Bug#578057: gnome-keyring: gnome-rdp no longer saving passwords
Sean McGuire
smcguire at soc.lib.md.us
Tue Apr 27 13:10:31 UTC 2010
What a great run-down. Thank you so much for investigating so
thoroughly.
Unfortunately I followed your fix and gnome-rdp is still not saving
passwords. I logged out and even rebooted. Gconf has all three keys
set. The gnome-keyring-daemon is running. I even tried manually ran
all three commands to make sure there were no errors.
#:~$ gnome-keyring-daemon --start --components=pkcs11
GNOME_KEYRING_CONTROL=/tmp/keyring-7EmB31
SSH_AUTH_SOCK=/tmp/keyring-7EmB31/ssh
#:~$ gnome-keyring-daemon --start --components=secret
GNOME_KEYRING_CONTROL=/tmp/keyring-7EmB31
SSH_AUTH_SOCK=/tmp/keyring-7EmB31/ssh
#:~$ gnome-keyring-daemon --start --components=ssh
GNOME_KEYRING_CONTROL=/tmp/keyring-7EmB31
SSH_AUTH_SOCK=/tmp/keyring-7EmB31/ssh
and the control, pkcs11 and ssh sockets are in /tmp.
I thought for sure that would work.
Sean
On Sun, 25 Apr 2010, Alexander Kurtz wrote:
> Hi guys,
>
> I ran into the same problem. Since this is going to be be a long mail, I
> try to give you the most important things first:
>
> Fixing the problem
> ==================
> You need to rebuild your gconf database. Run this as root:
>
> gconf-schemas --register-all
>
> Now start gconf-editor and check /apps/gnome-keyring/daemon-components -
> it should look like this:
>
> pkcs11 [True]
> secrets [True]
> ssh [True]
>
> It should work now. You'll probably have to logout and login again and
> you may have to run this:
>
> killall gconfd-2
>
> What should happen when upgrading g-k-d
> =======================================
> Looking at the source code one finds this comment in daemon/gkd-main.c:
>
> The gnome-keyring startup is not as simple as I wish it could be.
>
> It's often started in the primidoral stages of a session, where
> there's no DBus, and no proper X display. This is the strange world
> of PAM.
>
> When started with the --login option, we do as little initialization
> as possible. We expect a login password on the stdin, and unlock
> or create the login keyring.
>
> Then later we expect gnome-keyring-dameon to be run again with the
> --start option. This second gnome-keyring-daemon will hook the
> original daemon up with environment variables necessary to initialize
> itself and bring it into the session. This second daemon usually
> exits.
>
> Without either of these options, we follow a more boring and
> predictable startup.
>
> So the g-k-d startup is done in two parts: one is done by PAM and one is
> done by normal gnome autostart mechanisms. These are the files
> responsible for the second part:
>
> $ ls /usr/share/gnome/autostart/gnome-keyring-*
> /usr/share/gnome/autostart/gnome-keyring-pkcs11.desktop
> /usr/share/gnome/autostart/gnome-keyring-secrets.desktop
> /usr/share/gnome/autostart/gnome-keyring-ssh.desktop
>
> Now if you look at these files, they all have a line like this one:
>
> AutostartCondition=GNOME /apps/gnome-keyring/daemon-components/pkcs11
>
> So these .desktop files are depending on a these gconf keys to be set:
>
> /apps/gnome-keyring/daemon-components/pkcs11
> /apps/gnome-keyring/daemon-components/secrets
> /apps/gnome-keyring/daemon-components/ssh
>
> This isn't a problem since all these keys are defined
> in /usr/share/gconf/schemas/gnome-keyring.schemas and the postinst of
> g-k-d contains this
>
> # Automatically added by dh_gconf
> if [ "$1" = "configure" ]; then
> gconf-schemas --register gnome-keyring.schemas
> fi
> # End automatically added section
>
> So normally everything should work nicely.
>
> What actually happens (sometimes)
> =================================
> g-k-d 2.28's version of /usr/share/gconf/schemas/gnome-keyring.schemas
> only defines these gconf keys:
>
> /apps/gnome-keyring/daemon-components/pkcs11
> /apps/gnome-keyring/daemon-components/ssh
>
> So if for some reason the gconf database isn't correctly updated after
> upgrading to 2.30 you'll be
> missing /apps/gnome-keyring/daemon-components/secrets and
> therefore /usr/share/gnome/autostart/gnome-keyring-secrets.desktop won't
> run leaving you with a broken g-k-d.
>
> Why is the gconf database sometimes not updated correctly?
> ==========================================================
> I don't know. But I do know that this happend on 2 out of 3 squeeze
> boxes I have and _both are amd64_. The last i386 box I have, upgraded
> smoothly. So I have tried this test procedure on all machines:
>
> * downgrade gnome-keyring and libgnome-keyring0 to 2.28
> (using snapshots.d.o)
> * run gconf-schemas --register-all
> * run apt-get upgrade
>
> It seems to be reproducible. Don't ask me why but on amd64
>
> gconf-schemas --register gnome-keyring.schemas
>
> doesn't seem to be enough while
>
> gconf-schemas --register-all
>
> seems to work. i386 always works fine, at least for me.
>
> Best regards
>
> Alexander Kurtz
>
More information about the pkg-gnome-maintainers
mailing list