Bug#787860: closed by Simon McVittie <smcv at debian.org> (Re: Bug#787860: build seahorse compatible with gpg2)

Mark Brown broonie at debian.org
Mon Apr 12 17:00:18 BST 2021

On Mon, Apr 12, 2021 at 04:27:46PM +0100, Simon McVittie wrote:
> On Mon, 12 Apr 2021 at 15:54:07 +0100, Mark Brown wrote:
> > This bug appears to have drifted well away from the initial report
> > (which was about GNOME forcing itself as the SSH agent even if one is
> > already set)

> Are you confusing the clone #787860 "build seahorse compatible with gpg2"
> with your original report #760102 "gnome-keyring: Breaks gpg-agent with
> no UI to disable", later retitled to "gnome-keyring: please build with
> --disable-gpg-agent"?

> You originally reported #760102, which was about gnome-keyring acting as
> a GPG agent (it no longer does this, it talks to the normal gpg-agent
> instead).

Right, it looks like the duplication has caused some confusion here and
the BTS showing the original bug with cloned stuff doesn't help.  I've
reported both bugs several times, the SSH agent part of it has persisted
for a couple of releases while getting harder and harder to work around.

> As a side issue in the original report of #760102, you also mentioned
> gnome-keyring also acting as a *SSH* agent, which is what you're now
> talking about. It does still do *that* by default (in GNOME, Unity or
> MATE desktops), but it can be disabled (I disable it myself, to use the
> gpg-agent as my SSH agent for smart card/token support).

Ugh, this is depressing.  :(

> FYI, here is how to disable gnome-keyring's SSH agent implementation on a
> per-user basis:

> * copy /etc/xdg/autostart/gnome-keyring-ssh.desktop to ~/.config/autostart/
> * add Hidden=true to the [Desktop Entry] group

This is obviously very user hostile, though IIRC that's at least
consistent with the bodge that was needed before so hopefully my systems
won't break on upgrade this time around.  I still find this to be a
pretty serious bug in GNOME since it's actively replacing the existing
SSH agent with a much less functional one with no real user interface
for disabling it (having to hack the start files isn't great and has
been fragile whenever someone decides to refactor them).

> I don't think reopening #787860 is useful: that bug report asks for seahorse
> to be compiled to be gpg2-compatible, and now it is.

Yes, unfortunately the fact that the bug was cloned meant that the
report that it said was being closed was my original report rather than
this separate issue.

> If you are not happy with gnome-keyring providing a *SSH* agent by default
> (in GNOME, MATE and Unity desktops), that would be appropriate to open
> as a new bug report against gnome-keyring (although that bug might be
> wontfix); but please don't report it as a bug in seahorse. I think a new
> bug would be more appropriate than reopening #760102, because the bug
> identified in #760102's title was resolved some time ago.

I'm pretty sure I've already reported that one - it's been present for
a couple of releases - though I can't see it in the set of open bugs any
more so I guess someone closed it at some point, especially if you're
saying you'd just mark it wontfix.  That's pretty disappointing TBH, I
don't entirely understand why a similar approach isn't being adopted to
that with gpg-agent - layering UI on top of an underlying agent rather
than insisting on replacing the agent.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20210412/277e0e17/attachment-0001.sig>

More information about the pkg-gnome-maintainers mailing list