* Gour <gour@atmarama.net> [2015-03-24 10:57]:
Guido Berhoerster <gber@opensuse.org> writes:
no working PolicyKit agent means you won't be able to do much with you GUI any more.
OK, that's clear now. Thank you.
/usr/bin/ssh-agent and /usr/bin/gpg-agent are from openssh and gnupg and they are launched by /etc/X11/xdm/sys.xsession when you log in because no other GPG and SSH agents (like the ones provided by gnome-keyring) are running. See the comments on top of that file for and explanation and a way to disable/replace them.
Ahh, that was the missing link. :-)
After I disabled them, iow.
#usessh=yes
#usegpg=yes
as well as commented the following:
#if test -s "$HOME/.myagents" ; then # eval $(grep -E '^use.*=.*' "$HOME/.myagents") #else # grep -Eq '^enable-ssh-support' "$HOME/.gnupg/gpg-agent.conf" && usessh=gpg #fi
everythihng works very nicely.
Now I get:
$ps ax | grep agent 2160 ? Ss 0:00 ssh-agent 2186 ? Ss 0:00 gpg-agent --daemon 2414 ? Sl 0:00 /usr/lib/polkit-gnome-authentication-agent-1
Well that will not work, the next update to xdm will overwrite your changes to /etc/X11/xdm/sys.xsession. Please read the comments there, you should instead create ~/.myagents with the lines usessh=no usegpg=no if you want to override the defaults.
Your display manager does via PAM, that is needed so that it can be unlocked at login time. If you've disabled "Launch GNOME services on startup" in the Xfce settings it will not start it's own GPG and SSH agents and interfere with other GPG and SSH agents in any way.
Another useful piece of info!
Sorry, I'm not familiar with keychain and how it works. From the above it is also not clear how you invoke it and why you want to enter a password while logging in.
I'm humbly asking you to take a look at:
http://www.funtoo.org/Keychain
https://github.com/funtoo/keychain
It's mature software working for years and it has support for gpg-2.1.
Now, I'm invoking it from my ~/.config/fish/config.fish with:
# Keychain if status --is-login keychain --eval --quiet -Q id_rsa | source keychain --eval --quiet -Q mygpgid | source end
and during login it invokes dialog to enter passwords for my ssh and gpg key and then I can forget about re-entering them again.
Please, condider to deploy keychain instead of the present trickery in sys.xsession.
I'm the wrong person for that, sys.xsession and the other scripts from the xdm package contain distribution-wide defaults and affect all other desktops as well, so any changes to that should be discussed on the opensuse-factory list and with the xdm package maintainers. -- Guido Berhoerster -- To unsubscribe, e-mail: opensuse-xfce+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-xfce+owner@opensuse.org