* Gour <gour@atmarama.net> [2015-03-23 22:49]:
(tried to post via gmane, but it didn't work)
Guido Berhoerster <gber@opensuse.org> writes:
Hello,
few days ago I tried latest Xfce on my netbook and now I got rid of GNOME and running Xfce on both of my machines. Great work!!
However, I have a problem deploying keychain which can handle both ssh & gpg agents considering that gpg-agent component is broken with gpg-2.1 in gnome-keyring.
No, that is not sufficient, gnome-keyring sets some environment variables which xfce4-session must know and that only works if you enable GNOME compatibility mode. If you just use autostart gnome-keyring may be running but applications will not be aware of it.
I disabled autostarting of both ssh & gpg agents, but kept PolicyKit Auth. agent autostarting.
OK, please don't conflate them, apart from the word "agent" they have nothing in common, no working PolicyKit agent means you won't be able to do much with you GUI any more.
I wonder if or for what would I need gnome-keyring?
Like its KDE counterpart kwallet it offers a generic API to store credentials for many applications, e.g. gvfs-mounts. The SSH and now broken GPG agent are just some addons on top of that.
The problem is that afte launching Xfce session I see the following output for 'ps ax | grep agent':
2173 ? Ss 0:00 /usr/bin/ssh-agent /usr/bin/gpg-agent --sh --daemon --keep-display --write-env-file /home/gour/.gnupg/agent.info-atmarama:0 /etc/X11/xinit/xinitrc 2174 ? Ss 0:00 /usr/bin/gpg-agent --sh --daemon --keep-display --write-env-file /home/gour/.gnupg/agent.info-atmarama:0 /etc/X11/xinit/xinitrc 2212 ? Sl 0:00 /usr/lib/polkit-gnome-authentication-agent-1
so I wonder who/what is launching the agents?
/usr/bin/ssh-agent and /usr/bin/gpg-agent are from openssh and gnupg and they are launched by /etc/X11/xdm/sys.xsession when you log in because no other GPG and SSH agents (like the ones provided by gnome-keyring) are running. See the comments on top of that file for and explanation and a way to disable/replace them. /usr/lib/polkit-gnome-authentication-agent-1 is the PolicyKit authentication agent and started via xdg autostart if you have gnome-polkit installed, don't disable it.
Moreover, I also see gnome-keyring running:
28512 ? Sl 0:00 /usr/bin/gnome-keyring-daemon --daemonize --login 28842 ? S 0:00 /usr/bin/gnome-keyring-daemon --start --foreground --components=secrets
and also wonder who start it?
Your display manager does via PAM, that is needed so that it can be unlocked at login time. If you've disabled "Launch GNOME services on startup" in the Xfce settings it will not start it's own GPG and SSH agents and interfere with other GPG and SSH agents in any way.
Moreover, when I try to kill gnome-keyring, logout, then re-login,
It will be automatically started again when you log in, but that is not a problem, see above.
keychain invokes askpasswd dialog for both ssh & gpg, but the login process does not finish and I'm thrown back to lightdm screen.
Inspecting X.org.log I found stuff like:
[ 23750.839] (EE) systemd-logind: failed to get session: PID 28341 does not belong to any known session
but I'm not sure whether this the reason of not being able to start Xfce GUI session?
This happens when I configure keychain to kick in for interactive shell session.
When I tried to setup keychain to fire on login session then right after entering passwd in lightdm dialog, I get askpasswd helpers for ssh & gpg agent, but, same as before, launching of GUI session is not completed, Xfce4 session dies and I'm back to login manager (lightdm) screen.
I'm *very* happy with Xfce and want to stay with it, but, otoh, need working ssh agent when logging to remote servers as well as gpg agent considering I'm signing my email and commit messages.
Sorry, I'm not familiar with keychain and how it works. From the above it is also not clear how you invoke it and why you want to enter a password while logging in.
I'm optimistic that keychain (which has support for gpg-2.1.) can me made to work, but it looks I'm simply missing some details not being familiar enough how gnome-keyring and agents are started under openSUSE.
Any hint?
Have you tried just using the GnuPG's gpg-agent with pinentry-gtk2? -- Guido Berhoerster -- To unsubscribe, e-mail: opensuse-xfce+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-xfce+owner@opensuse.org