The Linux Mint Distribution

Mate keyring does not work with others correctly (e.g. with Seahorse) in Maya

Reported by vbspam on 2012-05-28
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Linux Mint
Undecided
Unassigned

Bug Description

1)My system:
LinuxMint Maya 13 (MATE edition)
Linux xxx 3.2.0-23-generic #36-Ubuntu SMP Tue Apr 10 20:39:51 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

2) How to reproduce:
- Install seahorse
- Create MATE/GNOME keyring file (passwords encrypted in file)
- Those passwords can NOT be used within MATE environment

3) What happened:
Keyring is created in ~/gnome2/.gnome2/keyrings and is managed by gnome-keyring-daemon.
Disadvantage of this solution is that keyring is on wrong place and probably there are two concurrent keyring managers running.

4) What expected:
Keyring should be created in ~/config/mate/keyrings and should be managed mate-keyring-daemon
Should be one keyring manager (the MATE one) and keyrings should be on one place. System environment should be set in the way to use the righ (MATE) keyring manager. Then clients (e.g. Seahorse) will work correctly.

5) Problem happens everytime/always.

6)This bug MAY be security vulnearability, however I do not feel erudited enough in this area to make this decision. Others please consider this decision.

vbspam (vbspam) wrote :

This bug may be related to this one, hovever is reported before Maya was released.
https://bugs.launchpad.net/linuxmint/+bug/962976

vbspam (vbspam) wrote :

I found partial and temporary fix. My solution is inspired by this one ( http://community.linuxmint.com/tutorial/view/848 ), however this link did not worked for me instantly. So here is what I did on my system:

1) make sure you have installed mate-keyring-daemon, gnome-keyring-daemon and seahorse
(the gnome keyring daemon is important, otherwise our FIX may be overwritten in future by apt tasks)

2) DANGEROUS AND IMPORTANT backup and remove all files in:
  ~/.gnome2/keyrings
  ~/config/mate/keyrings
(this is from some reason important, make sure you backup your keyrings correctly, later you will return them here)

3) from menu invoke Startup Application Preferences (or run mate-session-properties) and make sure that following services are ON/OFF according the list below:

-OFF (all services starting gnome-keyring-daemon)
-OFF (gnome-settings-daemon)
-OFF (polkit-gnome-authentication-agent-1)
-ON (mate-settings-daemon)
-ON (all services starting mate-keyring-daemon)
-ON (polkit-mate-authentication-agent-1)

Now restart your MATE session (restart X server or logout/login or restart your computer :-)

4) Back in MATE session open terminal
Type:
export GNOME_KEYRING_CONTROL=$MATE_KEYRING_CONTROL
seahorse

In seahorse create new keyring (this keyring is just temporary) name it 'XXX'
Check that the keyring is in: ~/.config/mate/keyrings/XXX.keyring
(If the keyring is not there, it is probably over here: ~/.gnome2/keyrings/XXX.keyring and this is wrong!)

5) Quit seahorse and restore your backed up keyrings
- quit seahorse
- copy your MATE keyrings back to the ~/.config/mate/keyrings
- copy your GNOME keyrings to the ~/.config/mate/keyrings
- for GNOME keyrings you still need to make following dirty hack
  - edit your gnome keyring in pure text editor and replace text "GnomeKeyring" to "MateKeyring" <= THIS is little bit dirty hack, but it seems the keyring works after this modification, even when the letter count does not match.

6) Run seahorse and now you can see your keyrings

vbspam (vbspam) wrote :

Another workaround could be to make symbolic links to gnome-keyring-daemon and to gnome-keyring.

cd /usr/bin # <=wherever is your MATE/GNOME installed

mv gnome-keyring-daemon gnome-keyring-daemon.ORIGINAL
mv gnome-keyring gnome-keyring.ORIGINAL
ln -s mate-keyring gnome-keyring
ln -s mate-keyring-daemon gnome-keyring-daemon

It is a bit pitty that the documentation for all the GNOME stuff is outdated mess because otheway I would fix it in the right way in configuration files/d-bus settings/policikit configuration.

Manima (motus4optin) wrote :
Download full text (3.5 KiB)

Well, I followed the solution by vbspam and the one found here: http://community.linuxmint.com/tutorial/view/848, but none of them worked for me. At least not as I thought it will work.

I was used to the way keyrings worked in gnome: the first time in a session I opened a password protected program like filezilla, seahorse asked for the password to unlock it. Mate keyring has never asked for a password, with or without autologin enabled.

All mate keyrings related are running, all gnome keyrigns disabled; seahorse show the passwords (login and default) but anybody can enter in filezilla and into the cpanel of my web sites which means a security risk for me.

 ps ax | grep keyring
 1550 ? Sl 0:00 mate-keyring-daemon --start --components=gpg
 3273 pts/0 S+ 0:00 grep --colour=auto keyring

 ls /home/salva/.config/mate/keyrings
 default user.keystore
 login.keyring predeterminado.keyring

~/.config/autostart $ dpkg -l | grep keyring
ii add-apt-key 1.0-0.5 Command line tool to add GPG keys to the APT keyring
ii gir1.2-gnomekeyring-1.0 3.2.2-2 GNOME keyring services library - introspection data
ii gnome-keyring 3.2.2-2ubuntu4.1 GNOME keyring services (daemon and tools)
ii libgnome-keyring-common 3.2.2-2 GNOME keyring services library - data files
ii libgnome-keyring0 3.2.2-2 GNOME keyring services library
ii libmatekeyring 1.4.0-1+precise MATE keyring services library
ii libmatekeyring-doc 1.4.0-1+precise MATE keyring services library (documentation files)
ii libpam-gnome-keyring 3.2.2-2ubuntu4.1 PAM module to unlock the GNOME keyring upon login
ii linuxmint-keyring 2009.04.29 GnuPG key of the Linux Mint repository
ii mate-keyring 1.4.0-1+precise MATE keyring services
ii mate-keyring-dbg 1.4.0-1+precise MATE keyring services (debugging symbols)
ii mate-keyring-doc 1.4.0-1+precise MATE keyring services (documentation files)
ii medibuntu-keyring 2008.04.20 GnuPG key of the Medibuntu repository
ii python-gnomekeyring 2.32.0+dfsg-1 Python bindings for the GNOME keyring library
ii python-keyring 0.9.2-0ubuntu0.12.04.2 store and access your passwords safely
ii ubuntu-extras-keyring 2010.09.27 GnuPG keys of the Ubuntu extras archive
ii ubuntu-keyring 2011.11.21.1 GnuPG keys of the Ubuntu archive

(None of the gnome keyrings have been changed to show in mate (as I have not using them))

The only extra thing I have ...

Read more...

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Related questions