regression: gnome-keyring components can't be disabled anymore
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnome-keyring (Ubuntu) |
Fix Released
|
Wishlist
|
Dimitri John Ledkov | ||
Trusty |
Fix Released
|
Wishlist
|
Unassigned | ||
Utopic |
Fix Released
|
Wishlist
|
Unassigned | ||
Vivid |
Fix Released
|
Wishlist
|
Dimitri John Ledkov |
Bug Description
To disable gnome-keyring ssh agent,
- disable gnome keyring ssh in startup applications
To disable gnome-keyring gpg agent,
- disable gnome keyring gpg in startup applications
If above are disabled, stock ssh-agent & gpg-agent upstart jobs are used instead.
=====
SRU tests
By default environment should have SSH & GPG agent variables pointing at gnome-keyring provided ones.
Disabling gpg or ssh gnome keyring desktop files in "Startup Applications" upon next login stock gpg/ssh agent's will be used. (No gnome-keyring name in the SSH/GPG agent variable values)
Similarly, disabling upstart jobs for ssh or gpg agent also enables stock ssh/gpg agents. (e.g. echo manual > ~/.config/
=====
GNOME Keyring is by default a rather invasive service, which meddles with security sensitive processes invasively. This may or may not be wise depending on a users situation.
One particular case is GNOME Keyring's gpg-agent implementation, which is incomplete and therefore doesn't support GPG's OpenPGP smartcard support. gpg simply fails (with smartcards) when GNOME Keyring is impersonating gpg-agent...
So to be able to use OpenPGP smartcards on Ubuntu, one needs to disable GNOME Keyring from impersonating gpg-agent, which for quite some time now has been trivial to effectively do:
echo 'X-GNOME-
With GNOME Keyring's recent update (3.10.1-1ubuntu4.1) in Trusty, this seems to have been broken by the addition of:
/usr/share/
So it seems the /etc/xdg/
What is unclear to me is what the upstart session configuration is supposed to achieve? And if it is meant to supplant the xdg/autostart files, those should probably have been removed to prevent them from causing any confusion as to how gnome-keyring is started/managed.
Presuming the upstart session is meant to stay, I would suggest to remove the /etc/xdg/
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: gnome-keyring 3.10.1-1ubuntu4.1
ProcVersionSign
Uname: Linux 3.13.0-39-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.5
Architecture: amd64
CurrentDesktop: Unity
Date: Wed Oct 29 18:14:57 2014
EcryptfsInUse: Yes
InstallationDate: Installed on 2014-04-07 (205 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Beta amd64 (20140326)
SourcePackage: gnome-keyring
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile.
description: | updated |
description: | updated |
Changed in gnome-keyring (Ubuntu): | |
status: | Won't Fix → Incomplete |
status: | Incomplete → In Progress |
description: | updated |
tags: | added: patch |
description: | updated |
Changed in gnome-keyring (Ubuntu Trusty): | |
status: | Confirmed → In Progress |
Changed in gnome-keyring (Ubuntu Utopic): | |
status: | Confirmed → In Progress |
tags: | added: verification-done-trusty verification-needed-utopic |
description: | updated |
description: | updated |
tags: | removed: verification-needed |
tags: | added: regression-update |
Changed in gnome-keyring (Ubuntu Trusty): | |
importance: | Undecided → Wishlist |
Changed in gnome-keyring (Ubuntu Utopic): | |
importance: | Undecided → Wishlist |
xdg-autostart .desktop file is used in sessions that are not upstart managed.
upstart user session jobs are used in upstart managed sessions, e.g. unity.
to disable a job, echo "manual" into an override file (just like with any other upstart jobs)
One can override upstart user session jobs, on per-user, per-session, or system-wide.
e.g. upstart/ gnome-keyring. override xdg-ubuntu/ upstart/ gnome-keyring. override upstart/ gnome-keyring. override
echo manual > /etc/xdg/
echo manual > /etc/xdg/
echo manual > ~/.config/
See man 5 init and the upstart cookbook.
The default agent for unity session is gnome-keyring, however that was not the case in 14.04 until an update was released to resolve bug https:/ /bugs.launchpad .net/ubuntu/ +source/ gnome-keyring/ +bug/1271591
If you wish to use any other agents, use manual override to disable gnome-keyring job and provide your own upstart jobs for other agents, similar to how the gnome-keyring job is defined.
$XDG_CONFIG_HOME, $XDG_CONFIG_DIRS