You are not logged in.

#51 2016-02-04 07:07:29

xaos52
The Good Doctor
From: Planet of the @pes
Registered: 2015-09-30
Posts: 695

Re: initializing gnome-keyring-daemon in autostart

^agreed

Offline

#52 2016-02-04 07:13:08

hhh
Meep!
Registered: 2015-09-17
Posts: 9,587
Website

Re: initializing gnome-keyring-daemon in autostart

Damn. You gents are on it.

Offline

#53 2016-02-04 07:17:06

xaos52
The Good Doctor
From: Planet of the @pes
Registered: 2015-09-30
Posts: 695

Re: initializing gnome-keyring-daemon in autostart

@hhh
We are just brainstorming here.
We actually respect each other, I think. Well I do.
The goal is to enlighten each other and eventually reach agreement.

Offline

#54 2016-02-04 07:31:23

hhh
Meep!
Registered: 2015-09-17
Posts: 9,587
Website

Re: initializing gnome-keyring-daemon in autostart

xaos52 wrote:

We are just brainstorming here.

Yes. You, johnraff, damo, HoaS, twoion, Sector11, Unia, pvsage, tknomanzr (how the eff do you spell that?), bronto-rex, fog, ohnonot... I think BL will be OK for a while.

Offline

#55 2016-02-04 07:59:21

xaos52
The Good Doctor
From: Planet of the @pes
Registered: 2015-09-30
Posts: 695

Re: initializing gnome-keyring-daemon in autostart

@John

So what's happening here? I'm pretty sure it used to be possible to export variables from autostart, but at one time the file was sourced by openbox's startup, not run as a child.

Does not work for me.
The variable is not set.

Could it be that you're using a newer version of openbox than what comes with Debian Jessie, with different behaviour? Anyway, could you try that test again? I know exporting shouldn't work - but it seems to anyway...

Am doing all my testing now in the first RC2 that hhh provided (not the last one - but I don't think it makes a difference) updated and upgraded.

Just tested again to be really sure. Same result.

me@medion:~/tmp/today$ acp openbox
openbox:
  Installed: 3.5.2-8
  Candidate: 3.5.2-8
  Version table:
 *** 3.5.2-8 0
        500 http://httpredir.debian.org/debian/ jessie/main amd64 Packages
        100 /var/lib/dpkg/status

Offline

#56 2016-02-04 08:14:34

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 6,789
Website

Re: initializing gnome-keyring-daemon in autostart

xaos52 wrote:

We actually respect each other, I think.

Of course!!
And I learn a lot from these discourses.
Eventally, we come to an agreement and things move on...


...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), idle Twitterings and GitStuff )

Introduction to the Bunsenlabs Lithium Desktop

Offline

#57 2016-02-04 08:21:39

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 6,789
Website

Re: initializing gnome-keyring-daemon in autostart

xaos52 wrote:

@John

So what's happening here? I'm pretty sure it used to be possible to export variables from autostart, but at one time the file was sourced by openbox's startup, not run as a child.

Does not work for me.
The variable is not set.

I just did another test, and sure enough the variable was set!
But... that was on a VirtualBox VM, and that was already suspected of being the cause of some strange behaviour with $SSH_AUTH_SOCK

I tried another test, on a real machine this time, not a VM, and...

...the variable was NOT set.

So, OK we've established two things:

  1. openbox/autostart can no longer be used (as it was by many people in the past) for exporting environment variables. That is perhaps why the file openbox/environment was added.

  2. VirtualBox VMs cannot be trusted with environment variables.


...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), idle Twitterings and GitStuff )

Introduction to the Bunsenlabs Lithium Desktop

Offline

#58 2016-02-04 08:58:05

xaos52
The Good Doctor
From: Planet of the @pes
Registered: 2015-09-30
Posts: 695

Re: initializing gnome-keyring-daemon in autostart

I am now experimenting with moving the gnome-keyring-daemon --start thing to $HOME/.config/openbox/environment and first results are promising.

This seems to do the trick:

## GNOME Keyring
# WARNING: interpreter is dash!
while read -r _line
do
    _var=${_line%=*}
    _value=${_line#*=}
    eval if [ -z \$"$_var" ]\; then export "$_var"="$_value"\; fi
done <<EOF
$(gnome-keyring-daemon --start --components=pkcs11,secrets,ssh,gpg)
EOF
unset _line _var _value

Had to resort to
1. using eval.
   It is safe here because only using output from gnome-keyring-daemon.
2. Here-doc because the exports can not be done in a subshell. That would prevent the variables to be set in the openbox environment.

Testing if any of the variables was set already, which will be the case if either ssh-agent and/or gpg-agent are present on the system. If they are, their settings have priority over the gnome-keyring-daemon settings.

I have already tested the case where ssh is installed, but ssh-agent is disabled and gnupg-agent is not installed:

me@medion:~$ env| grep -iE 'ssh|gpg'
GPG_AGENT_INFO=/run/user/1000/keyring/gpg:0:1
SSH_AUTH_SOCK=/run/user/1000/keyring/ssh

Need to test scenarios where:
1. stand-alone ssh-agent is enabled.

me@medion:~$ env| grep -iE 'ssh|gpg'
SSH_AGENT_PID=7169
GPG_AGENT_INFO=/run/user/1000/keyring/gpg:0:1
SSH_AUTH_SOCK=/tmp/ssh-xNQ7yA6vkgtG/agent.7145
me@medion:~$ 

2. stand-alone gpg-agent is installed and enabled.

me@medion:~$ env| grep -iE 'ssh|gpg'
SSH_AGENT_PID=8058
GPG_AGENT_INFO=/tmp/gpg-nDsiNK/S.gpg-agent:8059:1
SSH_AUTH_SOCK=/tmp/ssh-kTbKHjVDuDDq/agent.8033
me@medion:~$ 

Seems to work in all cases.

Offline

#59 2016-02-04 09:01:10

xaos52
The Good Doctor
From: Planet of the @pes
Registered: 2015-09-30
Posts: 695

Re: initializing gnome-keyring-daemon in autostart

And I learn a lot from these discourses.

Me too, John, me too. smile

Offline

#60 2016-02-05 03:18:41

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 6,789
Website

Re: initializing gnome-keyring-daemon in autostart

About the XDG_CURRENT_DESKTOP discussion, this is a different topic, and a thread already exists for it: https://forums.bunsenlabs.org/viewtopic.php?id=1116

It's also important, but I hope no-one minds if I move the posts referring only to that topic over there, so we can focus on gnome-keyring here.

(If anyone objects, I can move the posts back here again.)


...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), idle Twitterings and GitStuff )

Introduction to the Bunsenlabs Lithium Desktop

Offline

#61 2016-02-05 04:35:58

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 6,789
Website

Re: initializing gnome-keyring-daemon in autostart

xaos52 wrote:

I am now experimenting with moving the gnome-keyring-daemon --start thing to $HOME/.config/openbox/environment and first results are promising.

This seems to do the trick:

## GNOME Keyring
# WARNING: interpreter is dash!
while read -r _line
do
    _var=${_line%=*}
    _value=${_line#*=}
    eval if [ -z \$"$_var" ]\; then export "$_var"="$_value"\; fi
done <<EOF
$(gnome-keyring-daemon --start --components=pkcs11,secrets,ssh,gpg)
EOF
unset _line _var _value

Had to resort to
1. using eval.
   It is safe here because only using output from gnome-keyring-daemon.
2. Here-doc because the exports can not be done in a subshell. That would prevent the variables to be set in the openbox environment.

Sorry to be dense, but I don't understand the need to do all this processing. Why not just feed the output of the gnome-keyring command directly to export?

I tested it in a shell (not bash) terminal, with a test function that spits out two variable assignments, on two lines.
First terminal:

john@raffles4:~$ sh
$ f() { echo "one=first
> two=second"; }
$ f
one=first
two=second
$ urxvt # variables have not been set in new terminal
$ export $(f)
$ urxvt

and in the urxvt window which opened:

john@raffles4:~$ echo $one
first
john@raffles4:~$ echo $two
second

...this was not in a vm btw.


...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), idle Twitterings and GitStuff )

Introduction to the Bunsenlabs Lithium Desktop

Offline

#62 2016-02-05 09:55:53

xaos52
The Good Doctor
From: Planet of the @pes
Registered: 2015-09-30
Posts: 695

Re: initializing gnome-keyring-daemon in autostart

Sorry to be dense, but I don't understand the need to do all this processing. Why not just feed the output of the gnome-keyring command directly to export?

If we set the variables spit out by gnome-keyring-daemon unconditionally, they will override the settings of ssh-agent and/or gnupg-agent and we will effectively be thrown back to the functionality offered by gnome-keyring in stead of the (more extensive) functionality offered by ssh-agent and/or gnupg-agent.

So, I don't do it unconditionally.
For each of the environment variables that is spit out by gkd, I first test if it was not set already, and only then do I export that variable.
Now if you can do that with less coding than I offered, I will be glad to buy you a pint. smile

Have you tried it? smile
Make sure you have ssh-agent enabled (in /etc/X11/Xsession.options), then feed the output of the gnome-keyring command directly to export.

The result is that SSH_AUTH_SOCK=/run/user/1000/keyring/ssh, the socket to communicate with gnome-keyring!

I just did that test to be absolutely sure, without any doubt whatsoever that what I am saying is true.

me@medion:~$ env| grep -iE 'ssh|gpg'
SSH_AGENT_PID=1478
GPG_AGENT_INFO=/run/user/1000/keyring/gpg:0:1
SSH_AUTH_SOCK=/run/user/1000/keyring/ssh

There you have it.
Both GPG and SSH agent functionality will be provided by keyring, though I have gpg-agent and gnupg-agent enabled.


Now for the case where my suggested code is used in openbox/environment, and ssh-agent and gnupg-agent are enabled, the  result is

me@medion:~$ env|grep -iE 'ssh|gpg'
SSH_AGENT_PID=2449
GPG_AGENT_INFO=/tmp/gpg-ez10gl/S.gpg-agent:2450:1
SSH_AUTH_SOCK=/tmp/ssh-09GCH3EOMcBj/agent.2421

Correct sockets to talk to ssh-agent and gnupg-agent.


Perhaps the most important point to note here, and it has not been mentioned earlier in this thread,  is the order in which the processes are started when bringing up the graphical environment.

Leaving out the details, it is:

lightdm
lightdm --session-child
gpg-agent
ssh-agent
openbox/environment
openbox itself
openbox/autostart

When entering openbox/environment ssh-agent and gpg-agent are running already and have already exported their environment variables. We should not overwrite them with the values that gkd (gnome-keyring-daemon) spits out.

Offline

#63 2016-02-06 04:50:55

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 6,789
Website

Re: initializing gnome-keyring-daemon in autostart

Actually, my proposal way back in post 10 was

johnraff wrote:

So I think if we're going to keep gnome-keyring, the way to initialize it in openbox/autostart might be:

export $(gnome-keyring-daemon --start --components=pkcs11,secrets)

Note the lack of a final ampersand, and use of export instead of eval.

Now it's become clear that if we want to export any variables then the place would have to be openbox/environment, but since I'm advocating not initializing ssh or gpg in gnome-keyring, then in fact nothing is output by the command, and the export becomes redundant. Reasons for omitting ssh and gpg here, which you agreed to in the next post.

So, I can see two options for the default BL setup:

  1. In openbox/autostart

    gnome-keyring-daemon --start --components=pkcs11,secrets
  2. In openbox/environment

    export $(gnome-keyring-daemon --start --components=pkcs11,secrets)

(The second option retains export just in case some enviroment variable for pkcs11 or secrets might be output in the future.)

1) Has the advantage of keeping the command in autostart along with everything else, easy for users to find.
2) Has the advantage that if a user wanted to activate gnome-keyring support for ssh or gpg they wouldn't need to move the command to another file, and add the exporting code.

I'm not necessarily convinced that in the case of starting gnome-keyring with (e.g.) ssh, but not disabling ssh-agent, then not exporting g-k's variable is all that would need to be done in order for it not to interfere with ssh-agent's (or gpg-agent's) work. Will they be happy with both running simultaneously?

That is, I think that if a user wanted to enable ssh or gpg in gnome-keyring they should also make sure that ssh-agent and/or gpg-agent were not being started. That would make the test for an environment variable from either of them unnecessary.

Last edited by johnraff (2016-02-06 05:14:00)


...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), idle Twitterings and GitStuff )

Introduction to the Bunsenlabs Lithium Desktop

Offline

#64 2016-02-06 16:37:35

xaos52
The Good Doctor
From: Planet of the @pes
Registered: 2015-09-30
Posts: 695

Re: initializing gnome-keyring-daemon in autostart

I did agree then and there, considering what I knew about the subject then.

We have three applications providing more or less the same functionality - and yes, it is the environment variables being set that determine which one is used.

Bunsenlabs as a distro can make its own choice of course, and your choice, John,  is an acceptable one, but being linux we should allow our users to make their own choice by documenting what the possibilities are and what needs to be changed to the default setup to honour that choice.

I suggest we take a time-out on this for the moment. smile

I for one am going to explore all possibilities further and come up with a list of viable alternatives from which to choose.

Offline

#65 2016-02-07 01:49:32

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 6,789
Website

Re: initializing gnome-keyring-daemon in autostart

xaos52 wrote:

...being linux we should allow our users to make their own choice by documenting what the possibilities are and what needs to be changed to the default setup to honour that choice.

I agree completely with this.

I for one am going to explore all possibilities further and come up with a list of viable alternatives from which to choose.

Thank you for this help!

Meanwhile, the current entry in openbox/autostart, provided by bunsen-configs is

eval $(gnome-keyring-daemon -s --components=pkcs11,secrets,ssh,gpg) &

which is clearly not going to work.
I suggest that the next upgrade of bunsen-configs contain this, in openbox/environment:

export $(gnome-keyring-daemon --start --components=pkcs11,secrets)

The export is redundant, but future modifications will be a bit simpler for users because the code is in the right file and the need to export variables is indicated.

This will probably be too late for the RC2 release (unless that is delayed for other reasons) but should be in time for the Main Release.

( The problem with upgrades to files in skel is that changes in $HOME need to be made voluntarily by existing users (quite rightly), although newly created users will get the new code right off. This means we have to get the settings in skel as solid as possible before releasing an .iso. )

Anyway, does the above code look like a reasonable compromise for now?

Meanwhile, agreed, let's think about it some more.

Last edited by johnraff (2016-02-07 02:09:23)


...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), idle Twitterings and GitStuff )

Introduction to the Bunsenlabs Lithium Desktop

Offline

#66 2016-02-07 07:03:09

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 6,789
Website

Re: initializing gnome-keyring-daemon in autostart

[a bit off-topic]
From the country with the best beer in the world, an irresistable challenge!

xaos52 wrote:

For each of the environment variables that is spit out by gkd, I first test if it was not set already, and only then do I export that variable.
Now if you can do that with less coding than I offered, I will be glad to buy you a pint. smile

But I was only able to make a tiny reduction in the code, at the expense of unnecessarily re-exporting variables that are already set.

## GNOME Keyring
# WARNING: interpreter is dash!
while read -r _line
do
    _var=${_line%=*}
    _value=${_line#*=}
    eval export \${$_var:=$_value}
done <<EOF
$(gnome-keyring-daemon --start --components=pkcs11,secrets,ssh,gpg)
EOF
unset _line _var _value

A half-pint? smile


...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), idle Twitterings and GitStuff )

Introduction to the Bunsenlabs Lithium Desktop

Offline

#67 2016-02-07 09:46:57

xaos52
The Good Doctor
From: Planet of the @pes
Registered: 2015-09-30
Posts: 695

Re: initializing gnome-keyring-daemon in autostart

^^ agreed (for now)

We should provide advice to the user on how to disable gnome-keyring-daemon altogether, without removing the package. Remember I was removing the package to do just that, as did Sector11 IIRC.
But hopefully now that they can store web page passwords, it will get more use
.
gnome-keyring-daemon now gets started at login by PAM services. This would probably be the best place to modify for NOT starting it.

^ The whole purpose of the exercise was to NOT overwrite environment variables already set.
You don't get half a pint for that.
And I don't want people  to  think I am the kind of person to deal out HALF pints. smile

Offline

#68 2016-02-07 17:10:52

xaos52
The Good Doctor
From: Planet of the @pes
Registered: 2015-09-30
Posts: 695

Re: initializing gnome-keyring-daemon in autostart

Please ignore this post completely.
It was written by my alter ego after a copious dinner with too much wine.
You don't check if a variable is set by checking the environment.

WARNING!
Run this script

#!/bin/sh
unset SSH_AUTH_SOCK GPG_AGENT_INFO
eval $(gnome-keyring-daemon)
env|grep -iE 'ssh|gpg'

and you can see that eval does not work here! The environment variables are not set!

Replace 'eval' by 'export' and it does work!

Could be this is a bug in gnome-keyring! Or perhaps gnome-keyring never advocated the use of 'eval', only 'export'?

It looks like gnome-keyring mimics the ssh-agent behaviour here, but ssh-agent spits out these variables:

SSH_AUTH_SOCK=/tmp/ssh-01gU1DW9YJpT/agent.1739; export SSH_AUTH_SOCK;
SSH_AGENT_PID=1740; export SSH_AGENT_PID;
echo Agent pid 1740;

(notice the export commands!) which eval can handle,

while gnome-keyring-daemon spits out

me@medion:~/tmp/today/quicktests$ gnome-keyring-daemon
SSH_AUTH_SOCK=/run/user/1000/keyring/ssh
GPG_AGENT_INFO=/run/user/1000/keyring/gpg:0:1

The 'export' command can handle this, but apparently the 'eval' command can not.

Conclusion:
Seems like the eval command we used in the past to start gnome-keyring-daemon either never worked or at some time in development of gnome-keyring stopped working.

Offline

#69 2016-02-08 02:58:38

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 6,789
Website

Re: initializing gnome-keyring-daemon in autostart

xaos52 wrote:

We should provide advice to the user on how to disable gnome-keyring-daemon altogether, without removing the package...
...gnome-keyring-daemon now gets started at login by PAM services. This would probably be the best place to modify for NOT starting it.

Modifying system files like /etc/pam.d/lightdm and /etc/pam.d/common-password would disable gnome-keyring for all users, in which case we might as well not install it. Would it not be enough simply to allow the first stage of the daemon startup to take place as normal, but not perform the necessary second stage, which is our line in openbox/environment?

If you google "disable gnome-keyring" you'll find the vast majority of cases is of people who want to disable ssh support, which we have already done. People who want it back can add ssh to the --components option, and ssh-agent's enviroment variable (if it exists) will be overwritten by gnome-keyring's.

^ The whole purpose of the exercise was to NOT overwrite environment variables already set.
You don't get half a pint for that.

But... but... if the variable is already set, then that construction does not change its value. The export is just re-flagging the variable as exported - redundant, but harmless, no? But never mind...


...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), idle Twitterings and GitStuff )

Introduction to the Bunsenlabs Lithium Desktop

Offline

#70 2016-02-08 17:42:14

xaos52
The Good Doctor
From: Planet of the @pes
Registered: 2015-09-30
Posts: 695

Re: initializing gnome-keyring-daemon in autostart

Seems like Ubuntu has struggled a bit with the same problem.
See this thread

Usage of upstart does trouble  the waters a bit (I have no experience with it at all).

If I understand correctly  their default setup is for gnome-keyring to handle all components (for 'simple' users). More advanced users are supposed to tick a box to start ssh and/or gnupg, which then overrides the 'simple' setup.

The default bl setup that you chose does the inverse. It favours the 'advanced' user setup for ssh (and gpg when the user chooses to install it), which covers all scenarios except that of a simple user disabling ssh-agent usage (by editing /etc/X11/Xsession.options)  to find out that he then has to edit openbox/environment as well to start the ssh component of gnome-keyring to be able  to cache his ssh key. But I suppose a user that does this can not be qualified as being 'simple'.

Offline

#71 2016-02-08 23:53:29

tknomanzr
BL Die Hard
From: Around the Bend
Registered: 2015-09-29
Posts: 1,029

Re: initializing gnome-keyring-daemon in autostart

I am a bit lost with this thread. However, I wanted to chime in here and point out that I just setup ssh-agent for github the other day. I can say 1.) I have not messed with the degault gnome-keyring settings as of yet and 2.) ssh-agent is definitely running and  I had no issued getting ssh to work with github via it. I don't know if that helps any or if I am missing something obvous that prompted this discussion.

However, setting up ssh-agent showed me the way around having to use ssh-pass with plain text passwords in some of my ssh scripts.

Offline

#72 2016-02-09 04:59:10

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 6,789
Website

Re: initializing gnome-keyring-daemon in autostart

This thread was a bit messy at first, but actually I don't think we have any major problems here now.

The CrunchBang Waldorf start-up command for gnome-keyring in ~/.config/openbox/autostart was broken for us, possibly even for Waldorf, but it's fixed in the lastest bunsen-configs, so should make it to RC2.

@xaos52 that Ubuntu problem was with upstart AFAIKS. With our manual startup (we don't even reference the files in /etc/xdg/autostart) it's very simple for us - and users - to start gnome-keyring with whatever components we want.

One question: is there any problem if ssh-agent is started but its SSH_AUTH_SOCK setting subsequently overwritten by a gnome-keyring which has been started with ssh enabled? (ie both running but the envvar pointing to gnome-keyring.) If there's no problem, then all a user who wanted to use gnome-keyring for ssh instead of ssh-agent would have to do, is add ssh to the --components in the startup command in openbox/environment. Disabling ssh-agent in /etc/X11/Xsession.options would be optional? (And would also be a system-wide change, enforced on all users.)

@tk what does 'echo $SSH_AUTH_SOCK' output? That would tell us if it's coming from ssh-agent or gnome-keyring. I suspect the former, though, because of those issues with the previous g-k startup command we were using.

NOTE
In contrast with ssh-agent, gpg-agent is not running by default, although it is installed in BL. There is little documentation but /etc/X11/Xsession.d/90gpg-agent implies that adding use-agent to ~/.gnupg/gpg.conf will start it. I've tried that, and sure enough got

john@bunsen:~$ echo $GPG_AGENT_INFO
/tmp/gpg-bxwM6w/S.gpg-agent:1611:1

However, it's not so simple: the gnupg documentation says

(gpg-agent) is automatically started on demand by gpg, gpgsm, gpgconf, or gpg-connect-agent. Thus there is no reason to start it manually.

Meanwhile, the Arch Wiki is somewhat ambivalent. (However they're talking about a newer version of gnupg than what we have.)

gpg-agent also has its own variation of ssh support.

So, for now let's leave gpg-agent to its own devices (not starting it) and let those users who want it, figure things out... tongue

Last edited by johnraff (2016-02-09 05:27:04)


...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), idle Twitterings and GitStuff )

Introduction to the Bunsenlabs Lithium Desktop

Offline

#73 2016-02-09 05:08:14

tknomanzr
BL Die Hard
From: Around the Bend
Registered: 2015-09-29
Posts: 1,029

Re: initializing gnome-keyring-daemon in autostart

tknomanzr@wtfbox-bl:~$ echo $SSH_AUTH_SOCK
/tmp/ssh-ZroeCR85XzmU/agent.1143

and the relevant portion from autostart

eval $(gnome-keyring-daemon -s --components=pkcs11,secrets,ssh,gpg) &

It does work. I pushed several commits to Github the other night with it setup. The whole subject does interest me, however, because I now see a way to avoid the security problems that using sshpass presents in my scripts. I am going to look into switching my systemd backup script, along with my sshfs script, which is also soon to be converted to autostart via systemd, over to using it. I was already thinking I needed an sha256 hash for the password anyway, but ssh-agent will be much better and I can update those posts to reflect using it.

Last edited by tknomanzr (2016-02-09 05:08:30)

Offline

#74 2016-02-09 05:15:26

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 6,789
Website

Re: initializing gnome-keyring-daemon in autostart

^OK that means you're using ssh-agent. gnome-keyring is being started but its ssh and/or gpg envvars aren't being exported. The ampersand at the end, and openbox/autostart's status as a child of the startup process, see to that. You might just as well replace that line with

gnome-keyring-daemon -s --components=pkcs11,secrets

for now, to keep things cleaner.


...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), idle Twitterings and GitStuff )

Introduction to the Bunsenlabs Lithium Desktop

Offline

#75 2016-02-09 05:27:08

tknomanzr
BL Die Hard
From: Around the Bend
Registered: 2015-09-29
Posts: 1,029

Re: initializing gnome-keyring-daemon in autostart

Ok will do. And hopefully in the next few days I will be able to figure out how to implement its usage in my scripts.

Offline

Board footer

Powered by FluxBB