[pkg-gnupg-maint] Bug#919856: Bug#919856: gpg-agent: agent refuses operation again

[NIIBE Yutaka]

Norbert Preining <norbert at preining.info> wrote:
>> "no-allow-external-cache" in your .gnupg/gpg-agent.conf.
>
> Confirmed, that made it work.

Good.

> Around 12/28 there was an update of libsecret in unstable, that was more
> or less when it started - hard to say, I wasn't online for some time
> around new year etc.

I tried to reproduce your problem in my envirionment of XFCE4 desktop.
I use testing, and libsecret is new one.  I haven't reprodeced yet.

>> In GNOME Desktop, it is gnome-keyring-daemon which handles secret store.
>> Please check your gnome-keyring-daemon is running correctly.  It's in
>> gnome-keyring package.
>
> How do I check that it is running correctly? It is running, and it
> serves secrets, because my offlineimap client gets them via a python
> module from the store for mail sync. Any other tests I should/can do?

That's the question, I want to know.

I only have small knowledge;  The libsecret is a client of the "Secret
Service API", where gnome-keyring-daemon serves.  The API specification
is available here:

    https://specifications.freedesktop.org/secret-service/index.html

After login by lightdm with libpam-gnome-keyring installed,
I observed that I have this process.

    /usr/bin/gnome-keyring-daemon --daemonize --login

I think gnome-keyring-daemon is invoked by libpam-gnome-keyring to
"unlock" the secret store.

And after use of pinentry, there are two processes.

    /usr/bin/gnome-keyring-daemon --daemonize --login
    /usr/bin/gnome-keyring-daemon --start --foreground --components=secrets

I think that latter is started by systemd via libsecret using
DBUS_SESSION_BUS_ADDRESS.

When I manually killed the latter, pinentry still works well,
only with the former process.

>> You are using gpg-agent as ssh-agent.  Please don't activate
>> gnome-keyring-daemon's feature as ssh-agent.
>
> Where would I check/configure that?

I only have partial knowledge.

There are three scripts under /etc/xdg/autostart/.  They have the line:

    OnlyShowIn=GNOME;Unity;MATE;

So, it is not relevant to XFCE4.  I guess it is same for Cinnamon.

XFCE4 Desktop has it's own autostart entry for gnome-keyring's secret
service, which I disabled.

gnome-keyring package provides following files:

    /usr/share/dbus-1/services/org.freedesktop.secrets.service
    /usr/share/dbus-1/services/org.gnome.keyring.service

I think that these files are used by dbus to launch gnome-keyring-daemon.

> $ ps ax | grep gnome
>  2330 ?        SLl    0:00 /usr/bin/gnome-keyring-daemon --daemonize --login

I think that your configuration is correct (I guess that it is the
gnome-keyring-daemon which is invoked by lightdm through
libpam-gnome-keyring).


For a while, please stand with the workaround.


BTW, my problem of pinentry-qt was identified in this report:

   https://dev.gnupg.org/T4339
--