Bug 1568176 - Rebase gnome-keyring to 3.28.0.2
Summary: Rebase gnome-keyring to 3.28.0.2
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: gnome-keyring
Version: 7.6
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: David King
QA Contact: Desktop QE
URL:
Whiteboard:
Depends On:
Blocks: 1567133 1649404
TreeView+ depends on / blocked
 
Reported: 2018-04-16 23:00 UTC by Matthias Clasen
Modified: 2018-11-13 15:03 UTC (History)
5 users (show)

Fixed In Version: gnome-keyring-3.28.2-1.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-10-30 10:23:05 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:3140 0 None None None 2018-10-30 10:23:52 UTC

Description Matthias Clasen 2018-04-16 23:00:38 UTC
As part of the desktop rebase in 7.6, we need to rebase gnome-keyring to the version that is shipped with GNOME 3.28.

Comment 2 Kalev Lember 2018-05-24 19:23:50 UTC
I pushed a rebase branch at http://pkgs.devel.redhat.com/cgit/rpms/gnome-keyring/log/?h=private-rhel-7.6-rebase, but it doesn't build. Could someone who knows gnome-keyring code take a look please? It fails with:

pkcs11/gkm/gkm-crypto.c:309:38: error: 'GCRY_PK_ECC' undeclared (first use in this function)
   g_return_val_if_fail (algorithm == GCRY_PK_ECC, CKR_GENERAL_ERROR);

Looks like Jakub Jelen added that code upstream; I've added him to CC here, and also upstream gnome-keyring maintainer Daiki Ueno.

Failed build log: http://coprbe.devel.redhat.com/results/klember/rhel-7-gnome-3-28/rhel-7.dev-x86_64/00019753-gnome-keyring/build.log.gz

Comment 3 Jakub Jelen 2018-05-25 07:26:18 UTC
The ECC keys in gnome-keyring need a new gcrypt version.

But given that gnome-keyring wraps the openssh ssh-agent and no longer does the crypto, the patches adding ecdsa support in gnome-keyring internals can be omitted (which unfortunately adds some complexity).

Or we can introduce proper configure macros and checks in the code to avoid building ECC support, but I am not sure if I will be able to work on that just now.

Comment 4 Daiki Ueno 2018-05-25 07:45:22 UTC
I haven't really checked the code, but for RHEL-7, using the deprecated GCRY_PK_ECDSA (which will be mapped to GCRY_PK_ECC in newer versions) doesn't work?

Comment 5 Kalev Lember 2018-05-25 17:55:30 UTC
Thanks, that seemed to work. I did a downstream s/GCRY_PK_ECC/GCRY_PK_ECDSA/ patch and it built fine with it at least: http://pkgs.devel.redhat.com/cgit/rpms/gnome-keyring/tree/0001-Fix-the-build-with-older-gcrypt-in-RHEL-7.patch?h=private-rhel-7.6-rebase

Comment 9 errata-xmlrpc 2018-10-30 10:23:05 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:3140


Note You need to log in before you can comment on or make changes to this bug.