Red Hat Bugzilla – Bug 446963
seahorse-agent under kdm doesn't start gnome-keyring/ssh-agent
Last modified: 2009-07-14 12:28:57 EDT
Description of problem:
I'm not sure if this is a seahorse issue, a gnome-keyring issue or a
kdm/kde-settings issue; please re-file as appropriate.
I'm trying to get a working keyring setup for KDE so that my NetworkManager and
SSH all have that rich user experience that we all crave. A lot of this is
related to BUG427466.
Given that we can't get away from seahorse and gnome-keyring on KDE (what with
the GPG and NetworkManager tie-ins) it would be reasonable here to request that
seahorse and gnome-keyring-daemon startup scripts be tweaked a bit to work with kdm:
* xinit scripts currently start ssh-agent very late in the login process. This
is too late for seahorse-agent, as it needs to have a working SSH_AUTH_SOCK when
it starts up.
* kdm startup scripts *do* start gpg-agent, which may or may not include
ssh-agent support. This happens after seahorse-agent has started, which is too
* xinit doesn't explicitly start gnome-keyring-daemon. gdm (and some gnome
applications) do this as a side-effect, but kdm does not. Ideally we would want
gnome-keyring-daemon to start very early on in the xinit process to provide SSH
support for seahorse-agent.
* If KDE starts up with seahorse-agent installed, it appears that one of the
gnome applications (possibly seahorse-agent itself) automatically starts
gnome-keyring-daemon, but with the wrong arguments: it uses an explicit
'--components' switch that disables SSH integration. The workaround for this
appears to be to start gnome-keyring-daemon explicitly in xinitrc.d (before
seahorse-agent of course).
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install seahorse-agent
2. Login using a KDE desktop
3. Grovel around to see what's running (ssh-agent, gpg-agent, seahorse-agent,
4. Grovel around the login environment to see what sockets are defined
Usually I end up with extra copies of ssh-agent and gpg-agent running.
We currently have four keyring utilities at play here (I'm not including kwallet
here but it would be nice if it was on the list too).
What we should see on a running KDE desktop is:
* SSH_AUTH_SOCK provided by (in order of preference): gnome-keyring-daemon,
* GPG_AGENT_INFO provided by (in order of preference) seahorse-agent, gpg-agent
* ssh-agent and gnome-keyring-daemon should not be both running
* gpg-agent and seahorse-agent should not be both running
I am able to get this to work by suitable tampering of scripts in
/etc/X11/xinit/xinitrc.d, /etc/kde/env, /etc/kde/shutdown. I can provide
examples if necessary. It's all very fragile and it would be better if these
half-solutions could be pushed upstream.
This message is a reminder that Fedora 9 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 9. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora
'version' of '9'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version prior to Fedora 9's end of life.
Bug Reporter: Thank you for reporting this issue and we are sorry that
we may not be able to fix it before Fedora 9 is end of life. If you
would still like to see this bug fixed and are able to reproduce it
against a later version of Fedora please change the 'version' of this
bug to the applicable version. If you are unable to change the version,
please add a comment here and someone will do it for you.
Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.
The process we are following is described here:
Fedora 9 changed to end-of-life (EOL) status on 2009-07-10. Fedora 9 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.
If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version.
Thank you for reporting this bug and we are sorry it could not be fixed.