Bug#775189: mate-session spawns gnome-keyring unconditionally
mike.gabriel at das-netzwerkteam.de
Mon Jan 12 13:37:29 UTC 2015
On Mo 12 Jan 2015 13:38:40 CET, Faidon Liambotis wrote:
> Since upstream commit 8a20baf39f781184d6126e0947e9fd4d9a115fab,
> mate-session-manager spawns gnome-keyring-daemon, with no option to turn
> it off, or pass arguments to it (such as --components).
> While this is bad in itself, it gets worse: keyring is spawned *after*
> the regular user-configured autostart programs are run. gnome-keyring's
> default set of components includes a GPG & a SSH agent and rightfully
> exports SSH_AUTH_SOCK and GPG_AGENT_INFO.
This already was an issue with gnome-keyring in GNOMEv2.
> Therefore, even if the user has configured their desktop to spawn the
> (more featureful and arguably more secure OpenSSH) ssh-agent or
> gpg-agent, it is impossible to use it, as gnome-keyring-daemon clobbers
> the these two environmental variables.
The "clobbering" could be disabled via gconf in GNOMEv2 and I am
pretty sure there is something similar possible by manipulating with
> Note that e.g. gdm3's default PAM configuration uses pam_gnome_keyring
> which calls gnome-keyring-daemon with the --daemonize --login options.
> This starts the daemon but does not initialize it; mate-sessions's
> execution with --start is what initializes it and exports these
> variables into the session's environment.
> Finally, note that MATE's default session autostart includes multiple
> GNOME Keyring entries, a different one for each keyring component, that
> can be individually be turned off and on. This is what GNOME used to do
> (maybe still does?) as well. I've yet to understand why mate-session
> also spawns it from its code as well.
In mate-session there is some extra code that makes sure gnome-keyring
has been launched because there were times when gnome-keyring would
not launch for MATE, but only for GNOMEv3 (OnlyShowin=GNOME;Unity;).
It may be an option for Debian jessie to remove that bit of extra code
from mate-session, but I would like to get some feedback from Stefano
or Sandwer (upstream devs of MATE).
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 819 bytes
Desc: Digitale PGP-Signatur
More information about the pkg-mate-team