Re: Removing gnome-keyring-manager from desktop distribution
- From: Stef Walter <stef-list memberwebs com>
- To: David Zeuthen <david fubar dk>
- Cc: rstrode redhat com, "desktop-devel-list gnome org" <desktop-devel-list gnome org>
- Subject: Re: Removing gnome-keyring-manager from desktop distribution
- Date: Fri, 4 Jan 2008 16:28:04 +0000 (UTC)
David Zeuthen wrote:
> Hey Stef,
> On Wed, 2007-12-19 at 04:06 +0000, Stef Walter wrote:
>> In fact this whole bit of the seahorse-agent (starting whenever we want
>> to) needs to go away. It's incompatible with newer versions of GPG, and
>> is an major hack. One of my initial contributions to GNOME that makes me
>> want to bury my head in shame :(
> I just stumbled across searhorse in another context . I see that
> seahorse-agent rewrites my .gnupg/gpg.conf file with the socket address.
> Frankly, that's a) a huge hack; and b) pretty scary; and c) just won't
> work with shared home dirs, multiple sessions or anything else. This is
> with seahorse 2.21.3. Was this what you meant with 'hack' above.. if
> so.. what is the roadmap for fixing it?
I'm working towards removing the seahorse-agent process and implementing
its functionality properly in gnome-keyring. This allows integration
with the users login and certificates/key store. Already done for 2.22:
a proper SSH agent. Next up is the GPG agent.
> The modern approach to this problem is to use the session bus (e.g.
> D-Bus) as the protocol since it solves all of these problems (including
> nuking all daemons on the bus when the session ends). However, then you
> need to get gnupg2 upstream to adopt this. Probably long shot. But the
> session bus protocol approach is definitely the road ahead if you
> control the protocol (e.g. new projects should do this).
Yes that's definitely the ideal. In seahorse (and gnome-keyring) we're
stuck with gnupg and openssh's environment variable use for now.
> I think what we're doing in Fedora for -agent style programs is to
> autostart them via /etc/X11/xinit/xinitrc.d/ - e.g. on Fedora the
> seahorse RPM should probably drop a file there and it will get
> autostarted by itself (and we'd pass the -v option so gpg.conf isn't
Yes, that's how distributions are recommended to start seahorse-agent:
The gpg.conf code was from when seahorse didn't come bundled and
installed in distributions, and could be started via autostart.
> I honestly don't know if this is a Fedora-ism. But if it isn't, perhaps
> it would be good for seahorse to just do this in the upstream tarball
> and remove the evil code for rewriting the .gnupg/gpg.conf file.
I'll run this by the guys on the seahorse list. Sounds like a good
] [Thread Prev