Re: Removing gnome-keyring-manager from desktop distribution

David Zeuthen wrote:
> Hey Stef,
> On Wed, 2007-12-19 at 04:06 +0000, Stef Walter wrote:
>> In fact this whole bit of the seahorse-agent (starting whenever we want
>> to) needs to go away. It's incompatible with newer versions of GPG, and
>> is an major hack. One of my initial contributions to GNOME that makes me
>> want to bury my head in shame :(
> I just stumbled across searhorse in another context [1]. I see that
> seahorse-agent rewrites my .gnupg/gpg.conf file with the socket address.
> Frankly, that's a) a huge hack; and b) pretty scary; and c) just won't
> work with shared home dirs, multiple sessions or anything else. This is
> with seahorse 2.21.3. Was this what you meant with 'hack' above.. if
> so.. what is the roadmap for fixing it?

I'm working towards removing the seahorse-agent process and implementing
its functionality properly in gnome-keyring. This allows integration
with the users login and certificates/key store. Already done for 2.22:
a proper SSH agent. Next up is the GPG agent.

> The modern approach to this problem is to use the session bus (e.g.
> D-Bus) as the protocol since it solves all of these problems (including
> nuking all daemons on the bus when the session ends). However, then you
> need to get gnupg2 upstream to adopt this. Probably long shot. But the
> session bus protocol approach is definitely the road ahead if you
> control the protocol (e.g. new projects should do this).

Yes that's definitely the ideal. In seahorse (and gnome-keyring) we're
stuck with gnupg and openssh's environment variable use for now.

> I think what we're doing in Fedora for -agent style programs is to
> autostart them via /etc/X11/xinit/xinitrc.d/ - e.g. on Fedora the
> seahorse RPM should probably drop a file there and it will get
> autostarted by itself (and we'd pass the -v option so gpg.conf isn't
> rewritten). 

Yes, that's how distributions are recommended to start seahorse-agent:

The gpg.conf code was from when seahorse didn't come bundled and
installed in distributions, and could be started via autostart.

> I honestly don't know if this is a Fedora-ism. But if it isn't, perhaps
> it would be good for seahorse to just do this in the upstream tarball
> and remove the evil code for rewriting the .gnupg/gpg.conf file.
> Thoughts?

I'll run this by the guys on the seahorse list. Sounds like a good
interim approach.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]