Bug#578057: gnome-keyring: gnome-rdp no longer saving passwords

Alexander Kurtz kurtz.alex at googlemail.com
Sun Apr 25 14:40:25 UTC 2010 

Hi guys,

I ran into the same problem. Since this is going to be be a long mail, I
try to give you the most important things first:

Fixing the problem
==================
You need to rebuild your gconf database. Run this as root:

   gconf-schemas --register-all

Now start gconf-editor and check /apps/gnome-keyring/daemon-components -
it should look like this:

   pkcs11  [True]
   secrets [True]
   ssh     [True]

It should work now. You'll probably have to logout and login again and
you may have to run this:

   killall gconfd-2

What should happen when upgrading g-k-d
=======================================
Looking at the source code one finds this comment in daemon/gkd-main.c:

   The gnome-keyring startup is not as simple as I wish it could be.

   It's often started in the primidoral stages of a session, where
   there's no DBus, and no proper X display. This is the strange world
   of PAM.

   When started with the --login option, we do as little initialization
   as possible. We expect a login password on the stdin, and unlock
   or create the login keyring.

   Then later we expect gnome-keyring-dameon to be run again with the
   --start option. This second gnome-keyring-daemon will hook the
   original daemon up with environment variables necessary to initialize
   itself and bring it into the session. This second daemon usually 
   exits.

   Without either of these options, we follow a more boring and
   predictable startup.

So the g-k-d startup is done in two parts: one is done by PAM and one is
done by normal gnome autostart mechanisms. These are the files
responsible for the second part:

   $ ls /usr/share/gnome/autostart/gnome-keyring-*
   /usr/share/gnome/autostart/gnome-keyring-pkcs11.desktop
   /usr/share/gnome/autostart/gnome-keyring-secrets.desktop
   /usr/share/gnome/autostart/gnome-keyring-ssh.desktop

Now if you look at these files, they all have a line like this one:

   AutostartCondition=GNOME /apps/gnome-keyring/daemon-components/pkcs11

So these .desktop files are depending on a these gconf keys to be set:

   /apps/gnome-keyring/daemon-components/pkcs11
   /apps/gnome-keyring/daemon-components/secrets
   /apps/gnome-keyring/daemon-components/ssh

This isn't a problem since all these keys are defined
in /usr/share/gconf/schemas/gnome-keyring.schemas and the postinst of
g-k-d contains this

   # Automatically added by dh_gconf
   if [ "$1" = "configure" ]; then
      gconf-schemas --register gnome-keyring.schemas 
   fi
   # End automatically added section

So normally everything should work nicely.

What actually happens (sometimes)
=================================
g-k-d 2.28's version of /usr/share/gconf/schemas/gnome-keyring.schemas
only defines these gconf keys:

   /apps/gnome-keyring/daemon-components/pkcs11
   /apps/gnome-keyring/daemon-components/ssh

So if for some reason the gconf database isn't correctly updated after
upgrading to 2.30 you'll be
missing /apps/gnome-keyring/daemon-components/secrets and
therefore /usr/share/gnome/autostart/gnome-keyring-secrets.desktop won't
run leaving you with a broken g-k-d.

Why is the gconf database sometimes not updated correctly?
==========================================================
I don't know. But I do know that this happend on 2 out of 3 squeeze
boxes I have and _both are amd64_. The last i386 box I have, upgraded
smoothly. So I have tried this test procedure on all machines:

* downgrade gnome-keyring and libgnome-keyring0 to 2.28
  (using snapshots.d.o)
* run gconf-schemas --register-all
* run apt-get upgrade

It seems to be reproducible. Don't ask me why but on amd64

   gconf-schemas --register gnome-keyring.schemas

doesn't seem to be enough while

   gconf-schemas --register-all

seems to work. i386 always works fine, at least for me.

Best regards

Alexander Kurtz 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20100425/9ce41ad8/attachment.pgp>

More information about the pkg-gnome-maintainers mailing list