! Please note that this is a snapshot of our old Bugzilla server, which is read only since May 29, 2020. Please go to gitlab.xfce.org for our new server !
use gnome-keyring for ssh and gpg if running anyway
Status:
RESOLVED: FIXED
Severity:
enhancement
Product:
Xfce4-session
Component:
General

Comments

Description brian 2012-03-22 13:11:25 CET
Created attachment 4276 
use gnome-keyring-daemon for ssh and gpg agents

Some systems start gnome-keyring via PAM as part of the login process.  Since that means gnome-keyring will be running anyway and since gnome-keyring can provide ssh-agent and gpg-agent services also, the overhead of running separate ssh-agent and/or gpg-agent processes can be avoided.

This patch demonstrates how gnome-keyring-daemon can be used with XFCE instead of starting the gpg-agent and/or the ssh-agent.
Comment 1 Guido Berhoerster 2012-03-22 23:58:12 CET
gnome-keyring can already be started through GNOME compatibility mode.
Comment 2 brian 2012-03-23 22:12:32 CET
(In reply to comment #1)
> gnome-keyring can already be started through GNOME compatibility mode.

Can you point me at somewhere that documents how I choose this?
Comment 3 Guido Berhoerster 2012-03-23 23:35:18 CET
(In reply to comment #2)
> (In reply to comment #1)
> > gnome-keyring can already be started through GNOME compatibility mode.
> 
> Can you point me at somewhere that documents how I choose this?

See http://docs.xfce.org/xfce/xfce4-session/preferences#advanced

You might want to consider using the patch in bug #8014 which ensures sane behavior when GNOME compat mode is enabled.
Comment 4 brian 2012-03-24 13:22:33 CET
(In reply to comment #3)
> 
> See http://docs.xfce.org/xfce/xfce4-session/preferences#advanced

Hrm.  I wonder what all this gnome compatibility really does though.

I wonder if it even starts the gpg and ssh agents in gnome-keyring and I wonder if it does start them, are the standalone gpg-agent and/or ssh-agent specifically not started by xfce's xinitrc, as my patch does.  I'm suspecting that's not the case.

> You might want to consider using the patch in bug #8014 which ensures sane
> behavior when GNOME compat mode is enabled.

Indeed, which leads me to believe that this GNOME compatibility has bitrotten and might be more pain than gain.  I'm not really looking for GNOME services and/or compatibility.  My patch's goal is to just utilize something that already exists because of PAM and save the overhead of loading more tools that would just duplicate that functionality.
Comment 5 Guido Berhoerster 2012-03-24 14:24:31 CET
(In reply to comment #4)
> (In reply to comment #3)
> > 
> > See http://docs.xfce.org/xfce/xfce4-session/preferences#advanced
> 
> Hrm.  I wonder what all this gnome compatibility really does though.

Have you actually read bug #8014, it's described in detail there. Actually you can just read the code in xfce4-session/xfsm-compat-gnome.c

> I wonder if it even starts the gpg and ssh agents in gnome-keyring and I
> wonder if it does start them, are the standalone gpg-agent and/or ssh-agent
> specifically not started by xfce's xinitrc, as my patch does.  I'm
> suspecting that's not the case.

Yes it is the case, it starts all keyring modules.

> > You might want to consider using the patch in bug #8014 which ensures sane
> > behavior when GNOME compat mode is enabled.
> 
> Indeed, which leads me to believe that this GNOME compatibility has
> bitrotten and might be more pain than gain.  I'm not really looking for
> GNOME services and/or compatibility.  My patch's goal is to just utilize
> something that already exists because of PAM and save the overhead of
> loading more tools that would just duplicate that functionality.

The patch cleans that obsolete stuff up and allows GNOME/KDE-only desktop files to be easily activated on demand. GNOME compatibility then boils down to initializing GNOME keyring. Again, all described in bug #8014.
Comment 6 brian 2012-03-24 15:47:28 CET
(In reply to comment #5)
> 
> Have you actually read bug #8014, it's described in detail there.

Yes, I did read it all, thank you very much.

> > I wonder if it even starts the gpg and ssh agents in gnome-keyring and I
> > wonder if it does start them, are the standalone gpg-agent and/or ssh-agent
> > specifically not started by xfce's xinitrc, as my patch does.  I'm
> > suspecting that's not the case.
> 
> Yes it is the case, it starts all keyring modules.

Hrm.  Unfortunately you quoted two questions with one answer so your answer is ambiguous.  I think it's saying that it starts gnome-keyring with it's built-in ssh and gpg agents as well as starting the standalone gpg and/or ssh agent programs.  If that's the case, that is overkill and the gpg and/or ssh agents are not needed when running gnome-keyring's ssh and gpg agents.
 
> The patch cleans that obsolete stuff up and allows GNOME/KDE-only desktop
> files to be easily activated on demand.

Right, but as far as I understand it starts all of the xdg autostart modules for GNOME.  I don't (think I) want any of those.  I don't currently have gnome compatibility enabled right now and apart from my patch to use gnome-keyring-daemon instead of ssh-agent or gpg-agent and a small hack to provide dbus signals for multimedia keys I don't have any deficiencies, so ultimately I don't think I am looking for GNOME compatibility.

> GNOME compatibility then boils down
> to initializing GNOME keyring.

Then why call it GNOME compatibility.  To me at least, the term "GNOME compatibility" implies a lot more than simply running the gnome-keyring-daemon.

> Again, all described in bug #8014.

Which does seem to imply that all GNOME autostart'd services are used.  Unfortunately it's pretty ambiguous as to what that could all entail.

In summary, my patch here doesn't have any implications of a "GNOME compatibility".  It simply utilizes the gnome-keyring if it's already running anyway, since some distros launch it from pam if it exists -- regardless of what desktop one might be using.
Comment 7 brian 2012-04-23 14:29:25 CEST
@nick@xfce.org: no explanation as to why "WONTFIX"?

Here, I present a patch to very simply use gnome-keyring if it's available.  It's simple (KISS) and it works.

The alternative offered is to spend some some to make GNOME compatibility mode "work".

As I have said, I don't really care for full GNOME compatibility.  In fact I want to leave GNOME behind, but the reality is that the GNOME keyring really has little to do with GNOME and I already have a cache of keys stored in my GNOME keyring so I have to use it and if I have to use it, why wouldn't I want to save on the bloat of alternate GPG and SSH agents when GNOME keyring can handle those too?

My patch, as you can see makes it quite simple to not use GNOME keyring if that's one preference.  Just don't install it.  It will be bypassed and the existing mechanisms will be use.

Since when is choice a bad thing, especially when it provides a new choice and preserves old behaviour if the new choice is not chosen?
Comment 8 Nick Schermer editbugs 2012-04-23 14:44:49 CEST
Because you can already do this and the patch won't apply in master.
Comment 9 brian 2012-04-23 14:47:14 CEST
(In reply to comment #8)
> Because you can already do this and the patch won't apply in master.

Ahhh.  How do I do it then?
Comment 10 Nick Schermer editbugs 2012-04-23 14:50:10 CEST
In master enable Gnome compatibility and disable ssh/gpg-agent.
Comment 11 brian 2012-04-23 14:51:58 CEST
(In reply to comment #10)
> In master enable Gnome compatibility and disable ssh/gpg-agent.

But what extra GNOME baggage do I have to take with Gnome compatibility mode?  i.e. what other than using the GNOME keyring happens when Gnome compatibility mode is used?
Comment 12 Nick Schermer editbugs 2012-04-23 14:57:28 CEST
In 4.10 only gnome-keyring and gconf are started, nothing else. Previously all autostart files with ShowOnlyIn=GNOME were started, but that has been removed and now all applications are visible in autostart.
Comment 13 Guido Berhoerster 2012-04-23 15:01:29 CEST
(In reply to comment #12)
> In 4.10 only gnome-keyring and gconf are started, nothing else. Previously
> all autostart files with ShowOnlyIn=GNOME were started, but that has been
> removed and now all applications are visible in autostart.

Actually gconf isn't started. There is only code to shut down gconf but that is obsolete and could be removed.
Comment 14 brian 2012-04-23 15:54:46 CEST
Fair enough then.  I will look forward to the new Gnome compatibility functionality of 4.10.  Cheers!
Comment 15 Nick Schermer editbugs 2012-04-23 18:01:05 CEST
A possibility is to skip the gpg/ssh-agent startup of GNOME services are enabled and gnome-keyring-daemon is found.
Comment 16 brian 2012-04-23 19:42:53 CEST
(In reply to comment #15)
> A possibility is to skip the gpg/ssh-agent startup of GNOME services are
> enabled and gnome-keyring-daemon is found.

Assuming you meant s/of/if/ and assuming that means that the disable gpg/ssh-agent you mention as a configuration option in comment 10 would in fact be the default behaviour if gnome-keyring is found and GNOME compatibility is enabled, then that sounds entirely reasonable and desirable even.

I haven't looked much at the implementation of gnome-keyring, but I wonder what about it ties it to "gnome" and if it's indeed just come along with GNOME and unfortunately been unnecessarily given "gnome" in it's name.

Given all of the backlash GNOME is suffering lately, it might be wise of them to un-gnome it and just make it a generic keyring service not tied to gnome.  But I digress.
Comment 17 Nick Schermer editbugs 2012-04-23 19:57:41 CEST
Yeah sorry for thew typos.

We are currently in a string freeze, so I can't add or modify config options. The tooltip of the GNOME compatibility mode is better tho. It only says gnome-keyring will be started.

Will fix this in the code.
Comment 18 Nick Schermer editbugs 2012-04-23 20:08:31 CEST
Applied in master.

http://git.xfce.org/xfce/xfce4-session/commit/?id=67b772364c9e9a7ea9cc4dafb219902c6c8b074a

Old gconf code has been removed as well.
Comment 19 brian 2012-04-23 20:13:09 CEST
(In reply to comment #18)
> 
> http://git.xfce.org/xfce/xfce4-session/commit/
> ?id=67b772364c9e9a7ea9cc4dafb219902c6c8b074a

Nice!

Many thanks for being patient with me and my suggestions.

Perhaps we should change the resolution from WONTFIX to FIXED or something like that?
Comment 20 Nick Schermer editbugs 2012-04-23 20:44:32 CEST
And done.

Bug #8590

Reported by:
brian
Reported on: 2012-03-22
Last modified on: 2012-04-23

People

Assignee:
Xfce Bug Triage
CC List:
3 users

Version

Attachments

use gnome-keyring-daemon for ssh and gpg agents (4.67 KB, application/octet-stream)
2012-03-22 13:11 CET , brian
no flags

Additional information