Bug#995023: gnome-keyring fails on home directory provided by sshfs

Andreas B. Mundt andi at debian.org
Fri Sep 24 22:25:16 BST 2021 

Package: gnome-keyring
Severity: normal
Tags: patch upstream
X-Debbugs-Cc: andi at debian.org

Hi,

there is a long standing issue with gnome-keyring:  If the home
directory is provided by sshfs, thousands of files are generated 
in '~/.local/share/keyrings/' on the first login of a user (and 
the login usually fails).  The upstream bug [1] provides a link 
to the old bug tracker with more information and history.

The reason is the following:  In pkcs11/gkm/gkm-transaction.c, a
temporary link, respectively copy of a file is generated.  On file
systems that provide support for hard links, this is done by calling 
link() (right above the lines of the patch).  To take file systems 
into account that do not support hard links, a copy of the file is 
made if the hard linking fails.

Unfortunately on sshfs, the call of link() already makes a copy of the
file, which fails to be noticed, as success is checked by looking at
the link counter of the original file, which doesn't change if a copy is
made instead.  So a copy is attempted, which fails as well, because the 
copy already exists.  After that, the loop continues from the beginning,
trying another random file name for the link/copy.

The attached patch for review adds a test for the file which did not 
exist before calling link(). This covers the case, where link() already 
copies the file and another copy would fail because a file with the same
name already exists.

Regards,

  Andi


[1] <URL:https://gitlab.gnome.org/GNOME/gnome-keyring/-/issues/84>
-------------- next part --------------
>From 8b1f5d2f99d0af18e2c569da19f29dce48253304 Mon Sep 17 00:00:00 2001
From: "Andreas B. Mundt" <andi at debian.org>
Date: Fri, 24 Sep 2021 21:10:52 +0200
Subject: [PATCH] Fix for sshfs.

---
 debian/patches/series      |  1 +
 debian/patches/sshfs.patch | 16 ++++++++++++++++
 2 files changed, 17 insertions(+)
 create mode 100644 debian/patches/sshfs.patch

diff --git a/debian/patches/series b/debian/patches/series
index e1ee4dfc..8c81fbe2 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
 03_kfreebsd.patch
 05_skip-known-test-failures.patch
+sshfs.patch
diff --git a/debian/patches/sshfs.patch b/debian/patches/sshfs.patch
new file mode 100644
index 00000000..08380a7f
--- /dev/null
+++ b/debian/patches/sshfs.patch
@@ -0,0 +1,16 @@
+--- a/pkcs11/gkm/gkm-transaction.c
++++ b/pkcs11/gkm/gkm-transaction.c
+@@ -300,10 +300,10 @@
+ 			} else if (stat (filename, &sb)) {
+ 				stat_failed = 1;
+ 			} else {
+-				if ((sb.st_nlink == nlink + 1)
++				if ((sb.st_nlink == nlink + 1) || !access(result, F_OK)
+ 				    || !copy_to_temp_file (result, filename)) {
+-					/* Either the link worked or
+-					 * the copy succeeded.  */
++					/* Either the link worked (on sshfs, a copy is made
++					 * instead) or the final copy_to_temp_file succeeded.  */
+ 					gkm_transaction_add (self, NULL,
+ 					                     complete_link_temporary,
+ 					                     result);
-- 
2.30.2

More information about the pkg-gnome-maintainers mailing list