No PEM-encoded private key found

[mikolajpochec]

Describe the bug

On launch, the extension throws an error below. This prevents a user from connecting to any devices in the network. OpenSSL is installed and is working correctly.

No PEM-encoded private key found

Gio.TlsCertificate.new_for_paths@file:///home/mp/.local/share/gnome-shell/extensions/[email protected]/service/init.js:370:31
_initCertificate@file:///home/mp/.local/share/gnome-shell/extensions/[email protected]/service/backends/lan.js:192:48
start@file:///home/mp/.local/share/gnome-shell/extensions/[email protected]/service/backends/lan.js:458:18
_loadBackends@file:///home/mp/.local/share/gnome-shell/extensions/[email protected]/service/manager.js:295:25
start@file:///home/mp/.local/share/gnome-shell/extensions/[email protected]/service/manager.js:498:14
vfunc_startup@file:///home/mp/.local/share/gnome-shell/extensions/[email protected]/service/daemon.js:244:22
vfunc_handle_local_options@file:///home/mp/.local/share/gnome-shell/extensions/[email protected]/service/daemon.js:641:18
_init/GLib.MainLoop.prototype.runAsync/</<@resource:///org/gnome/gjs/modules/core/overrides/GLib.js:263:34

Steps to reproduce

1. Download GSConnect from extensions.gnome.org or install Nightly Build.
2. Enable extension.

Expected behavior

No errors, easy connection.

GSConnect version

58

Installed from

GNOME Extensions website

GNOME Shell version

47

Linux distribution/release

Fedora 41

Paired device(s)

Iphone SE 2 (cannot pair)

KDE Connect app version

0.4.1 (1)

Plugin(s)

No response

Support log

GSConnect: 58 (user)
GJS:       18200
Session:   wayland
OS:        Fedora Linux 41 (Workstation Edition)
--------------------------------------------------------------------------------
Nov 17 16:56:42 extension-manag[24895]: Finalizing ExmCommentTile 0x56221acea390, but it still has children left:
                                           - GtkBox 0x562219697450
Nov 17 16:56:42 extension-manag[24895]: Finalizing ExmCommentTile 0x56221acf4f10, but it still has children left:
                                           - GtkBox 0x56221acf29d0
Nov 17 16:56:42 extension-manag[24895]: Finalizing ExmCommentTile 0x56221b4302a0, but it still has children left:
                                           - GtkBox 0x5622196080f0
Nov 17 16:56:42 extension-manag[24895]: Finalizing ExmCommentTile 0x56221ab1bfe0, but it still has children left:
                                           - GtkBox 0x56221ab1cc40
Nov 17 16:56:42 extension-manag[24895]: Finalizing ExmCommentTile 0x56221b506d00, but it still has children left:
                                           - GtkBox 0x56221b507950
Nov 17 16:56:42 com.mattjakeman.ExtensionManager.desktop[24895]: <p>Great! It didn&#x27;t work on the latest Fedora 41 with Gnome 47.1, but after I did what I wrote &quot;grahams&quot; below, everything worked.</p>
Nov 17 16:56:42 com.mattjakeman.ExtensionManager.desktop[24895]: Root Node discovered: html
Nov 17 16:56:42 com.mattjakeman.ExtensionManager.desktop[24895]: Ignored element html
Nov 17 16:56:42 com.mattjakeman.ExtensionManager.desktop[24895]: Ignored element body
Nov 17 16:56:42 com.mattjakeman.ExtensionManager.desktop[24895]: <p>It&#x27;s working fine with Gnome 47 I did exactly what Grahams did and it&#x27;s working fine for me.</p>
Nov 17 16:56:42 com.mattjakeman.ExtensionManager.desktop[24895]: Root Node discovered: html
Nov 17 16:56:42 com.mattjakeman.ExtensionManager.desktop[24895]: Ignored element html
Nov 17 16:56:42 com.mattjakeman.ExtensionManager.desktop[24895]: Ignored element body
Nov 17 16:56:42 com.mattjakeman.ExtensionManager.desktop[24895]: <p>Its very Nice. Bunt Incompatible to Gnome 47, please Update</p>
Nov 17 16:56:42 com.mattjakeman.ExtensionManager.desktop[24895]: Root Node discovered: html
Nov 17 16:56:42 com.mattjakeman.ExtensionManager.desktop[24895]: Ignored element html
Nov 17 16:56:42 com.mattjakeman.ExtensionManager.desktop[24895]: Ignored element body
Nov 17 16:56:42 com.mattjakeman.ExtensionManager.desktop[24895]: <p>dark_witcher This extension works with GNOME 47, but you have to enable the Disable version validation switch on the Installed extensions page and install the extension.</p>
Nov 17 16:56:42 com.mattjakeman.ExtensionManager.desktop[24895]: Root Node discovered: html
Nov 17 16:56:42 com.mattjakeman.ExtensionManager.desktop[24895]: Ignored element html
Nov 17 16:56:42 com.mattjakeman.ExtensionManager.desktop[24895]: Ignored element body
Nov 17 16:56:42 com.mattjakeman.ExtensionManager.desktop[24895]: <p>If Grahams is correct, could we get an update so it supports installation on gnome 47?</p>
Nov 17 16:56:42 com.mattjakeman.ExtensionManager.desktop[24895]: Root Node discovered: html
Nov 17 16:56:42 com.mattjakeman.ExtensionManager.desktop[24895]: Ignored element html
Nov 17 16:56:42 com.mattjakeman.ExtensionManager.desktop[24895]: Ignored element body
Nov 17 16:56:44 dbus-broker-launch[22663]: Noticed file-system modification, trigger reload.
Nov 17 16:56:44 dbus-broker-launch[22663]: Service file '/usr/share//dbus-1/services/gnome-vfs-daemon.service' is not named after the D-Bus name 'org.gnome.GnomeVFS.Daemon'.
Nov 17 16:56:44 dbus-broker-launch[22663]: Policy to allow eavesdropping in /usr/share/dbus-1/session.conf +31: Eavesdropping is deprecated and ignored
Nov 17 16:56:44 dbus-broker-launch[22663]: Policy to allow eavesdropping in /usr/share/dbus-1/session.conf +33: Eavesdropping is deprecated and ignored
Nov 17 16:56:44 gnome-shell[22800]: meta_window_set_stack_position_no_sync: assertion 'window->stack_position >= 0' failed
Nov 17 16:56:44 gnome-shell[22800]: meta_window_set_stack_position_no_sync: assertion 'window->stack_position >= 0' failed
Nov 17 16:56:44 gnome-shell[22800]: meta_window_set_stack_position_no_sync: assertion 'window->stack_position >= 0' failed

Screenshots

Notes

No response

[ferdnyc]

@mikolajpochec

Hmm, strange. Can you check whether you have a $HOME/.config/gsconnect/ directory, what (if anything) is in it, and whether those files / that directory is owned by and writable by your user account?

It should look vaguely like this,

$ ls -ld ~/.config/gsconnect; ls -l ~/.config/gsconnect
drwxr-xr-x. 2 ferd ferd 4.1k Sep 25  2020 /home/ferd/.config/gsconnect
total 21k
-rw-------. 1 ferd ferd 1.2k Nov 19  2017 certificate.pem
-rw-------. 1 ferd ferd 1.9k Jun 25  2020 id-gsconnect
-rw-------. 1 ferd ferd 1.2k Sep 25  2020 id-gsconnect-cert.pub
-rwx------. 1 ferd ferd  391 Jun 25  2020 id-gsconnect.pub
-rw-------. 1 ferd ferd 1.8k Nov 19  2017 private.pem

One of the only things I can think of that might cause this is if the config directory is accidentally owned by root or set read-only, GSConnect might not be able to create the files it needs to store in that directory.

The error GSConnect logged shows it's dying at line 370 of service/init.js, which is right after it runs the command

openssl req -new -x509 -sha256 \
-out $HOME/.config/gsconnect/certificate.pem \
-newkey rsa:4096 -nodes \
-keyout $HOME/.config/gsconnect/private.pem \
-days 3650 \
-subj '/O=andyholmes.github.io/OU=GSConnect/CN=$RANDOM_UUID_STRING'

...and then checks that the certificate.pem and private.pem files have been created as expected.

So, if openssl couldn't create the files, that would be a problem that could manifest this way.

(You can also try running that command yourself — just insert anything for $RANDOM_UUID_STRING, like gsconnect-dummy-id; doesn't matter — and see if you hit any problems.

If you do, then that's why GSConnect failed as well. If you don't, then the files should be there and usable by GSConnect as well, so win/win.)

[mikolajpochec]

Hello, I am so sorry for late reply. This directory indeed exists, and it has read-write permissions:

mp@fedora:~/.config$ ls -l gsconnect/
total 0
-rw-r--r--. 1 mp mp 0 Nov 17 15:27 certificate.pem
-rw-------. 1 mp mp 0 Nov 17 15:27 private.pem

And well, I run this command you've written, and in terminal it does successfuly execute (it outputs some kind of '.' and '+' string; as far as I understand, it's some kind of a private image?). What I am concerned about, is that I have only two files here...

[mikolajpochec]

Well, problem solved. I have reinstalled the extension (it's the same version) from Fedora's repository... I don't know what was the problem earlier. Thank you for help though! I won't close the issue now, in case if someone would like to investigate it further.

[ferdnyc]

Hello, I am so sorry for late reply. This directory indeed exists, and it has read-write permissions:

mp@fedora:~/.config$ ls -l gsconnect/
total 0
-rw-r--r--. 1 mp mp 0 Nov 17 15:27 certificate.pem
-rw-------. 1 mp mp 0 Nov 17 15:27 private.pem

The interesting thing there, though, is the SIZE of those files: They're both empty. So, something clearly went wrong when generating them originally.

I'd probably have suggested deleting them and letting them be re-created (although if you ran the openssl command manually, it may have overwritten them at that point), but if a reinstall fixed it then great. Presumably what you'll see if you look in that directory now are (at least) two files larger than 0 bytes in size.

What I am concerned about, is that I have only two files here...

That, I wouldn't worry about. The other files are for the SSH connectivity used by the file-sharing plugin, if you haven't mounted a shared directory yet then it makes sense you wouldn't have those. (They definitely wouldn't be created until your two devices could at least communicate.)

I won't close the issue now, in case if someone would like to investigate it further.

Thanks, yeah normally I'd say that if a reinstall fixed it, then that's good enough and there isn't much we can do... but if the original problem was that there were existing, empty credential files that were blocking the creation of valid ones, and that was enough to prevent GSConnect from establishing connectivity with other devices, then that's something we probably can try to detect, and to handle more intelligently.