Re: Removing gnome-keyring-manager from desktop distribution

From: David Zeuthen <david fubar dk>
To: stef memberwebs com
Cc: rstrode redhat com, "desktop-devel-list gnome org" <desktop-devel-list gnome org>
Subject: Re: Removing gnome-keyring-manager from desktop distribution
Date: Thu, 03 Jan 2008 18:10:27 -0500

Hey Stef,

On Wed, 2007-12-19 at 04:06 +0000, Stef Walter wrote:
> > I'd propose to a) make ssh-agent register with the session manager itself
> > or b) install an autostart file for it,
> > or c) add a check box next to the button
> >    [ ] do this automatically in the future
> 
> Yes this is kludgy and junky.
> 
> In fact this whole bit of the seahorse-agent (starting whenever we want
> to) needs to go away. It's incompatible with newer versions of GPG, and
> is an major hack. One of my initial contributions to GNOME that makes me
> want to bury my head in shame :(

I just stumbled across searhorse in another context [1]. I see that
seahorse-agent rewrites my .gnupg/gpg.conf file with the socket address.
Frankly, that's a) a huge hack; and b) pretty scary; and c) just won't
work with shared home dirs, multiple sessions or anything else. This is
with seahorse 2.21.3. Was this what you meant with 'hack' above.. if
so.. what is the roadmap for fixing it?

Thinking about the problem, it's pretty hard; if you need to export an
environment variable you can't, at the moment anyway, use xdg autostart.

And xdg autostart will probably never allow this; here's why: relying on
environment variables is slightly broken already; for example if two
services need each other you're screwed. You also then need to worry
about ordering of startup. Also, it prevents a service from starting
late in the game - which is useful if said service needs to get
credentials from the user to perform it's function (and you generally
want to wait as long as possible before putting up annoying password
dialogs).

The other approach is to rely on a per-user file in /tmp or in $HOME but
that's broken too as it won't work for multiple sessions for the same
user (think of all the other problems when turning something per-session
into per-user).

(essentially, this is what you are doing; you turning something that is
per-session into being per-user.)

The modern approach to this problem is to use the session bus (e.g.
D-Bus) as the protocol since it solves all of these problems (including
nuking all daemons on the bus when the session ends). However, then you
need to get gnupg2 upstream to adopt this. Probably long shot. But the
session bus protocol approach is definitely the road ahead if you
control the protocol (e.g. new projects should do this).

I think what we're doing in Fedora for -agent style programs is to
autostart them via /etc/X11/xinit/xinitrc.d/ - e.g. on Fedora the
seahorse RPM should probably drop a file there and it will get
autostarted by itself (and we'd pass the -v option so gpg.conf isn't
rewritten). 

I honestly don't know if this is a Fedora-ism. But if it isn't, perhaps
it would be good for seahorse to just do this in the upstream tarball
and remove the evil code for rewriting the .gnupg/gpg.conf file.
Thoughts?

(I've added Ray Strode to comment on this; I think he has the details.)

     David

[1] : https://bugzilla.redhat.com/show_bug.cgi?id=427316

Follow-Ups:
- Re: Removing gnome-keyring-manager from desktop distribution
  - From: Stef Walter
- Re: Removing gnome-keyring-manager from desktop distribution
  - From: Ross Burton
- Re: Removing gnome-keyring-manager from desktop distribution
  - From: Stef Walter

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]