Debian Bug report logs - #623539
Takes over GPG and SSH agents from gnupg-agent and ssh-agent

Reply or subscribe to this bug.

Toggle useless messages

Message #3 received at submit@bugs.debian.org (full text, mbox, reply):

From: Josh Triplett <josh@joshtriplett.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: Takes over GPG agent from gnupg-agent

Date: Wed, 20 Apr 2011 18:34:07 -0700

Package: gnome-keyring
Version: 3.0.0-2
Severity: normal

Since upgrading to gnome-keyring 3, gnome-keyring has taken over
$GPG_AGENT_INFO, breaking gnupg-agent.  Please check if the session
already has a GPG agent, and if so please don't take over.

Also, please document how to disable the GPG agent entirely, to
complement the existing documentation on how to disable the SSH agent.

Thanks,
Josh Triplett

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.38-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages gnome-keyring depends on:
ii  dbus-x11                      1.4.8-2    simple interprocess messaging syst
ii  libc6                         2.11.2-13  Embedded GNU C Library: Shared lib
ii  libcap2                       1:2.20-1   support for getting/setting POSIX.
ii  libcap2-bin                   1:2.20-1   basic utility programs for using c
ii  libdbus-1-3                   1.4.8-2    simple interprocess messaging syst
ii  libgck0                       3.0.0-2    Glib wrapper library for PKCS#11 -
ii  libgcr-3-0                    3.0.0-2    Library for Crypto UI related task
ii  libgcrypt11                   1.4.6-5    LGPL Crypto library - runtime libr
ii  libglib2.0-0                  2.28.6-1   The GLib library of C routines
ii  libgtk-3-0                    3.0.8-1    The GTK+ graphical user interface 

Versions of packages gnome-keyring recommends:
ii  libpam-gnome-keyring          3.0.0-2    PAM module to unlock the GNOME key

gnome-keyring suggests no packages.

-- no debconf information

Message #8 received at 623539-close@bugs.debian.org (full text, mbox, reply):

From: Jordi Mallach <jordi@debian.org>

To: 623539-close@bugs.debian.org

Subject: Bug#623539: fixed in gnome-keyring 3.0.0-3

Date: Thu, 21 Apr 2011 18:03:17 +0000

Source: gnome-keyring
Source-Version: 3.0.0-3

We believe that the bug you reported is fixed in the latest version of
gnome-keyring, which is due to be installed in the Debian FTP archive:

gnome-keyring_3.0.0-3.debian.tar.gz
  to main/g/gnome-keyring/gnome-keyring_3.0.0-3.debian.tar.gz
gnome-keyring_3.0.0-3.dsc
  to main/g/gnome-keyring/gnome-keyring_3.0.0-3.dsc
gnome-keyring_3.0.0-3_amd64.deb
  to main/g/gnome-keyring/gnome-keyring_3.0.0-3_amd64.deb
libgck-dev_3.0.0-3_amd64.deb
  to main/g/gnome-keyring/libgck-dev_3.0.0-3_amd64.deb
libgck0_3.0.0-3_amd64.deb
  to main/g/gnome-keyring/libgck0_3.0.0-3_amd64.deb
libgcr-3-0_3.0.0-3_amd64.deb
  to main/g/gnome-keyring/libgcr-3-0_3.0.0-3_amd64.deb
libgcr-3-dev_3.0.0-3_amd64.deb
  to main/g/gnome-keyring/libgcr-3-dev_3.0.0-3_amd64.deb
libpam-gnome-keyring_3.0.0-3_amd64.deb
  to main/g/gnome-keyring/libpam-gnome-keyring_3.0.0-3_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 623539@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jordi Mallach <jordi@debian.org> (supplier of updated gnome-keyring package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 21 Apr 2011 19:36:47 +0200
Source: gnome-keyring
Binary: gnome-keyring libgck-dev libgck0 libpam-gnome-keyring libgcr-3-dev libgcr-3-0
Architecture: source amd64
Version: 3.0.0-3
Distribution: unstable
Urgency: low
Maintainer: Josselin Mouette <joss@debian.org>
Changed-By: Jordi Mallach <jordi@debian.org>
Description: 
 gnome-keyring - GNOME keyring services (daemon and tools)
 libgck-dev - GLib wrapper library for PKCS#11 - development
 libgck0    - Glib wrapper library for PKCS#11 - runtime
 libgcr-3-0 - Library for Crypto UI related task - runtime
 libgcr-3-dev - Library for Crypto UI related task - development
 libpam-gnome-keyring - PAM module to unlock the GNOME keyring upon login
Closes: 622875 623335 623539
Changes: 
 gnome-keyring (3.0.0-3) unstable; urgency=low
 .
   [ Josselin Mouette ]
   * Break libgnome-keyring < 3.0.
   * Fail gracefully when capabilities are not supported.
     Closes: #622875, #623335.
   * Break seahorse-plugins < 3.0, since it takes over the GPG
     functionality.
   * README.Debian: document how to disable gnome-keyring components.
     Closes: #623539.
Checksums-Sha1: 
 5c4c0c4eee482ae98bbf41c53b0967e78bff0867 1859 gnome-keyring_3.0.0-3.dsc
 fd0c3048ad75e35813d456de562a4c6505c97d37 18438 gnome-keyring_3.0.0-3.debian.tar.gz
 66eec083073f86468fef672263d15739803ba25e 2047510 gnome-keyring_3.0.0-3_amd64.deb
 f03dce5c8ec855c99fb717020bf6512c6d3798de 289608 libgck-dev_3.0.0-3_amd64.deb
 cbc6695ee8693ed5f15476ec43c8213435eeee10 213382 libgck0_3.0.0-3_amd64.deb
 a279eb9cab4c782c136c6f371c1f058f77889fa6 174114 libpam-gnome-keyring_3.0.0-3_amd64.deb
 38652d03fbe7d76e689ad32b458f592d4aeb784a 376206 libgcr-3-dev_3.0.0-3_amd64.deb
 5f364a6680f24eaa3db6a4e38a55a0c7bd32a721 297924 libgcr-3-0_3.0.0-3_amd64.deb
Checksums-Sha256: 
 a43f4a683327b874cfe49ffd56b7fc37fa03ecd94c473ece1f1e4a2234193921 1859 gnome-keyring_3.0.0-3.dsc
 c603e2934bad615d60befa88791cdac3f0e444a48a21d0542630ffbcd46b29eb 18438 gnome-keyring_3.0.0-3.debian.tar.gz
 c4a437bf956b854776277af574bf4263d677ea9c07648654f6fc78b217e673ea 2047510 gnome-keyring_3.0.0-3_amd64.deb
 ca500b46fd29d72e6a65aa6c0b2a397ee5741f3b7fa4d870d0b90684ccd82de0 289608 libgck-dev_3.0.0-3_amd64.deb
 1718e5e7a516099efeab9e38c6da5e54633d9440840895ecdba936c79124246b 213382 libgck0_3.0.0-3_amd64.deb
 07f8fba7305032daa63bca8a6e389c893fed1346b14b09b08a0506d0ca62db8e 174114 libpam-gnome-keyring_3.0.0-3_amd64.deb
 bf990d5a9eeecfdf7f8b7a04a97d2c5da8bf216f8be767a2b6d4e0dcc064e2c5 376206 libgcr-3-dev_3.0.0-3_amd64.deb
 69282ea2f46ae60774ef8a02e5b61594aed2381a1c2834ad2f264fcb717ea788 297924 libgcr-3-0_3.0.0-3_amd64.deb
Files: 
 77cebf20db684f327d6f6f78561a9e3c 1859 gnome optional gnome-keyring_3.0.0-3.dsc
 3b13ec2db45a1cc6e208af1c697343db 18438 gnome optional gnome-keyring_3.0.0-3.debian.tar.gz
 e3faae773932f0ceccb837ac01354a27 2047510 gnome optional gnome-keyring_3.0.0-3_amd64.deb
 f122cd15c73cb8e5afbe941088efacea 289608 libdevel optional libgck-dev_3.0.0-3_amd64.deb
 ac41db4caf26feb4eff72e68ac6cb6ac 213382 libs optional libgck0_3.0.0-3_amd64.deb
 800eafd37fb252bc715e46b7c25bf80e 174114 admin optional libpam-gnome-keyring_3.0.0-3_amd64.deb
 c54ce932fb1bf249a67c8277f3d55664 376206 libdevel optional libgcr-3-dev_3.0.0-3_amd64.deb
 ef2f8fd2f7b35dbc76fc490d7d9310a7 297924 libs optional libgcr-3-0_3.0.0-3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk2wb8cACgkQJYSUupF6Il4b5gCfQn2pU4LBCYNUsv/1Im3tl/id
jIoAn0CILbkkKvMm48+7nd7Vq1zevvnH
=5Hhb
-----END PGP SIGNATURE-----

Message #13 received at 623539@bugs.debian.org (full text, mbox, reply):

From: Josh Triplett <josh@joshtriplett.org>

To: 623539@bugs.debian.org

Cc: control@bugs.debian.org

Subject: Takes over GPG and SSH agents from gnupg-agent and ssh-agent

Date: Fri, 22 Apr 2011 17:02:45 -0700

reopen 623539
retitle 623539 Takes over GPG and SSH agents from gnupg-agent and ssh-agent
thanks

Thank you for adding documentation on how to manually disable
gnome-keyring's SSH and GPG agents.  (I just ran into the SSH agent
today; apparently gnome-keyring now ignores the previous
/apps/gnome-keyring/daemon-components/ssh gconf key.)  However, this
only fixes half of the reported bug.

I have libpam-ssh installed and configured.  libpam-ssh starts an
ssh-agent with my SSH key automatically unlocked via my login password.
gnome-keyring ignores the configured SSH agent, and starts one of its
own.  Similarly, gnome-keyring ignores my configured gpg-agent, and
starts a GPG agent of its own.  Please check if the session already has
a running GPG agent, and only run the corresponding gnome-keyring agent
if not present.  That way, if the user has gpg-agent or libpam-ssh or
similar installed, it will Just Work; if not, gnome-keyring can handle
that functionality.

- Josh Triplett

Message #22 received at 623539@bugs.debian.org (full text, mbox, reply):

From: Jerome BENOIT <g6299304p@rezozer.net>

To: Debian Bug Tracking System <623539@bugs.debian.org>

Subject: gnome-keyring: incomplete documentation for system wide disabling

Date: Wed, 03 Aug 2011 19:26:46 +0200

Package: gnome-keyring
Version: 3.0.3-2
Followup-For: Bug #623539

Hello:

At the very end og the README.Debian document,
it is sugested to edit /etc/xdg/autostart/gnome-keyring-*.desktop configuration
in view to disable the keyring system wide:
of course, I can edit it, but I am stuck because I do not know how to modify it properly:
this part of the story is lacking in the README.Debian document.

hth,
Jerome


-- System Information:
Debian Release: Wheezy*
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-amd64-mbp62 (SMP w/4 CPU cores)
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Message #27 received at 623539@bugs.debian.org (full text, mbox, reply):

From: Werner Koch <wk@gnupg.org>

To: Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>

Cc: 623539@bugs.debian.org

Subject: GnuPG 2.0 and gnome-keyring

Date: Tue, 14 Apr 2015 10:55:29 +0200

Hi,

I know that it is quite late for the Jessie release but while chatting
with Neal on Sunday he remarked that he recently installed Jessie with
XFCE and had to patch GKR to make GnuPG work.  Thus the meanwhile well
known problems with 2.1 and GKR do not only affect GNOME but also XFCE.
This is quite bad for future GnuPG 2.1 adaption.  But it gets worse:

The common believe is that for GnuPG 2.0 the effect of GKR hijacking the
gpg/gpg-agent IPC is that only gpgsm and smartcards won't work.  I
looked closer at possible problems and figured that if your run GKR it
will also weaken all passphrases used by gpg.  Since GnuPG 2.0.14, which
was release in 2009, we have this feature:

 * New and changed passphrases are now created with an iteration count
   requiring about 100ms of CPU work.

With GKR faking gpg-agent that does not work and the old default
iteration count is used.  For example on my X220 this leads to a 300
times lower iteration count (work factor) for OpenPGP passphrases.  I
have seen CVEs issued for less problematic security degrades.

Sure it is possible to manually configure a different S2K count but
gpg-agent allows to do that automatically because gpg-agent is a long
running process and can calibrate that value.

It seems the GKR author is willing to remove that hijacking only if we
provide a new Pinentry to support gnome-keyring.  Well, that can of
course be done but to me adding a new feature to GNOME has not top
priority.  Adding necessary features to GnuPG itself will of course be
done so to help writing a Gnome-Pinentry.

Even without a new Gnome-Pinentry it is important to stop the hijacking
of the gpg-agent IPC now.  GKR being able to store passphrases for
OpenPGP keys is merely a feature while inhibiting the use of gpgsm,
smartcards, and iteration count calibration are bugs.

Any chance to disable the gpg-agent component in GKR?

See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623539
(Takes over GPG and SSH agents from gnupg-agent and ssh-agent)


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

Message #32 received at 623539@bugs.debian.org (full text, mbox, reply):

From: Josselin Mouette <joss@debian.org>

To: Werner Koch <wk@gnupg.org>, 623539@bugs.debian.org

Cc: Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>

Subject: Re: Bug#623539: GnuPG 2.0 and gnome-keyring

Date: Tue, 14 Apr 2015 12:14:01 +0200

Werner Koch <wk@gnupg.org> wrote: 
        Even without a new Gnome-Pinentry it is important to stop the hijacking
        of the gpg-agent IPC now.  GKR being able to store passphrases for
        OpenPGP keys is merely a feature while inhibiting the use of gpgsm,
        smartcards, and iteration count calibration are bugs.

I’m pretty sure that gnome-keyring 3.14 in jessie supports smartcards
correctly.

As for iteration count calibration, this could probably patched in
gnome-keyring; at least in a Debian-specific patch, but there’s no way
upstream would be hostile to that.

As for gpgsm, I’d be wary of dropping features used by e.g. evolution to
support S/MIME before changing the default gnome-keyring configuration. 

Cheers,
-- 
Joss

Message #37 received at 623539@bugs.debian.org (full text, mbox, reply):

From: Werner Koch <wk@gnupg.org>

To: Josselin Mouette <joss@debian.org>

Cc: 623539@bugs.debian.org, Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>

Subject: Re: Bug#623539: GnuPG 2.0 and gnome-keyring

Date: Tue, 14 Apr 2015 13:53:11 +0200

On Tue, 14 Apr 2015 12:14, joss@debian.org said:

> I’m pretty sure that gnome-keyring 3.14 in jessie supports smartcards
> correctly.

It is not about anything in gnome-keyring but about gnome-keyring
inhibiting gpg to to use smartcards, gpgsm and so on.  GKR has certain
components which replace existing services.  One of these components
replaces gpg-agent - or better said it mimics a small part of gpg-agent
(the "GET_PASSPHRASE" command).  Due to this "hijacking" of the real
gpg-agent (part of GnuPG) large parts of GnuPG do not work on systems
using gnome-keyring.

> As for iteration count calibration, this could probably patched in
> gnome-keyring; at least in a Debian-specific patch, but there’s no way

This was just an example.  The interface between gpg and gpg-agent
belongs to GnuPG and most parts are not published.  Or to say it in
other words: There is no defined interface.  Keep hands off.

gnome-keyring MUST NOT pretend to be gpg-agent.  Or if it does this you
need to add

  Breaks: gnupg2

Do you want a patch to remove gpg-agent from GKR?

> As for gpgsm, I’d be wary of dropping features used by e.g. evolution to
> support S/MIME before changing the default gnome-keyring configuration. 

gpgsm won't work if GKR is used and GKR hijacks gpg-agent.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

Message #42 received at 623539@bugs.debian.org (full text, mbox, reply):

From: Werner Koch <wk@gnupg.org>

To: Josselin Mouette <joss@debian.org>

Cc: 623539@bugs.debian.org, Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>

Subject: Re: [pkg-gnupg-maint] Bug#623539: GnuPG 2.0 and gnome-keyring

Date: Tue, 14 Apr 2015 14:10:54 +0200

On Tue, 14 Apr 2015 13:53, wk@gnupg.org said:

> Do you want a patch to remove gpg-agent from GKR?

The patch is too simple.  Just add

  --disable-gpg-agent

to the ./configure invocation and you should be done.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

Message #47 received at 623539@bugs.debian.org (full text, mbox, reply):

From: Josselin Mouette <joss@debian.org>

To: Werner Koch <wk@gnupg.org>

Cc: 623539@bugs.debian.org, Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>

Subject: Re: [pkg-gnupg-maint] Bug#623539: GnuPG 2.0 and gnome-keyring

Date: Tue, 14 Apr 2015 14:38:12 +0200

Werner Koch <wk@gnupg.org> wrote: 
        > Do you want a patch to remove gpg-agent from GKR?
        
        The patch is too simple.  Just add
        
          --disable-gpg-agent
        
        to the ./configure invocation and you should be done.

Sorry, I was under the impression this was a discussion about actually
improving the situation, not about Debian being used as a playground for
petty complaints about other upstreams. 

If you want to disable this functionality on your system, you can edit
or remove /etc/xdg/autostart/gnome-keyring-gpg.desktop, but we are not
going to meddle in your affairs (or lack thereof) with GNOME developers
by removing features from Debian packages. 

-- 
Joss

Message #52 received at 623539@bugs.debian.org (full text, mbox, reply):

From: NIIBE Yutaka <gniibe@fsij.org>

To: Josselin Mouette <joss@debian.org>

Cc: 623539@bugs.debian.org, Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>, Werner Koch <wk@gnupg.org>

Subject: Re: [pkg-gnupg-maint] Bug#623539: GnuPG 2.0 and gnome-keyring

Date: Wed, 15 Apr 2015 11:59:12 +0900

Hello,

On 04/14/2015 09:38 PM, Josselin Mouette wrote:
> Sorry, I was under the impression this was a discussion about actually
> improving the situation, not about Debian being used as a playground for
> petty complaints about other upstreams. 
> 
> If you want to disable this functionality on your system, you can edit
> or remove /etc/xdg/autostart/gnome-keyring-gpg.desktop, but we are not
> going to meddle in your affairs (or lack thereof) with GNOME developers
> by removing features from Debian packages. 

I'd understand your position.  GnuPG maintainers and/or Debian team
for GnuPG should keep communicating GNOME developers for this issue.
We will.

On the other hand, shall we consider from viewpoint of Debian *users*?

I think that for Debian users, the gpg-agent feature of
gnome-keyring's is questionable since its implementation is immature
and causes troubles.

The only possible benefit with this feature for users would be
coherency for look&feel of dialog box in a desktop environment.

Downside is non-working OpenPGPcard (which is most popular in Debian
users than other distro users, I suppose), weaker S2K (which is pretty
important thing for Debian users), bad for gpgsm, and incompatibility
to GnuPG 2.1 private key handling.

It is unfortunate to force users into this dilemma between good
look&feel and good functionality/security.  This should be eventually
solved by upstreams.

I think that default should be good functionality/security than
look&feel.

It still make sense to offer a choice to users, but I think that the
default for Debian users is better to have

	OnlyShowIn=

in /etc/xdg/autostart/gnome-keyring-gpg.desktop by removing
"GNOME;Unity;MATE;".  I know, the origin of the file is from upstream
of gnome-keyring, but, I believe that it is better default for any
desktop environment for Debian users.

How about this default change in gnome-keyring in Debian?
-- 

Message #57 received at 623539@bugs.debian.org (full text, mbox, reply):

From: Werner Koch <wk@gnupg.org>

To: Josselin Mouette <joss@debian.org>

Cc: 623539@bugs.debian.org, Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>

Subject: Re: [pkg-gnupg-maint] Bug#623539: GnuPG 2.0 and gnome-keyring

Date: Fri, 17 Apr 2015 11:22:27 +0200

[Message part 1 (text/plain, inline)]

On Tue, 14 Apr 2015 14:38, joss@debian.org said:

> Sorry, I was under the impression this was a discussion about actually
> improving the situation, not about Debian being used as a playground for
> petty complaints about other upstreams. 

Sorry, this is serious brokenness which is going on for years.  For the
records let me conclude:

Jessie will be released with a default GNOME and an optional XFCE
desktop featuring these bugs affecting GnuPG

  - S/MIME (gpgsm) does not work at all.

  - Smartcards for GPG won't work.

  - GnuPG's included ssh-agent can't be used.

  - The passphrase protection of GnuPG private keys has been reduced to
    a security level we had before 2010.

  - Brute forcing symmetric encrytion is as easy as before 2010.
    (~300 times faster on an i5-2410M, 2.3Ghz)

This has been justified by a better looking passphrase entry dialog for
GPG keys in GNOME's keyring-manager.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

[Message part 2 (application/pgp-signature, inline)]

Message #62 received at 623539@bugs.debian.org (full text, mbox, reply):

From: Luca Capello <luca@pca.it>

To: 623539@bugs.debian.org

Cc: Josh Triplett <josh@joshtriplett.org>, Jerome BENOIT <g6299304p@rezozer.net>, Werner Koch <wk@gnupg.org>, Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>, NIIBE Yutaka <gniibe@fsij.org>, Simon Josefsson <simon@josefsson.org>

Subject: Re: Takes over GPG and SSH agents from gnupg-agent and ssh-agent

Date: Fri, 11 Mar 2016 23:19:48 +0100

[Message part 1 (text/plain, inline)]

block 623539 by 773304
block 623539 by 760102
affects 623539 + gnupg-agent
affects 623539 + libpam-ssh
user luca.capello@infomaniak.com
usertag 623539 + infomaniak.com-authentication
thanks

Hi there!

On Fri, 22 Apr 2011 17:02:45 -0700, Josh Triplett wrote:
> retitle 623539 Takes over GPG and SSH agents from gnupg-agent and ssh-agent

At least the GnuPG part of this bug has been fixed:

- upstream[1][2][3] since gnome-keyring_3.17.4 together with
  pinentry_0.9.5 and gnupg_2.1.6

- in Debian[4] since gnome-keyring_3.16.0-3

[1] <https://bugs.debian.org/773304>
[2] <https://bugzilla.gnome.org/show_bug.cgi?id=644415#c10>
[3] <https://mail.gnome.org/archives/distributor-list/2015-August/msg00000.html>
[4] <https://bugs.debian.org/760102>

This means that the bug should already been fixed in stretch
(gnome-keyring_3.18.3-1, pinentry_0.9.7-5 and gnupg_2.1.11-6).

For jessie, you still need to avoid gnome-keyring-gpg and -ssh startup
as explained in the README.Debian, either with 'Hidden=true' as
explained on Simon Josefsson's blog[5] or, better, with (works on Ubuntu
14.04 as well, gnome-keyring_3.10.1-1ubuntu4):
=====
$ mkdir -p ~/.config/autostart
$ echo 'X-GNOME-Autostart-enabled=false' \
  | cat /etc/xdg/autostart/gnome-keyring-gpg.desktop - \
  >>~/.config/autostart/gnome-keyring-gpg.desktop
$ echo 'X-GNOME-Autostart-enabled=false' \
  | cat /etc/xdg/autostart/gnome-keyring-ssh.desktop - \
  >>~/.config/autostart/gnome-keyring-ssh.desktop
=====

[5] <https://blog.josefsson.org/2015/01/02/openpgp-smartcards-and-gnome/>

Thx, bye,
Gismo / Luca

[signature.asc (application/pgp-signature, inline)]

Message #95 received at 623539@bugs.debian.org (full text, mbox, reply):

From: Tjeerd Pinkert <t.j.pinkert@alumnus.utwente.nl>

To: 623539@bugs.debian.org

Subject: Re: Takes over GPG and SSH agents from gnupg-agent and ssh-agent

Date: Wed, 9 Aug 2017 20:30:40 +0200

[Message part 1 (text/plain, inline)]

Dear all,

I came across this issue after an update of the 8 series (jessie) with
backports. Seems to be introduced there (or maybe it was already present
and popped back up, I vaguely remember something in the past).

Most annoying is that none of the proposed solutions work. I'm usign the
MATE desktop, and somehow, although I completely removed the
/etc/xdg/autostart/gnome-keyring-gpg.desktop and -ssh equivalent, also
in the ~/.config folder, even while adding the --disable-gpg-agent to
the remaining gnome-keyring files, gnome-keyring keeps interfering. And
stubbornly loads the gpg and ssh parts.


remaining entries have the end of the file now as follows:
-----
Exec=/usr/bin/gnome-keyring-daemon --start --components=secrets
--disable-gpg-agent
OnlyShowIn=GNOME;Unity;MATE;
X-GNOME-Autostart-Phase=Initialization
X-GNOME-AutoRestart=false
X-GNOME-Autostart-Notify=true
X-GNOME-Bugzilla-Bugzilla=GNOME
X-GNOME-Bugzilla-Product=gnome-keyring
X-GNOME-Bugzilla-Component=general
X-GNOME-Bugzilla-Version=3.14.0
-----

GnuPG v 2.0.26-6+deb8u
gnome-keyring 3.14.0-1+b1
pinentry-gtk2 0.9.7-5~bpo8+1

Although the help option of gnome-keyring-daemon shows that the gpg and
ssh parts are optional, they simply load during session start (gdm3 as
display manager). I could not find any other places where the
gnome-keyring-daemon is configured, any hints are welcome.

-----
Solution (not very handy though):
$ killall gnome-keyring-daemon

after the gnome-keyring has been killed pinentry takes over in
thunderbird + gnupg.


Best regards,


Tjeerd


On Fri, 11 Mar 2016 23:19:48 +0100 Luca Capello <luca@pca.it> wrote:
> block 623539 by 773304
> block 623539 by 760102
> affects 623539 + gnupg-agent
> affects 623539 + libpam-ssh
> user luca.capello@infomaniak.com
> usertag 623539 + infomaniak.com-authentication
> thanks
> 
> Hi there!
> 
> On Fri, 22 Apr 2011 17:02:45 -0700, Josh Triplett wrote:
> > retitle 623539 Takes over GPG and SSH agents from gnupg-agent and ssh-agent
> 
> At least the GnuPG part of this bug has been fixed:
> 
> - upstream[1][2][3] since gnome-keyring_3.17.4 together with
>   pinentry_0.9.5 and gnupg_2.1.6
> 
> - in Debian[4] since gnome-keyring_3.16.0-3
> 
> [1] <https://bugs.debian.org/773304>
> [2] <https://bugzilla.gnome.org/show_bug.cgi?id=644415#c10>
> [3] <https://mail.gnome.org/archives/distributor-list/2015-August/msg00000.html>
> [4] <https://bugs.debian.org/760102>
> 
> This means that the bug should already been fixed in stretch
> (gnome-keyring_3.18.3-1, pinentry_0.9.7-5 and gnupg_2.1.11-6).
> 
> For jessie, you still need to avoid gnome-keyring-gpg and -ssh startup
> as explained in the README.Debian, either with 'Hidden=true' as
> explained on Simon Josefsson's blog[5] or, better, with (works on Ubuntu
> 14.04 as well, gnome-keyring_3.10.1-1ubuntu4):
> =====
> $ mkdir -p ~/.config/autostart
> $ echo 'X-GNOME-Autostart-enabled=false' \
>   | cat /etc/xdg/autostart/gnome-keyring-gpg.desktop - \
>   >>~/.config/autostart/gnome-keyring-gpg.desktop
> $ echo 'X-GNOME-Autostart-enabled=false' \
>   | cat /etc/xdg/autostart/gnome-keyring-ssh.desktop - \
>   >>~/.config/autostart/gnome-keyring-ssh.desktop
> =====
> 
> [5] <https://blog.josefsson.org/2015/01/02/openpgp-smartcards-and-gnome/>
> 
> Thx, bye,
> Gismo / Luca

-- 
graag antwoord via: t.j.pinkert@alumnus.utwente.nl



T.J.Pinkert
---------------
Wij zijn per 1 april 2017 naar Duitsland verhuisd.
Omdat we eerst tijdelijk wonen de post graag naar:

Tjeerd Pinkert
Stegerensallee 43
7701 PK Dedemsvaart
The Netherlands

Ons nieuwe tijdelijke adres is (achternaam vermelden!):
Tjeerd Pinkert
Rheinring 4b
38120 Braunschweig
Germany

telefoonnummers:
vast: +49 531 50835195 (voorkeur)
mob: +49 1 5901154868 (voorkeur)
mob: +31 6 41924439

[signature.asc (application/pgp-signature, attachment)]

Send a report that this bug log contains spam.