desktop-packages team mailing list archive

Thread
Date
[Bug 1387303] Re: regression: gnome-keyring components can't be disabled anymore

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Brian Murray <brian@xxxxxxxxxx>
Date: Wed, 28 Jan 2015 19:57:02 -0000
Reply-to: Bug 1387303 <1387303@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Hello Pascal, or anyone else affected,

Accepted gnome-keyring into utopic-proposed. The package will build now
and be available at https://launchpad.net/ubuntu/+source/gnome-
keyring/3.10.1-1ubuntu7.1 in a few hours, and then in the -proposed
repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: gnome-keyring (Ubuntu Utopic)
       Status: In Progress => Fix Committed

** Tags added: verification-needed

** Changed in: gnome-keyring (Ubuntu Trusty)
       Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-keyring in Ubuntu.
https://bugs.launchpad.net/bugs/1387303

Title:
  regression: gnome-keyring components can't be disabled anymore

Status in gnome-keyring package in Ubuntu:
  Fix Released
Status in gnome-keyring source package in Trusty:
  Fix Committed
Status in gnome-keyring source package in Utopic:
  Fix Committed
Status in gnome-keyring source package in Vivid:
  Fix Released

Bug description:
  To disable user session gnome-keyring upstart job:

  $ echo manual ~/.config/upstart/gnome-keyring.override

  ... and also disable the XDG auto-start jobs (Startup Applications)

  =====
  SRU tests

  By default environment should have SSH & GPG agent variables pointing
  at gnome-keyring provided ones.

  Disabling gpg or ssh gnome keyring desktop files in "Startup
  Applications" upon next login stock gpg/ssh agent's will be used. (No
  gnome-keyring name in the SSH/GPG agent variable values)

  Similarly, disabling upstart jobs for ssh or gpg agent also enables
  stock ssh/gpg agents. (e.g. echo manual > ~/.config/upstart/gnome-
  keyring-ssh.override)

  =====

  GNOME Keyring is by default a rather invasive service, which meddles
  with security sensitive processes invasively. This may or may not be
  wise depending on a users situation.

  One particular case is GNOME Keyring's gpg-agent implementation, which
  is incomplete and therefore doesn't support GPG's OpenPGP smartcard
  support. gpg simply fails (with smartcards) when GNOME Keyring is
  impersonating gpg-agent...

  So to be able to use OpenPGP smartcards on Ubuntu, one needs to
  disable GNOME Keyring from impersonating gpg-agent, which for quite
  some time now has been trivial to effectively do:

  echo 'X-GNOME-Autostart-enabled=false' >> /etc/xdg/autostart/gnome-
  keyring-gpg.desktop

  With GNOME Keyring's recent update (3.10.1-1ubuntu4.1) in Trusty, this
  seems to have been broken by the addition of:

  /usr/share/upstart/sessions/gnome-keyring.conf

  So it seems the /etc/xdg/autostart/gnome-keyring files are either
  being ignored, or the started process is supplanted by the process
  started by the upstart session config.

  What is unclear to me is what the upstart session configuration is
  supposed to achieve? And if it is meant to supplant the xdg/autostart
  files, those should probably have been removed to prevent them from
  causing any confusion as to how gnome-keyring is started/managed.

  Presuming the upstart session is meant to stay, I would suggest to
  remove the /etc/xdg/autostart/gnome-keyring-*.desktop files to prevent
  confusion as mentioned above. And in my opinion a mechanism should be
  provided so users can control which gnome-keyring components '--
  components=pkcs11,secrets,ssh,gpg' are activated using some
  configuration file in /etc, as files in /usr aren't meant to be user
  edited.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: gnome-keyring 3.10.1-1ubuntu4.1
  ProcVersionSignature: Ubuntu 3.13.0-39.66-generic 3.13.11.8
  Uname: Linux 3.13.0-39-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.5
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Wed Oct 29 18:14:57 2014
  EcryptfsInUse: Yes
  InstallationDate: Installed on 2014-04-07 (205 days ago)
  InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Beta amd64 (20140326)
  SourcePackage: gnome-keyring
  UpgradeStatus: No upgrade log present (probably fresh install)
  mtime.conffile..etc.xdg.autostart.gnome.keyring.gpg.desktop: 2014-04-09T19:49:03.884840

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1387303/+subscriptions
References

[Bug 1387303] [NEW] regression: gnome-keyring components can't be disabled anymore
From: Pascal de Bruijn, 2014-10-29