_STREQ() here?

EXPECT_STREQ is for C strings.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/kwa...
components/os_crypt/kwallet_dbus_unittest.cc:855: EXPECT_EQ(true, success);
On 2016/07/20 01:08:26, Lei Zhang wrote:
> EXPECT_TRUE(success)

Done.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/kwa...
components/os_crypt/kwallet_dbus_unittest.cc:869: EXPECT_EQ(false, success);
On 2016/07/20 01:08:26, Lei Zhang wrote:
> EXPECT_FALSE

Done.

[commit-bot: I haz the power, 2016-07-20 16:15:54]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-07-20 16:15:55]

Dry run: This issue passed the CQ dry run.

[Lei Zhang, 2016-07-20 19:15:07]

lgtm, with a few more nitty bits.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
File components/os_crypt/key_storage_kwallet.cc (right):

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
components/os_crypt/key_storage_kwallet.cc:58: if (result ==
InitResult::TEMPORARY_FAIL)
On 2016/07/20 15:22:46, cfroussios wrote:
> On 2016/07/20 01:08:26, Lei Zhang wrote:
> > if (result == InitResult::TEMPORARY_FAIL && kwallet_dbus_->StartKWalletd())
> >   result = InitWallet();
> 
> I am not a big fan of conditions where the order of execution matters. I tend
to
> not pay attention, and I am not the only one. In this case, StartKWalletd is
> costly (response times vary, up to several seconds) and we explicitly avoid
> calling it when unnecessary.

But ordering of execution in if statements do matter and the left to right eval
ordering is a fact of life you have to live with. Writing it as a single if
statement doesn't change the behavior.

As an exaggeration, what if we had 4 conditions to check? Which should we use?

if (foo)
  if (bar)
    if (qux)
      if (baz)
        DoIt();

or

if (foo && bar && qux && baz)
  DoIt();

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
File components/os_crypt/key_storage_kwallet.h (right):

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
components/os_crypt/key_storage_kwallet.h:18: std::string app_name);
On 2016/07/20 15:22:46, cfroussios wrote:
> On 2016/07/20 01:08:26, Lei Zhang wrote:
> > Just pass by ref and set app_name_?
> 
> For constructors, this is supposed to perform better on average than passing
by
> reference. Not that this is likely to ever become hot. Is that a pattern we
> don't care for in Chrome?

Well, this is definitely not hot code, and I think (please double check) if you
want to use move semantics, you do "std::string&&" but the Chromium code base
has 2 instances of that, so in general, we are not quite there yet. Plus, I like
|g_product_name| being set once and staying the same.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/kwa...
File components/os_crypt/kwallet_dbus_unittest.cc (right):

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/kwa...
components/os_crypt/kwallet_dbus_unittest.cc:819: EXPECT_EQ("password",
password);
On 2016/07/20 15:22:47, cfroussios wrote:
> On 2016/07/20 01:08:26, Lei Zhang wrote:
> > Can you use EXPECT_STREQ() here?
> 
> EXPECT_STREQ is for C strings.

It is indeed, and this is shorter than EXPECT_STREQ("password",
password.c_str());

https://codereview.chromium.org/2150543002/diff/120001/components/os_crypt/ke...
File components/os_crypt/key_storage_kwallet_unittest.cc (right):

https://codereview.chromium.org/2150543002/diff/120001/components/os_crypt/ke...
components/os_crypt/key_storage_kwallet_unittest.cc:119: const std::string
expected_folder_name_ = "Chrome Keys";
Do these have to be class members? Can this be const char kFoo[] and sit around
line 30?

https://codereview.chromium.org/2150543002/diff/120001/components/os_crypt/ke...
File components/os_crypt/key_storage_linux.h (right):

https://codereview.chromium.org/2150543002/diff/120001/components/os_crypt/ke...
components/os_crypt/key_storage_linux.h:38: static const char* const
kFolderName;
Can these be static const char kFoo[] ?

[cfroussios, 2016-07-21 10:13:10]

The CQ bit was checked by cfroussios@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-07-21 10:13:28]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[cfroussios, 2016-07-21 11:49:46]

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
File components/os_crypt/key_storage_kwallet.cc (right):

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
components/os_crypt/key_storage_kwallet.cc:58: if (result ==
InitResult::TEMPORARY_FAIL)
On 2016/07/20 19:15:07, Lei Zhang wrote:
> On 2016/07/20 15:22:46, cfroussios wrote:
> > On 2016/07/20 01:08:26, Lei Zhang wrote:
> > > if (result == InitResult::TEMPORARY_FAIL &&
kwallet_dbus_->StartKWalletd())
> > >   result = InitWallet();
> > 
> > I am not a big fan of conditions where the order of execution matters. I
tend
> to
> > not pay attention, and I am not the only one. In this case, StartKWalletd is
> > costly (response times vary, up to several seconds) and we explicitly avoid
> > calling it when unnecessary.
> 
> But ordering of execution in if statements do matter and the left to right
eval
> ordering is a fact of life you have to live with. Writing it as a single if
> statement doesn't change the behavior.
> 
> As an exaggeration, what if we had 4 conditions to check? Which should we use?
> 
> if (foo)
>   if (bar)
>     if (qux)
>       if (baz)
>         DoIt();
> 
> or
> 
> if (foo && bar && qux && baz)
>   DoIt();

There might have been a miscommunication. I didn't say the behavior changes. My
objection is about readability.

Logical operators draw attention to the logic of the condition, whereas ifs draw
attention to the flow of execution. Every time I've seen code in Chrome where
right eval matters, they've also added a comment to note that. That's because
one might reorder a condition without thinking much about it. But why do it in a
way that requires a note, when you can have code that speaks for itself? People
don't invert nested blocks expecting things to be the same.

Aesthetically, in your example, too many nested ifs waste screen space. However,
in my specific case, the result doesn't suffer much. I don't think there needs
to be a one-size-fits-all rule here, such that we need to discuss which rule
gets worse in its extreme.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
File components/os_crypt/key_storage_kwallet.h (right):

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
components/os_crypt/key_storage_kwallet.h:18: std::string app_name);
On 2016/07/20 19:15:07, Lei Zhang wrote:
> On 2016/07/20 15:22:46, cfroussios wrote:
> > On 2016/07/20 01:08:26, Lei Zhang wrote:
> > > Just pass by ref and set app_name_?
> > 
> > For constructors, this is supposed to perform better on average than passing
> by
> > reference. Not that this is likely to ever become hot. Is that a pattern we
> > don't care for in Chrome?
> 
> Well, this is definitely not hot code, and I think (please double check) if
you
> want to use move semantics, you do "std::string&&" but the Chromium code base
> has 2 instances of that, so in general, we are not quite there yet. Plus, I
like
> |g_product_name| being set once and staying the same.

You don't need the "std::string&&" to take advantage of move semantics, because
std::string already has a move constructor. The idea is that |app_name| will be
constructed with the best constructor in each case:

1. If the input can be moved, it will be moved into |app_name| and then into
|app_name_|.
2. If stuff can't be moved, |app_name| will be a new copy, which will be moved
into |app_name_|. We would have had to create a copy anyway.

I don't quite understand your comment about |g_product_name|. Are you saying
that, since it won't change, we can pass pointers to it? Or that we would have
to cannibalize it, thus changing it? In the way that KeyStorageKWallet is used
now, it won't actually be moved. It is just a good pattern for constructors,
because it works both when you can and can't move.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/kwa...
File components/os_crypt/kwallet_dbus_unittest.cc (right):

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/kwa...
components/os_crypt/kwallet_dbus_unittest.cc:819: EXPECT_EQ("password",
password);
On 2016/07/20 19:15:07, Lei Zhang wrote:
> On 2016/07/20 15:22:47, cfroussios wrote:
> > On 2016/07/20 01:08:26, Lei Zhang wrote:
> > > Can you use EXPECT_STREQ() here?
> > 
> > EXPECT_STREQ is for C strings.
> 
> It is indeed, and this is shorter than EXPECT_STREQ("password",
> password.c_str());

Acknowledged.

https://codereview.chromium.org/2150543002/diff/120001/components/os_crypt/ke...
File components/os_crypt/key_storage_kwallet_unittest.cc (right):

https://codereview.chromium.org/2150543002/diff/120001/components/os_crypt/ke...
components/os_crypt/key_storage_kwallet_unittest.cc:119: const std::string
expected_folder_name_ = "Chrome Keys";
On 2016/07/20 19:15:07, Lei Zhang wrote:
> Do these have to be class members? Can this be const char kFoo[] and sit
around
> line 30?

Done.

https://codereview.chromium.org/2150543002/diff/120001/components/os_crypt/ke...
File components/os_crypt/key_storage_linux.h (right):

https://codereview.chromium.org/2150543002/diff/120001/components/os_crypt/ke...
components/os_crypt/key_storage_linux.h:38: static const char* const
kFolderName;
On 2016/07/20 19:15:07, Lei Zhang wrote:
> Can these be static const char kFoo[] ?

Done.

[commit-bot: I haz the power, 2016-07-21 12:03:54]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-07-21 12:03:55]

Dry run: This issue passed the CQ dry run.

[cfroussios, 2016-07-21 12:05:48]

Patchset #7 (id:140001) has been deleted

[cfroussios, 2016-07-21 12:07:13]

The CQ bit was checked by cfroussios@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-07-21 12:07:38]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-07-21 13:11:32]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-07-21 13:11:32]

Dry run: This issue passed the CQ dry run.

[Lei Zhang, 2016-07-21 21:07:39]

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
File components/os_crypt/key_storage_kwallet.cc (right):

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
components/os_crypt/key_storage_kwallet.cc:58: if (result ==
InitResult::TEMPORARY_FAIL)
On 2016/07/21 11:49:45, cfroussios wrote:
> There might have been a miscommunication. I didn't say the behavior changes.
My
> objection is about readability.

My objection is also about readability, but I just wanted to point out ordering
does matter for completeness. I wasn't suggesting we change the order.

> Logical operators draw attention to the logic of the condition, whereas ifs
draw
> attention to the flow of execution. Every time I've seen code in Chrome where
> right eval matters, they've also added a comment to note that. That's because
> one might reorder a condition without thinking much about it. But why do it in
a
> way that requires a note, when you can have code that speaks for itself?
People
> don't invert nested blocks expecting things to be the same.

Can you provide some examples to back up your claim that everyone adds comments
when the ordering matters? To counter your claim, look at
https://cs.chromium.org/search/?q=GetAsDictionary%5C(.*%26%26&sq=package:chro...
and see how many places first make sure base::Value::GetAsDictionary() succeeds
before using the pointer passed in to it. Nobody writes a comment to explain the
ordering.

People don't randomly reorder the insides of conditionals either. The only time
I've seen people bother to do so is when you have:

if (ExpensiveConstFunc() || completely_unrelated_bool)

in which case, reordering makes sense because |completely_unrelated_bool| is
much faster to evaluate and it can evaluate to false faster than
ExpensiveConstFunc(), where ExpensiveConstFunc() doesn't have any side effects.

> Aesthetically, in your example, too many nested ifs waste screen space.
However,
> in my specific case, the result doesn't suffer much. I don't think there needs
> to be a one-size-fits-all rule here, such that we need to discuss which rule
> gets worse in its extreme.

There's no one side fit all rule and my objection is not a strong one. In my
experience, oftentimes nested conditionals that are not strictly required can
make code harder to read, especially when the nesting goes too deep. That is why
I suggested combining the two if statements, especially considering they fit on
one line.

[Lei Zhang, 2016-07-21 21:08:06]

Description was changed from

==========
OSCrypt supports encryption with KWallet

Implemented KeyStorageLinux for KWallet.

BUG=602624
==========

to

==========
OSCrypt supports encryption with KWallet

Implemented KeyStorageLinux for KWallet.

BUG=602624
==========

[Lei Zhang, 2016-07-21 21:25:31]

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
File components/os_crypt/key_storage_kwallet.h (right):

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
components/os_crypt/key_storage_kwallet.h:18: std::string app_name);
On 2016/07/21 11:49:46, cfroussios wrote:
> On 2016/07/20 19:15:07, Lei Zhang wrote:
> > On 2016/07/20 15:22:46, cfroussios wrote:
> > > On 2016/07/20 01:08:26, Lei Zhang wrote:
> > > > Just pass by ref and set app_name_?
> > > 
> > > For constructors, this is supposed to perform better on average than
passing
> > by
> > > reference. Not that this is likely to ever become hot. Is that a pattern
we
> > > don't care for in Chrome?
> > 
> > Well, this is definitely not hot code, and I think (please double check) if
> you
> > want to use move semantics, you do "std::string&&" but the Chromium code
base
> > has 2 instances of that, so in general, we are not quite there yet. Plus, I
> like
> > |g_product_name| being set once and staying the same.
> 
> You don't need the "std::string&&" to take advantage of move semantics,
because
> std::string already has a move constructor. The idea is that |app_name| will
be
> constructed with the best constructor in each case:
> 
> 1. If the input can be moved, it will be moved into |app_name| and then into
> |app_name_|.
> 2. If stuff can't be moved, |app_name| will be a new copy, which will be moved
> into |app_name_|. We would have had to create a copy anyway.

+danakj to help provide guidance for the more academic portion of this
discussion. In general, are we ok with having functions that pass objects by
value with intention to std::move it? How do we make that intention clear?
Always pass objects by const-ref is a bit engrained in my head.

> I don't quite understand your comment about |g_product_name|. Are you saying
> that, since it won't change, we can pass pointers to it? Or that we would have
> to cannibalize it, thus changing it? In the way that KeyStorageKWallet is used
> now, it won't actually be moved. It is just a good pattern for constructors,
> because it works both when you can and can't move.

I expect |g_product_name| to be set once by the higher level, and remain the
same for the lifetime of its existence. Then it can be passed around by
const-ref and be used and copied as needed. The std::move() in the
KeyStorageKWallet ctor made me think this CL is trying to:
- setting |g_product_name| once
- clearing it as its value is being moved into KeyStorageKWallet::app_name

but now I see it's not actually being moved... this is confusing. . o O
(std::move() only casts, std::move() only casts)

[cfroussios, 2016-07-22 10:08:24]

The CQ bit was checked by cfroussios@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-07-22 10:08:34]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-07-22 11:19:38]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-07-22 11:19:39]

Dry run: Try jobs failed on following builders:
  linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED,
https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...)

[cfroussios, 2016-07-22 11:25:25]

Hi. I think we've settled most things. I'm going to give a bit of time for
danakj@ to respond. If what I'm doing is unusual, it can't hurt to be cautious
and get another opinion on it.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
File components/os_crypt/key_storage_kwallet.cc (right):

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
components/os_crypt/key_storage_kwallet.cc:58: if (result ==
InitResult::TEMPORARY_FAIL)
On 2016/07/21 21:07:39, Lei Zhang wrote:
> On 2016/07/21 11:49:45, cfroussios wrote:
> > There might have been a miscommunication. I didn't say the behavior changes.
> My
> > objection is about readability.
> 
> My objection is also about readability, but I just wanted to point out
ordering
> does matter for completeness. I wasn't suggesting we change the order.
> 
> > Logical operators draw attention to the logic of the condition, whereas ifs
> draw
> > attention to the flow of execution. Every time I've seen code in Chrome
where
> > right eval matters, they've also added a comment to note that. That's
because
> > one might reorder a condition without thinking much about it. But why do it
in
> a
> > way that requires a note, when you can have code that speaks for itself?
> People
> > don't invert nested blocks expecting things to be the same.
> 
> Can you provide some examples to back up your claim that everyone adds
comments
> when the ordering matters? To counter your claim, look at
>
https://cs.chromium.org/search/?q=GetAsDictionary%5C(.*%26%26&sq=package:chro...
> and see how many places first make sure base::Value::GetAsDictionary()
succeeds
> before using the pointer passed in to it. Nobody writes a comment to explain
the
> ordering.
> 
> People don't randomly reorder the insides of conditionals either. The only
time
> I've seen people bother to do so is when you have:
> 
> if (ExpensiveConstFunc() || completely_unrelated_bool)
> 
> in which case, reordering makes sense because |completely_unrelated_bool| is
> much faster to evaluate and it can evaluate to false faster than
> ExpensiveConstFunc(), where ExpensiveConstFunc() doesn't have any side
effects.
> 
> > Aesthetically, in your example, too many nested ifs waste screen space.
> However,
> > in my specific case, the result doesn't suffer much. I don't think there
needs
> > to be a one-size-fits-all rule here, such that we need to discuss which rule
> > gets worse in its extreme.
> 
> There's no one side fit all rule and my objection is not a strong one. In my
> experience, oftentimes nested conditionals that are not strictly required can
> make code harder to read, especially when the nesting goes too deep. That is
why
> I suggested combining the two if statements, especially considering they fit
on
> one line.

"Every time I've seen code in Chrome" is not comparable to "everyone" in my
case, I'm afraid.

The easiest example is the code that this came from
https://cs.chromium.org/chromium/src/chrome/browser/password_manager/native_b...

I've seen it once or twice more, but I don't quickly recall how to search for
it.

My experience with readability comes from outside of Chrome, so if you say that
this is normal in Chrome, let's go with your experience.

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
File components/os_crypt/key_storage_kwallet.h (right):

https://codereview.chromium.org/2150543002/diff/80001/components/os_crypt/key...
components/os_crypt/key_storage_kwallet.h:18: std::string app_name);
On 2016/07/21 21:25:31, Lei Zhang wrote:
> On 2016/07/21 11:49:46, cfroussios wrote:
> > On 2016/07/20 19:15:07, Lei Zhang wrote:
> > > On 2016/07/20 15:22:46, cfroussios wrote:
> > > > On 2016/07/20 01:08:26, Lei Zhang wrote:
> > > > > Just pass by ref and set app_name_?
> > > > 
> > > > For constructors, this is supposed to perform better on average than
> passing
> > > by
> > > > reference. Not that this is likely to ever become hot. Is that a pattern
> we
> > > > don't care for in Chrome?
> > > 
> > > Well, this is definitely not hot code, and I think (please double check)
if
> > you
> > > want to use move semantics, you do "std::string&&" but the Chromium code
> base
> > > has 2 instances of that, so in general, we are not quite there yet. Plus,
I
> > like
> > > |g_product_name| being set once and staying the same.
> > 
> > You don't need the "std::string&&" to take advantage of move semantics,
> because
> > std::string already has a move constructor. The idea is that |app_name| will
> be
> > constructed with the best constructor in each case:
> > 
> > 1. If the input can be moved, it will be moved into |app_name| and then into
> > |app_name_|.
> > 2. If stuff can't be moved, |app_name| will be a new copy, which will be
moved
> > into |app_name_|. We would have had to create a copy anyway.
> 
> +danakj to help provide guidance for the more academic portion of this
> discussion. In general, are we ok with having functions that pass objects by
> value with intention to std::move it? How do we make that intention clear?
> Always pass objects by const-ref is a bit engrained in my head.
> 
> > I don't quite understand your comment about |g_product_name|. Are you saying
> > that, since it won't change, we can pass pointers to it? Or that we would
have
> > to cannibalize it, thus changing it? In the way that KeyStorageKWallet is
used
> > now, it won't actually be moved. It is just a good pattern for constructors,
> > because it works both when you can and can't move.
> 
> I expect |g_product_name| to be set once by the higher level, and remain the
> same for the lifetime of its existence. Then it can be passed around by
> const-ref and be used and copied as needed. The std::move() in the
> KeyStorageKWallet ctor made me think this CL is trying to:
> - setting |g_product_name| once
> - clearing it as its value is being moved into KeyStorageKWallet::app_name
> 
> but now I see it's not actually being moved... this is confusing. . o O
> (std::move() only casts, std::move() only casts)

Yes, I am only defending this pattern in general. In this particular case, it
makes no real difference. We agree that |g_product_name| should not be a
temporary.

I tried to find documentation on the pattern, but I didn't find any specific
mentions. That's a bit weird, since I only learned about it from people within
Google. I'm really curious why it's not more common. If there is a pitfall I am
not aware of, or if it is considered too foreign and confusing for Chrome code,
I should know before slipping it past other reviews.

[Lei Zhang, 2016-07-23 00:23:24]

On 2016/07/22 11:25:25, cfroussios wrote:
> The easiest example is the code that this came from
>
https://cs.chromium.org/chromium/src/chrome/browser/password_manager/native_b...

Well, that's a more complicated statement to evaluate. If there's something
tricky / subtle, then it would certainly be good to note what's going on or
break the statement apart for the benefit of the reader. I just don't think our
simpler case is one of them, plus you already have comment above to explain
what's going on. Thus I don't think the nesting in this particular case helps.

[Lei Zhang, 2016-07-25 23:58:31]

On 2016/07/22 11:25:25, cfroussios wrote:
> Hi. I think we've settled most things. I'm going to give a bit of time for
> danakj@ to respond. If what I'm doing is unusual, it can't hurt to be cautious
> and get another opinion on it.

Please feel free to land this and not stall out.

I had a discussion about passing-by-value on another CL, though in that CL, the
caller always std::move()'d, whereas here, the only caller does not. It felt
unusual to me mainly because we've done always pass-by-const-ref for years, so
it's a bit engrained. Given this is a thing now, I'll stop being a grumpy old
fart and get with the program.

[cfroussios, 2016-07-26 08:13:53]

Cool! Thanks!

[cfroussios, 2016-07-26 08:23:00]

The CQ bit was checked by cfroussios@chromium.org

[cfroussios, 2016-07-26 08:23:01]

The patchset sent to the CQ was uploaded after l-g-t-m from thestig@chromium.org
Link to the patchset: https://codereview.chromium.org/2150543002/#ps180001
(title: "feedback")

[commit-bot: I haz the power, 2016-07-26 08:23:24]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-07-26 09:18:27]

Description was changed from

==========
OSCrypt supports encryption with KWallet

Implemented KeyStorageLinux for KWallet.

BUG=602624
==========

to

==========
OSCrypt supports encryption with KWallet

Implemented KeyStorageLinux for KWallet.

BUG=602624
==========

[commit-bot: I haz the power, 2016-07-26 09:18:29]

Committed patchset #8 (id:180001)

[commit-bot: I haz the power, 2016-07-26 09:20:27]

Description was changed from

==========
OSCrypt supports encryption with KWallet

Implemented KeyStorageLinux for KWallet.

BUG=602624
==========

to

==========
OSCrypt supports encryption with KWallet

Implemented KeyStorageLinux for KWallet.

BUG=602624

Committed: https://crrev.com/2e6729a44f5a07c939209bce99f803dc90c5966f
Cr-Commit-Position: refs/heads/master@{#407746}
==========

[commit-bot: I haz the power, 2016-07-26 09:20:28]

Patchset 8 (id:??) landed as
https://crrev.com/2e6729a44f5a07c939209bce99f803dc90c5966f
Cr-Commit-Position: refs/heads/master@{#407746}

[pdknsk, 2016-08-21 07:36:53]

https://codereview.chromium.org/2150543002/diff/180001/components/os_crypt/ke...
File components/os_crypt/key_storage_linux.cc (right):

https://codereview.chromium.org/2150543002/diff/180001/components/os_crypt/ke...
components/os_crypt/key_storage_linux.cc:20: #if defined(OFFICIAL_BUILD)
There is a minor bug here in Chromium reporting itself as Chrome, since Chromium
is usually also build with IS_OFFICIAL_BUILD. GOOGLE_CHROME_BUILD works.

[pdknsk, 2016-08-21 07:43:22]

I mean is_official_build.

https://cs.chromium.org/chromium/src/build/config/BUILD.gn?l=249

[Lei Zhang, 2016-08-22 17:09:50]

https://codereview.chromium.org/2150543002/diff/180001/components/os_crypt/ke...
File components/os_crypt/key_storage_linux.cc (right):

https://codereview.chromium.org/2150543002/diff/180001/components/os_crypt/ke...
components/os_crypt/key_storage_linux.cc:20: #if defined(OFFICIAL_BUILD)
On 2016/08/21 07:36:53, pdknsk wrote:
> There is a minor bug here in Chromium reporting itself as Chrome, since
Chromium
> is usually also build with IS_OFFICIAL_BUILD. GOOGLE_CHROME_BUILD works.

Thanks for noticing. Will fix.

[cfroussios, 2016-08-22 17:13:33]

On 2016/08/22 17:09:50, Lei Zhang wrote:
>
https://codereview.chromium.org/2150543002/diff/180001/components/os_crypt/ke...
> File components/os_crypt/key_storage_linux.cc (right):
> 
>
https://codereview.chromium.org/2150543002/diff/180001/components/os_crypt/ke...
> components/os_crypt/key_storage_linux.cc:20: #if defined(OFFICIAL_BUILD)
> On 2016/08/21 07:36:53, pdknsk wrote:
> > There is a minor bug here in Chromium reporting itself as Chrome, since
> Chromium
> > is usually also build with IS_OFFICIAL_BUILD. GOOGLE_CHROME_BUILD works.
> 
> Thanks for noticing. Will fix.

Could we elaborate a little on which distribution is both "official" and
"chromium"? My information is that Google doesn't distribute Chromium builds,
and nobody else can make official builds.

[Lei Zhang, 2016-08-22 17:13:42]

On 2016/08/22 17:09:50, Lei Zhang wrote:
> Thanks for noticing. Will fix.

https://codereview.chromium.org/2264163002

[Lei Zhang, 2016-08-22 17:37:33]

On 2016/08/22 17:13:33, cfroussios wrote:
> Could we elaborate a little on which distribution is both "official" and
> "chromium"? My information is that Google doesn't distribute Chromium builds,
> and nobody else can make official builds.

There may be Chromium packagers who turn on OFFICIAL_BUILD? In any case, we
shouldn't confuse OFFICIAL_BUILD and GOOGLE_CHROME_BUILD.

[cfroussios, 2016-08-22 17:51:53]

On 2016/08/22 17:37:33, Lei Zhang wrote:
> On 2016/08/22 17:13:33, cfroussios wrote:
> > Could we elaborate a little on which distribution is both "official" and
> > "chromium"? My information is that Google doesn't distribute Chromium
builds,
> > and nobody else can make official builds.
> 
> There may be Chromium packagers who turn on OFFICIAL_BUILD? In any case, we
> shouldn't confuse OFFICIAL_BUILD and GOOGLE_CHROME_BUILD.

I have no objection to correcting this. Thanks both for addressing the issue!