Bug#578057: gnome-keyring: gnome-rdp no longer saving passwords

Sean McGuire smcguire at soc.lib.md.us
Tue Apr 27 13:10:31 UTC 2010 

What a great run-down.  Thank you so much for investigating so 
thoroughly.

Unfortunately I followed your fix and gnome-rdp is still not saving 
passwords.  I logged out and even rebooted.  Gconf has all three keys 
set.  The gnome-keyring-daemon is running.  I even tried manually ran 
all three commands to make sure there were no errors.

#:~$ gnome-keyring-daemon --start --components=pkcs11
GNOME_KEYRING_CONTROL=/tmp/keyring-7EmB31
SSH_AUTH_SOCK=/tmp/keyring-7EmB31/ssh
#:~$ gnome-keyring-daemon --start --components=secret
GNOME_KEYRING_CONTROL=/tmp/keyring-7EmB31
SSH_AUTH_SOCK=/tmp/keyring-7EmB31/ssh
#:~$ gnome-keyring-daemon --start --components=ssh
GNOME_KEYRING_CONTROL=/tmp/keyring-7EmB31
SSH_AUTH_SOCK=/tmp/keyring-7EmB31/ssh

and the control, pkcs11 and ssh sockets are in /tmp.

I thought for sure that would work.
Sean



On Sun, 25 Apr 2010, Alexander Kurtz wrote:

> Hi guys,
>
> I ran into the same problem. Since this is going to be be a long mail, I
> try to give you the most important things first:
>
> Fixing the problem
> ==================
> You need to rebuild your gconf database. Run this as root:
>
>   gconf-schemas --register-all
>
> Now start gconf-editor and check /apps/gnome-keyring/daemon-components -
> it should look like this:
>
>   pkcs11  [True]
>   secrets [True]
>   ssh     [True]
>
> It should work now. You'll probably have to logout and login again and
> you may have to run this:
>
>   killall gconfd-2
>
> What should happen when upgrading g-k-d
> =======================================
> Looking at the source code one finds this comment in daemon/gkd-main.c:
>
>   The gnome-keyring startup is not as simple as I wish it could be.
>
>   It's often started in the primidoral stages of a session, where
>   there's no DBus, and no proper X display. This is the strange world
>   of PAM.
>
>   When started with the --login option, we do as little initialization
>   as possible. We expect a login password on the stdin, and unlock
>   or create the login keyring.
>
>   Then later we expect gnome-keyring-dameon to be run again with the
>   --start option. This second gnome-keyring-daemon will hook the
>   original daemon up with environment variables necessary to initialize
>   itself and bring it into the session. This second daemon usually
>   exits.
>
>   Without either of these options, we follow a more boring and
>   predictable startup.
>
> So the g-k-d startup is done in two parts: one is done by PAM and one is
> done by normal gnome autostart mechanisms. These are the files
> responsible for the second part:
>
>   $ ls /usr/share/gnome/autostart/gnome-keyring-*
>   /usr/share/gnome/autostart/gnome-keyring-pkcs11.desktop
>   /usr/share/gnome/autostart/gnome-keyring-secrets.desktop
>   /usr/share/gnome/autostart/gnome-keyring-ssh.desktop
>
> Now if you look at these files, they all have a line like this one:
>
>   AutostartCondition=GNOME /apps/gnome-keyring/daemon-components/pkcs11
>
> So these .desktop files are depending on a these gconf keys to be set:
>
>   /apps/gnome-keyring/daemon-components/pkcs11
>   /apps/gnome-keyring/daemon-components/secrets
>   /apps/gnome-keyring/daemon-components/ssh
>
> This isn't a problem since all these keys are defined
> in /usr/share/gconf/schemas/gnome-keyring.schemas and the postinst of
> g-k-d contains this
>
>   # Automatically added by dh_gconf
>   if [ "$1" = "configure" ]; then
>      gconf-schemas --register gnome-keyring.schemas
>   fi
>   # End automatically added section
>
> So normally everything should work nicely.
>
> What actually happens (sometimes)
> =================================
> g-k-d 2.28's version of /usr/share/gconf/schemas/gnome-keyring.schemas
> only defines these gconf keys:
>
>   /apps/gnome-keyring/daemon-components/pkcs11
>   /apps/gnome-keyring/daemon-components/ssh
>
> So if for some reason the gconf database isn't correctly updated after
> upgrading to 2.30 you'll be
> missing /apps/gnome-keyring/daemon-components/secrets and
> therefore /usr/share/gnome/autostart/gnome-keyring-secrets.desktop won't
> run leaving you with a broken g-k-d.
>
> Why is the gconf database sometimes not updated correctly?
> ==========================================================
> I don't know. But I do know that this happend on 2 out of 3 squeeze
> boxes I have and _both are amd64_. The last i386 box I have, upgraded
> smoothly. So I have tried this test procedure on all machines:
>
> * downgrade gnome-keyring and libgnome-keyring0 to 2.28
>  (using snapshots.d.o)
> * run gconf-schemas --register-all
> * run apt-get upgrade
>
> It seems to be reproducible. Don't ask me why but on amd64
>
>   gconf-schemas --register gnome-keyring.schemas
>
> doesn't seem to be enough while
>
>   gconf-schemas --register-all
>
> seems to work. i386 always works fine, at least for me.
>
> Best regards
>
> Alexander Kurtz
>

More information about the pkg-gnome-maintainers mailing list