[Bug 710038] New: Xfce should setup/start/configur gnome-keyring in the same way GNOME does

bugzilla_noreply＠novell.com

3 Aug 2011 3 Aug '11

13:53

https://bugzilla.novell.com/show_bug.cgi?id=710038 https://bugzilla.novell.com/show_bug.cgi?id=710038#c0 Summary: Xfce should setup/start/configur gnome-keyring in the same way GNOME does Classification: openSUSE Product: openSUSE 11.4 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Xfce AssignedTo: bnc-team-xfce@forge.provo.novell.com ReportedBy: rschweikert@suse.com QAContact: qa@suse.de Found By: --- Blocker: --- When logging into a GNOME session gnome-keyring management is setup in such a way that both ssh key management is enabled and the osc commands find and access gnome-keyring. The keyring needs to be unlocked only once per session, after that osc commands can access the key and it is not necessary to store account credentials in $HOME/.oscrc The work around is to enable "Launch GNOME services on startup" in the "Advanced" tab of the "Session and Startup". However, this results in too many services running. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Show replies by date

bugzilla_noreply＠novell.com

3 Aug 3 Aug

13:55

New subject: [Bug 710038] Xfce should setup/start/configur gnome-keyring in the same way GNOME does

https://bugzilla.novell.com/show_bug.cgi?id=710038 https://bugzilla.novell.com/show_bug.cgi?id=710038#c1 --- Comment #1 from Robert Schweikert 2011-08-03 13:55:35 UTC --- Adding information posted to opensuse-xfce list on this topic: Initial post: Hi, Just switched to Xfce recently and have run across a couple of things that appear to be start up service related when compared to GNOME. First, when building a package locally using osc, I end up with an "401 Authentication" error. Pocking around a bit this appears to be gnome-keyring related. However, I have gnome-keyring-daemon running and marked as "autostart". When I used GNOME I didn't do anything special, osc just worked. Anyone has any idea what I need to do to get the keyring usage working again? Second, also authentication related, I now need to enter my passphrase when using key-authenticated ssh login. I suppose GNOME by default starts an ssh agent thus that the passphrase only gets entered once? How do I accomplish this with Xfce. The "autostratup" has an entry for "SSH Key Agent". What am I missing? Follow up post: When I turn on "Launch GNOME services on startup" in the "Advanced" tab of the "Session and Startup" settings I can get the behavior back I am used to in GNOME, i.e. when I ssh to a machine for the first time I get a dialog box that lets me type in my passphrase. Once I do this the key is "unlocked" and I can log into any machine without needing to enter my passphrase again. However, enabeling this also means that I am running more stuff than I probably want. I compared the list of processes running with the GNOME services launced and without and compared them. However, nothing sticks out as providing this nice "unlock the key" feature. Thus I am not certain how to enable just that service to allow me to disable the "Launch GNOME services on startup" setting again. Guido's response: you shouldn't use that setting, g-k-d is started through the PAM module so that no additional password needs to be entered to unlock it. It also needs to be initialized from the session and I suspect something isn't working right there (either the xdg autostart or session startup script) but I haven't had the time to investigate it yet. Feel free to open a bug to track this, it'll be needed anyway for a SRU. Karl's response: Traditionally, I have in my .xinitrc: eval `ssh-agent -s` ssh-add ~/.ssh/identity ~/.ssh/id_rsa & which is ugly, and probably no longer needed, but "works". -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

9 Aug 9 Aug

10:21

New subject: [Bug 710038] Xfce should setup/start/configur gnome-keyring in the same way GNOME does

https://bugzilla.novell.com/show_bug.cgi?id=710038 https://bugzilla.novell.com/show_bug.cgi?id=710038#c2 --- Comment #2 from Guido Berhörster 2011-08-09 10:21:06 UTC --- The current situation is a bit complicated, having gnome-keyring automatically unlocked on login involves a startup process in two steps, first it must be started and unlocked via the PAM module on login and after that the desired components (e.g. gpg-/shh-agent functionality) need to be initialized again and certain environment variables need to be set for the session. Details are at http://live.gnome.org/GnomeKeyring/RunningDaemon. The main problem with the current Xfce desktop is that these environment variables are not properly set if GNOME-compatibility mode is disabled. Because the components of gnome-keyring are initialized from desktop files in /etc/xdg/autostart the environment variables printed to stdout are simply lost. When using GNOME, gnome-keyring passes the environment variables via DBus to gnome-session, Xfce however doesn't implement that DBus interface and the only way to get these environment variables is enabling the GNOME-compatibility mode in xfce4-session which will run gnome-keyring --start again, capture its output and set the environment variables accordingly. This has two unwanted side-effects, gnome-keyring --start seems to enable all of gnome-keyring's components making it impossible to selectively disable components by modifying the corresponding autostart files and of course xfce4-session's GNOME-compatibility mode will also start everything in /etc/xdg/autostart which is marked OnlyShowIn=GNOME. A separate but related problem affects the usage of plain GPG/SSH-agents without gnome-keyring. gpg-agent which can also provides ssh-agent functionality is started twice by default, first in /etc/X11/xdm/sys.xsession and later again in /etc/xdg/xfce4/xinitrc and that even if the gpg-agent functionality of gnome-keyring is used. /etc/X11/xdm/sys.xsession will not try to start ssh-agent if gnome-keyring is already running (although a running gnome-keyring does not necessarily imply that ssh-agent functionality will be provided because that could be disabled). /etc/X11/xdm/sys.xsession will however unconditionally start either seahorse-agent if seahorse is installed and the session is GNOME (although it would be perfectly fine to use with Xfce) or fall back to gpg-agent if installed. When gnome-keyring provides gpg-agent functionality this results in a useless seahorse-/gpg-agent process running in the session and is also inconsistent with how ssh-agent is handled. /etc/xdg/xfce4/xinitrc then does not detect an already running gpg-agent and starts yet another instance of gpg-agent with ssh-agent functionality (which may also be potentially useless if the corresponding gnome-keyring functionality is enabled) and thereby breaks the usage of plain ssh-/gpg-agent. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

31 Aug 31 Aug

21:15

New subject: [Bug 710038] Xfce should setup/start/configur gnome-keyring in the same way GNOME does

https://bugzilla.novell.com/show_bug.cgi?id=710038 https://bugzilla.novell.com/show_bug.cgi?id=710038#c3 --- Comment #3 from Robert Schweikert 2011-08-31 21:15:36 UTC --- OK, trying to find a different way to make this work. So if I would start gnome-keyring-daemon from my login script, i.e. .login for C-shell and derivatives, and set GNOME_KEYRING_CONTROL GNOME_KEYRING_PID in the environment is this sufficient to get things moving or is the login shell too late? In http://live.gnome.org/GnomeKeyring/Pam it is proclaimed that PAM looks for GNOME_KEYRING_CONTROL. Therefore my thought about getting things rolling in login Thoughts? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

22:33

New subject: [Bug 710038] Xfce should setup/start/configur gnome-keyring in the same way GNOME does

https://bugzilla.novell.com/show_bug.cgi?id=710038 https://bugzilla.novell.com/show_bug.cgi?id=710038#c4 --- Comment #4 from Guido Berhörster 2011-08-31 22:33:30 UTC --- (In reply to comment #3)

...

OK, trying to find a different way to make this work.

So if I would start gnome-keyring-daemon from my login script, i.e. .login for C-shell and derivatives, and set

GNOME_KEYRING_CONTROL GNOME_KEYRING_PID

in the environment is this sufficient to get things moving or is the login shell too late?

Yes, that's too late, it will only affect the current shell. This would have to go into the session wrapper, but rather than such a hack the real solution would be to move the gnome-keyring support out of the GNOME compatibility mode of xfce4-session and make it a separate option. That's something I need to bring up with upstream but haven't gotten round to yet. Unfortunately even that would not provide the ability to selectively enable/disable gnome-keyring components through autostart files because xfce4-session does not support early autostart files and modification of the session environment through DBus. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

1 Sep 1 Sep

13:15

New subject: [Bug 710038] Xfce should setup/start/configur gnome-keyring in the same way GNOME does

https://bugzilla.novell.com/show_bug.cgi?id=710038 https://bugzilla.novell.com/show_bug.cgi?id=710038#c5 --- Comment #5 from Robert Schweikert 2011-09-01 13:15:00 UTC --- Well, one would think there must be some kind of work-around that lets me run gnome-keyring such that it is actually useful. The background here is that it really bothers me to have my password in plain text format stored in .oscrc and apparently the keyring is the solution to this. So I tried: eval `/usr/bin/gnome-keyring-daemon --daemonize` in my .xinitrc file. But the result was not pleasant. By the time the desktop was up and operational I had 3 gnome-keyring-daemon processes running, for whatever reason. How and why would that happen? The second undesirable side effect was that the nm_applet was running but it was not showing up in the panel and I was unable to connect to a network. The environment didn't appear to be completely setup either, the GPG and KEYRING environment variables were set but the SSH environment was not set. I'd like to find some way, however hacky it may be to get the keyring stuff running. This at least would keep me going until a better solution is available from Xfce upstream. Of course if there is yet another way to beat the osc authorization trap without running the keyring I am open to use that as well. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

14:22

New subject: [Bug 710038] Xfce should setup/start/configur gnome-keyring in the same way GNOME does

https://bugzilla.novell.com/show_bug.cgi?id=710038 https://bugzilla.novell.com/show_bug.cgi?id=710038#c6 --- Comment #6 from Robert Schweikert 2011-09-01 14:22:04 UTC --- OK, have "working" but would like some input/review of my work-around. Starting the keyring daemon in .xinitrc somehow causes trouble for the nm_applet, as mentioned in the previous comment. Thus I decided to try the login shell, i.e. .login file for tcsh (which I run). In .login I know have the following: set gkeyd=/usr/bin/gnome-keyring-daemon set gkeydArgs="--start" set gkeydInfo=~/.gnome2/keyrings/daemon-info set countFile=~/.gnome2/keyrings/daemon-counter if ( -r $gkeydInfo ) source $gkeydInfo if ( $?GNOME_KEYRING_PID ) then set this=`ps -elf | grep ${GNOME_KEYRING_PID} | grep gnome-keyring-daemon > /dev/null` # start the daemon if it is not running if (( $? != 0 ) && ( -x "gkeyd" )) then $gkeyd $gkeydArgs | awk -F = '{print "setenv " $1 " " $2}' > $gkeydInfo echo "1" > $countFile source $gkeyInfo else set count=`cat ${countFile}` echo "$count + 1" | bc > $countFile endif else $gkeyd $gkeydArgs | awk -F = '{print "setenv " $1 " " $2}' > $gkeydInfo echo "setenv GNOME_KEYRING_COUNTER ${$countFile}" >> $gkeydInfo echo "setenv GNOME_KEYRING_INFO ${gkeydInfo}" >> $gkeydInfo echo "1" > $countFile source $gkeydInfo endif After I restart everything is working, ssh-agent, which I start separately in xinitrc as follows: eval `/usr/bin/ssh-agent -s` SSH_ASKPASS=/usr/lib64/ssh/ssh-askpass if test -S "$SSH_AUTH_SOCK" -a -x "$SSH_ASKPASS"; then ssh-add < /dev/null fi And the keyring is running. Better yet running an osc command it actually appears to use the keyring and I no longer get stupid "auth" errors. Now the problem. Although everything is running there was no ~/.gnome2/keyrings/daemon-info file and the daemon-counter was empty. Does the daemon somehow fiddle with the .gnome2/keyrings directory when it starts? I can certainly store the file somewhere else. Other comments/thoughts on this solution? I will test this for a while and if things work I'll write a blog on Lizards. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

14:23

New subject: [Bug 710038] Xfce should setup/start/configur gnome-keyring in the same way GNOME does

https://bugzilla.novell.com/show_bug.cgi?id=710038 https://bugzilla.novell.com/show_bug.cgi?id=710038#c7 --- Comment #7 from Robert Schweikert 2011-09-01 14:23:00 UTC --- Argh, and one more thing. Is there any reason I should kill the keyring daemon on logout? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

14:32

New subject: [Bug 710038] Xfce should setup/start/configur gnome-keyring in the same way GNOME does

https://bugzilla.novell.com/show_bug.cgi?id=710038 https://bugzilla.novell.com/show_bug.cgi?id=710038#c8 --- Comment #8 from Guido Berhörster 2011-09-01 14:32:21 UTC --- I would suggest the following workaround for now: 1. Open the Session settings: Settings -> Preferences -> Settings Manager -> Session and Startup 2. Enable GNOME compatibility mode: Go to Advanced, check "Launch GNOME services on startup" 3. Disable unwanted GNOME-only autostart files: Execute the following one-liner on the shell: for gnome_autostart in $(awk '/^OnlyShowIn=/ && /GNOME;/ && !/XFCE;/ { print FILENAME }' /etc/xdg/autostart/*); do : sed '$aHidden=true' ${gnome_autostart}

...

${HOME}/.config/autostart/${gnome_autostart##*/}; done

I'll talk to upstream later and see if we can move gnome-keyring support out of GNOME compatibility mode. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

14:36

New subject: [Bug 710038] Xfce should setup/start/configur gnome-keyring in the same way GNOME does

https://bugzilla.novell.com/show_bug.cgi?id=710038 https://bugzilla.novell.com/show_bug.cgi?id=710038#c9 --- Comment #9 from Guido Berhörster 2011-09-01 14:35:59 UTC --- There's a typo, the one liner should read: for gnome_autostart in $(awk '/^OnlyShowIn=/ && /GNOME;/ && !/XFCE;/ { print FILENAME }' /etc/xdg/autostart/*); do sed '$aHidden=true' ${gnome_autostart}

...

${HOME}/.config/autostart/${gnome_autostart##*/}; done

-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

2 Sep 2 Sep

16:21

New subject: [Bug 710038] Xfce should setup/start/configur gnome-keyring in the same way GNOME does

https://bugzilla.novell.com/show_bug.cgi?id=710038 https://bugzilla.novell.com/show_bug.cgi?id=710038#c10 --- Comment #10 from Robert Schweikert 2011-09-02 16:21:03 UTC --- Thanks. Still having issues with osc, but these appear to be osc problems now as the environment is certainly set. ssh key management now works the same as it did when I was using GNOME. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

4 Oct 4 Oct

14:01

New subject: [Bug 710038] Xfce should setup/start/configur gnome-keyring in the same way GNOME does

https://bugzilla.novell.com/show_bug.cgi?id=710038 https://bugzilla.novell.com/show_bug.cgi?id=710038#c11 Guido Berhörster changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugzilla.xfce.org/s | |how_bug.cgi?id=8014 --- Comment #11 from Guido Berhörster 2011-10-04 14:01:04 UTC --- After discussing this with upstream (see http://thread.gmane.org/gmane.comp.desktop.xfce.devel.version4/19646) there is now a RFE on the Xfce bugzilla. The proposed solution is to remove an explicit GNOME compatibility mode and the code currently associated with it and to add support for GNOME autostart phases to xfce4-session. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

8 Oct 8 Oct

17:38

New subject: [Bug 710038] Xfce should setup/start/configur gnome-keyring in the same way GNOME does

https://bugzilla.novell.com/show_bug.cgi?id=710038 https://bugzilla.novell.com/show_bug.cgi?id=710038#c12 --- Comment #12 from Guido Berhörster 2011-10-08 17:38:44 UTC --- I've just added a patch to the upstream bug which implements a part of the discussed GNOME compatibility modernization and also addresses this bug. Basically it removes obsolete parts of GNOME compatibility mode such as GNOME SMProxy compatibility and GConf shutdown. Furthermore it implements the discussed changes in how autostart files are treated, GNOME- or KDE-only files are now treated the same way as inactive files, they will not be unconditionally started in GNOME-/KDE-compatibility mode any more but are displayed in xfce4-session-settings and can be explicitly enabled. This way GNOME compat mode can be safely enabled to start gnome-keyring while potentially unwanted and harmful services such as gnome-settings-daemon or gnome-power-manager will not be started by default any more. xfce4-session packages which contain a backport of this patch are available for testing from home:gberh:branches:X11:xfce/xfce4-session. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

14 Oct 14 Oct

00:00

New subject: [Bug 710038] Xfce should setup/start/configur gnome-keyring in the same way GNOME does

https://bugzilla.novell.com/show_bug.cgi?id=710038 https://bugzilla.novell.com/show_bug.cgi?id=710038#c13 --- Comment #13 from Bernhard Wiedemann 2011-10-14 02:00:10 CEST --- This is an autogenerated message for OBS integration: This bug (710038) was mentioned in https://build.opensuse.org/request/show/87771 Factory / xfce4-session -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

11:39

New subject: [Bug 710038] Xfce should setup/start/configur gnome-keyring in the same way GNOME does

https://bugzilla.novell.com/show_bug.cgi?id=710038 https://bugzilla.novell.com/show_bug.cgi?id=710038#c14 Guido Berhörster changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #14 from Guido Berhörster 2011-10-14 11:39:25 UTC --- Fixed in Factory. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

22 Feb 22 Feb

21:44

New subject: [Bug 710038] Xfce should setup/start/configur gnome-keyring in the same way GNOME does

...

Fixed in Factory.

it's back again in 12.3-RC1 (or never got fixed?) ! I'm using 12.3-RC1 plus updates and run XFCE4. /usr/bin/gnome-keyring-daemon --daemonize --login gets started and it's loading offering all my ssh-keys, which is a no-go! when debugging my ssh-agent problems, I found the hint in some discussions to rename/remove nome-keyring-daemon (or remove execute permission). this worked fine for me -- until bug #805048: NetworkManager needs gnome-keyring-daemon to ask for wifi passphrases :-(( so gnome-keyring-daemon is back in businees, and trashes my ssh usage:-( looking for other solutions I found e.g. http://ubuntuforums.org/showthread.php?t=1655397 but sudo gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type bool --set /apps/gnome-keyring/daemon-components/ssh FALSE does not help. https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/932177/comments... does not work either for me, the key daemon still loads/offers all ssh keys (output of "ssh-add -l"). for now I've hacked the gnome-keyring-daemon to garble the path to my keys: diff <( strings /usr/bin/gnome-keyring-daemon~ ) <( strings /usr/bin/gnome-keyring-daemon ) 9543c9543 < ~/.ssh ---

...

~/@ssh

but of corse that's not the way to go:-( so my question for running XFCE4: how can I disable the ssh-agent functionality for gnome-keyring-daemon these days ??? thanks for the real[tm] solution!!! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

23:11

New subject: [Bug 710038] Xfce should setup/start/configur gnome-keyring in the same way GNOME does

...

(In reply to comment #14)

...
Fixed in Factory.

it's back again in 12.3-RC1 (or never got fixed?) !

I'm using 12.3-RC1 plus updates and run XFCE4.

/usr/bin/gnome-keyring-daemon --daemonize --login

gets started and it's loading offering all my ssh-keys, which is a no-go!

when debugging my ssh-agent problems, I found the hint in some discussions to rename/remove nome-keyring-daemon (or remove execute permission).

this worked fine for me -- until bug #805048: NetworkManager needs gnome-keyring-daemon to ask for wifi passphrases :-((

so gnome-keyring-daemon is back in businees, and trashes my ssh usage:-(

looking for other solutions I found e.g. http://ubuntuforums.org/showthread.php?t=1655397

but

sudo gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type bool --set /apps/gnome-keyring/daemon-components/ssh FALSE does not help.

https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/932177/comments...

does not work either for me, the key daemon still loads/offers all ssh keys (output of "ssh-add -l").

for now I've hacked the gnome-keyring-daemon to garble the path to my keys:

diff <( strings /usr/bin/gnome-keyring-daemon~ ) <( strings /usr/bin/gnome-keyring-daemon ) 9543c9543 < ~/.ssh ---

...
~/@ssh

but of corse that's not the way to go:-(

so my question for running XFCE4:

how can I disable the ssh-agent functionality for gnome-keyring-daemon these days ???

That's currently not possible, you can either start all components of gnome-keyring-daemon (by enabling GNOME compatibility mode) or not start it at all. This bug was about making it work properly at all which has been the case since 12.1. The ability to selectively enable/disable components is a different issue and would need to be addressed upstream. Please file a new enhancement request, preferably on the upstream tracker or here if you want me to forward it for you. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

4087

Age (days ago)

4656

Last active (days ago)

List overview

Download

16 comments

1 participants

participants (1)

bugzilla_noreply＠novell.com

[Bug 710038] New: Xfce should setup/start/configur gnome-keyring in the same way GNOME does

tags

participants (1)