Bug#1131636: keeps re-enabling the keyring daemon, breaking ssh-agent

Marc Haber mh+debian-packages at zugschlus.de
Mon Mar 23 10:51:23 GMT 2026 

Package: gnome-keyring
Version: 50.0-1
Severity: normal

[filing this as priority normal, since it might be a debhelper issue, 
but it overwrites a local admin decision which is a policy violation]

Hi,

I have gnome-keyring installed because it is needed by bluedevil. I use 
KDE, and I have a PIV ssh key on a yubikey. That mandates the use of the 
OpenSSH ssh-agent. I therefore have gnome-keyring-daemon masked so that 
it doesn't interfere with my ssh-agent.

Every gnome-keyring update removes that mask. Since it is overriding a 
local admin decision, that is a policy violation.

I guess that the culprit is the following code from 
gnome-keyring.postinst:

|# Automatically added by dh_installsystemduser/13.31
|if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
|        if [ -z "$DPKG_ROOT" ] ; then
|                # The following line should be removed in trixie or trixie+1
|                deb-systemd-helper --user unmask 'gnome-keyring-daemon.service' >/dev/null || true

Greetings
Marc

-- System Information:
Debian Release: forky/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'oldstable-security'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.19.9-zgws1 (SMP w/20 CPU threads; PREEMPT)
Kernel taint flags: TAINT_CPU_OUT_OF_SPEC
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gnome-keyring depends on:
ii  dbus-user-session [default-dbus-session-bus]  1.16.2-4
ii  dconf-gsettings-backend [gsettings-backend]   0.49.0-4
ii  gcr                                           3.41.2-6
ii  libc6                                         2.42-13
ii  libgck-1-0                                    3.41.2-6
ii  libgcr-base-3-1                               3.41.2-6
ii  libgcrypt20                                   1.12.1-2
ii  libglib2.0-0t64                               2.88.0-1
ii  libsystemd0                                   260-1
ii  p11-kit                                       0.26.2-2
ii  pinentry-gnome3                               1.3.2-4

Versions of packages gnome-keyring recommends:
pn  gnome-keyring-pkcs11  <none>
pn  libpam-gnome-keyring  <none>

gnome-keyring suggests no packages.

-- no debconf information

More information about the pkg-gnome-maintainers mailing list