Bug#981420: libglib2.0-0: gnome-keyring unable to unlock login keyring
Simon McVittie
smcv at debian.org
Sun Jan 31 15:36:17 GMT 2021
On Sun, 31 Jan 2021 at 11:45:08 +0000, Simon McVittie wrote:
> I suspect I know what change triggered this: it'll be the security hardening
> imported from the upstream glib-2-66 branch in 2.66.4-2. However, I couldn't
> reproduce this failure to unlock in a test VM.
I've prepared several sets of packages that partially revert that change,
to test this theory. They're all available from
<https://people.debian.org/~smcv/bug981420/> as amd64 and i386 packages,
signed by my key in the Debian keyring.
The set versioned as "2.66.4-3+revert981420targeted" revert only the change
that is most likely to be the cause of this regression. They also add new
warnings that are printed whenever it matters. Please could you try those
and report back whether it is successful?
Whether they solve it or not, please also report what messages are logged
in the systemd journal while you are logging in. I would expect to see
a message something like this:
Suppressing use of DBUS_SESSION_BUS_ADDRESS because setuid: euid 0 != ruid 1000
or like this:
Not suppressing use of DBUS_SESSION_BUS_ADDRESS because not setuid, even though AT_SECURE
If that set doesn't solve the regression, the next set to try is the one
versioned as "2.66.4-3+revert981420dbus".
Finally, if that doesn't solve it either, "2.66.4-3+revert981420entirely"
might.
Whatever the results of this, I'll still need to know whether your
gnome-keyring-daemon is setuid and/or setcap (see previous messages).
Thanks,
smcv
More information about the pkg-gnome-maintainers
mailing list