Description of the issue:
During some startups Brave fails to initialize the sync chain. Instead, it leaves the sync chain and I have to sign in back. In addition, I get logged out of most online services (Google, Linkedin, etc). Surprisingly, there are few services where my online session persists (Bluesky and Tutamail) - probably, they use some different session storage. This occurs quite rarely, like once per few weeks. However, today it occurred twice.
The system journal has this record at the time of issue:
märts 25 19:42:50 desktop gnome-keyring-daemon[2152]: asked to register item /org/freedesktop/secrets/collection/login/1, but it's already registered
märts 25 19:42:50 desktop gnome-keyring-daemon[2152]: asked to register item /org/freedesktop/secrets/collection/login/2, but it's already registered
märts 25 19:42:50 desktop brave-browser.desktop[15306]: [15307:15307:0325/194250.729773:ERROR:brave_sync_prefs.cc(143)] Decrypt sync seed failure
which probably occurs here:
I would be happy to provide more information if you share any ideas how can I debug it!
Any ideas if state of the browser can be restored somehow? Looks like it fails to decrypt the keychain, but I guess it still has the profile data on the filesystem. Is it possible e.g. to copy some profile files to restore the session data + keychain in such cases? I failed to find the place where Brave stores the session data, unfortunately.
Steps to Reproduce (add as many as necessary): 1. 2. 3.
Open Brave
Navigate to any web service where user was previously signed in - services typically show the login page
As mentioned before, this issue occurs randomly
Reproduces how often:
Brave Version(See the About Brave page in the main menu):
1.76.81
Type of devices currently running on the Sync chain in question:
Desktop PC (Fedora Linux)
Laptop (Fedora Linux)
iPad
iPhone 15
@fossuser08923 I just want to confirm since you’re listing multiple devices, does this happen to all devices or only on one?
I’m wanting to assume this is just on your Linux. If so, I am wondering if it might be related to your keychain. In particular, if it’s not being unlocked before Brave.
I didn’t check your Github link. I’m not a developer or Support from Brave. Definitely very limited on what I know and can do. Just was sharing that first bit even though it may be common sense for you.
If you do have Brave listed for the keychain and it’s running before Brave, then we’ll tag in some from Brave. Also if you’re experiencing the issue of being signed out of sync or websites on any of the other devices, it would be good to know as that shouldn’t be happening either.
1. Make sure GNOME Keyring is unlocked before launching Brave:
Sometimes if the keyring isn’t unlocked automatically at login, Brave can’t retrieve the credentials it needs to decrypt the sync seed. You can use the “Passwords and Keys” app (called seahorse) to check your keyring settings. Try setting it to unlock automatically when you log in.
2. Check for duplicate or conflicting entries in the keyring:
Open seahorse and look for any duplicate entries related to Brave. If you see multiple items that seem related to sync or Brave credentials, it might help to delete them and then restart Brave so it can create a clean entry.
Sorry, I missed this part in the “description” section: yes, it happens in Linux (Fedora) only. I also have Windows installation with Brave, but i had never experienced this problem in Windows, so it seems to be Linux-only issue.
Thanks for link; although my case seems to be something different, but it gives some insights about how keychain (OSCrypt<-> Libsecret) works in Brave for Linux. It might help to troubleshoot the issue.
From what I see in seahorse, the keyring is unlocked. I can lock it explicitly via seahorse, and the next time I run Brave, browser asks the user’s password to unlock it. Looks like Brave has no problem with handling the locked keyring.
Regarding suspicious records in Keychain - there are multiple records; seems that every Chromium-based browser creates them. So I have items like “Brave Safe Storage”, “Chrome Safe Storage Control” and “Chromium Safe Storage”.
The “Chrome Safe Storage Control” is interesting one. It has a description:
Because of quirks in the gnome libsecret API, Chrome needs to store a dummy entry to guarantee that this keyring was properly unlocked. More details at http://crbug.com/660005.
I’m not sure which browser created this record - Brave, Vivaldi (I have it too) or Chrome (I uninstalled it), but it looks related to the problem with keyring. The discussion by the links suggests that:
Under certain conditions, gnome libsecret methods that perform a lookup
in keyring may ignore a locked keyring and return empty results, instead
of unlocking said keyring
and it looks like a legit cause I think. Libsecret returns an empty value → Brave cannot use it to decrypt the synced data. I wonder if creation a similar record like “Brave Safe Storage Control” could fix this…
@fossuser08923 interesting and definitely beyond my realm of knowledge. In terms of you being signed out of accounts, I’m wondering if it’s tied with https://github.com/brave/brave-browser/issues/44789#issuecomment-2755396387 where they finally were able to replicate the issue of people being logged out when closing the browser. Much as indicated earlier, they are seeing a potential issue with OCScrypt.
I’m not sure if that also would do anything with Sync. Let me tag in @Mattches as he’ll have a lot more insight on everything.
Looks like there was some fix applied just a hour ago:
Hopefully, this issue will be resolved on the next release.
Meanwhile, I accidentally reproduced the same with Vivaldi browser - I was checking some keychain parameters from my previous post (Random sign out from sync chain and from most of online accounts on browser start - #5 by fossuser08923) and accidentally deleted some items needed by that browser. Result was the same - my Vivaldi profile was kicked from sync chain and all online sessions were terminated too. Looks pretty much close to what I had with Brave. Seems that system keychain affects both synchronization and online sessions