From 69e6306edae1b54fe793b9392b35790754213460 Mon Sep 17 00:00:00 2001
From: Fabio Scotto di Santolo <fscottodev@pm.me>
Date: Wed, 18 Mar 2026 13:15:35 +0100
Subject: [PATCH] Fix GNOME keyring alias detection

Parse the Secret Service default alias object path so iCloud password storage only skips when the login keyring is actually unset. Remove the unused scripts placeholder file.
---
 .../roles/profile_desktop_i3/tasks/main.yml   | 22 +++++++++++++++++--
 scripts/.gitkeep                              |  0
 2 files changed, 20 insertions(+), 2 deletions(-)
 delete mode 100644 scripts/.gitkeep

diff --git a/ansible/roles/profile_desktop_i3/tasks/main.yml b/ansible/roles/profile_desktop_i3/tasks/main.yml
index 9ec7012..163df0d 100644
--- a/ansible/roles/profile_desktop_i3/tasks/main.yml
+++ b/ansible/roles/profile_desktop_i3/tasks/main.yml
@@ -137,6 +137,23 @@
     - (vault_icloud_mail_password | default('')) | length > 0
     - desktop_user_bus_address | default('') | length > 0
 
+- name: Set GNOME Keyring default collection path
+  ansible.builtin.set_fact:
+    icloud_keyring_default_alias_path: >-
+      {{
+        (
+          icloud_keyring_default_alias.stdout
+          | default('')
+          | regex_findall("objectpath '([^']+)'")
+          | first
+        )
+        | default('')
+      }}
+  when:
+    - (vault_icloud_mail_password | default('')) | length > 0
+    - desktop_user_bus_address | default('') | length > 0
+    - icloud_keyring_default_alias.rc | default(1) == 0
+
 - name: Store iCloud mail password in GNOME Keyring
   ansible.builtin.command:
     cmd: secret-tool store --label="iCloud Mail" icloud-mail icloud
@@ -156,7 +173,8 @@
     - (vault_icloud_mail_password | default('')) | length > 0
     - desktop_user_bus_address | default('') | length > 0
     - icloud_keyring_default_alias.rc | default(1) == 0
-    - "\"/\" not in (icloud_keyring_default_alias.stdout | default(''))"
+    - (icloud_keyring_default_alias_path | default('')) | length > 0
+    - (icloud_keyring_default_alias_path | default('')) != '/'
 
 - name: Warn when iCloud keyring storage is skipped
   ansible.builtin.debug:
@@ -166,7 +184,7 @@
       No saved DBus session address was found in {{ user_home }}/.dbus-session-bus-address.
       {% elif icloud_keyring_default_alias.rc | default(1) != 0 %}
       The Secret Service default alias could not be queried for {{ username }}.
-      {% elif '"/"' in (icloud_keyring_default_alias.stdout | default('')) %}
+      {% elif (icloud_keyring_default_alias_path | default('')) == '/' %}
       The Secret Service default alias is unset, so the login keyring is not initialized.
       {% endif %}
       Ensure a graphical user session is active, the login keyring exists and is unlocked, then run:
diff --git a/scripts/.gitkeep b/scripts/.gitkeep
deleted file mode 100644
index e69de29..0000000