So far it looks like there are a number of bugs; a simplified picture looks something like this:
seahorse: gcr_import_button_add_parsed() gnome-keyring: gkr-tool-import: on_parser_parsed()
| |
| +-------------------+
| |
v v
gcr: gcr_importer_create_for_parsed()
|
v
gcr: iface->create_for_parsed()
|
v
gcr: _gcr_pkcs11_importer_create_for_parsed()
| ^ |
v | v
gcr: list_all_slots() gcr: is_slot_importable() for p11-kit-trust.so
(loads PKCS#11 modules, (prints: "token is not importable: %s: write protected")
enumerates their slots)
| ^ | ^
v | v | remote procedure call
p11-kit-trust.so gnome-keyring-pkcs11.so ----------------------> gnome-keyring-daemon
| ^ (disabled by blacklist) |
v | v
trust policy module gnome2-store (I kid you not)
| ^ |
v | v
read-only system CA certificates ~/.local/share/keyrings/user.keystore
and blacklist (fails to find a section)
I am personally working on this issue, you can follow my progress on https:/ /gitlab. gnome.org/ GNOME/seahorse/ -/issues/ 205
So far it looks like there are a number of bugs; a simplified picture looks something like this:
seahorse: gcr_import_ button_ add_parsed( ) gnome-keyring: gkr-tool-import: on_parser_parsed() ------- ------+ create_ for_parsed( ) create_ for_parsed( ) importer_ create_ for_parsed( ) importable( ) for p11-kit-trust.so pkcs11. so ------- ------- ------- -> gnome-keyring- daemon share/keyrings/ user.keystore
| |
| +------
| |
v v
gcr: gcr_importer_
|
v
gcr: iface->
|
v
gcr: _gcr_pkcs11_
| ^ |
v | v
gcr: list_all_slots() gcr: is_slot_
(loads PKCS#11 modules, (prints: "token is not importable: %s: write protected")
enumerates their slots)
| ^ | ^
v | v | remote procedure call
p11-kit-trust.so gnome-keyring-
| ^ (disabled by blacklist) |
v | v
trust policy module gnome2-store (I kid you not)
| ^ |
v | v
read-only system CA certificates ~/.local/
and blacklist (fails to find a section)
Wish me luck...