Looks like we need a gnome-keyring package with https://gitlab.gnome.org/GNOME/gnome-keyring/commit/35a01f8c6eaf3c991aaeb3f66449f41d3f0580bc to prevent issues like https://forums.gentoo.org/viewtopic-t-1082598-postdays-0-postorder-asc-start-0.html
gnome-keyring % git tag --contains=35a01f8c6eaf3c991aaeb3f66449f41d3f0580bc 3.27.4 3.27.92 3.28.0 3.28.0.1 3.28.0.2 3.28.2 Ugh.
*** Bug 659198 has been marked as a duplicate of this bug. ***
People can help by testing this (and only this, or whatever else is needed together with mentioning it here) locally within an otherwise GNOME 3.24 environment. If that goes well, hopefully we can add the 3.28.2 version immediately, without rest of gnome 3.28.
(In reply to Mart Raudsepp from comment #3) > People can help by testing this (and only this, or whatever else is needed > together with mentioning it here) locally within an otherwise GNOME 3.24 > environment. If that goes well, hopefully we can add the 3.28.2 version > immediately, without rest of gnome 3.28. Is there going to be a 3.28 ebuild somewhere like https://gitweb.gentoo.org/proj/gnome.git/tree/gnome-base/gnome-keyring any time soon?
(In reply to Mart Raudsepp from comment #3) > People can help by testing this (and only this, or whatever else is needed > together with mentioning it here) locally within an otherwise GNOME 3.24 > environment. If that goes well, hopefully we can add the 3.28.2 version > immediately, without rest of gnome 3.28. gnome-keyring-3.28 have issues with out pambase (bug 652194). Everything else is fine.
What's the actual issue here besides a warning?
Looks like with stricter servers one can't login with gnome-keyring ssh agent cache, I just am not trying such servers?
> Looks like with stricter servers one can't login with gnome-keyring ssh agent cache, I just am not trying such servers? I have yet to be denied anywhere, thus far it's been just the warning noise pollution.
This happens with active gnome-keyring an gentoo server with openssh. warning: agent returned different signature type ssh-rsa (expected rsa-sha2-512) Permission denied (publickey). I have to kill gnome-keyring every time and then try again before it restarts it self.
For me often gnome-keyring ssh component doesn't even run with the old version, probably because of: gnome-session[2141]: gnome-session-binary[2141]: WARNING: Could not parse desktop file gnome-keyring-ssh.desktop or it references a not found TryExec binary Yet the desktop file looks just fine to me..
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4138c5bd17d07f859fbf5dec6b1c338f510a463e commit 4138c5bd17d07f859fbf5dec6b1c338f510a463e Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2018-09-22 19:46:49 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2018-09-22 19:46:49 +0000 gnome-base/gnome-keyring: bump to 3.28.2 Bug: https://bugs.gentoo.org/658646 Package-Manager: Portage-2.3.49, Repoman-2.3.10 gnome-base/gnome-keyring/Manifest | 1 + .../gnome-keyring/gnome-keyring-3.28.2.ebuild | 79 ++++++++++++++++++++++ 2 files changed, 80 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=efcbd4017c4047428b2813509cded359158f4156 commit efcbd4017c4047428b2813509cded359158f4156 Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2018-09-22 19:42:51 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2018-09-22 19:45:27 +0000 app-crypt/gcr: bump to 3.28.0 Bug: https://bugs.gentoo.org/658646 Package-Manager: Portage-2.3.49, Repoman-2.3.10 app-crypt/gcr/Manifest | 1 + app-crypt/gcr/gcr-3.28.0.ebuild | 78 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+)
Please test these bumps (with USE=ssh-agent kept enabled), especially on stable systems with just gcr and gnome-keyring from ~arch. So we know if it's safe to fast-stabilize these in a week or so.
The update to gnome-keyring-3.28.2 (and anything >=3.27.2) breaks the automatic unlocking of the keyring password. Previously, I simply needed to type my password at login time, and the keyring was automatically unlocked with it. Now, I am asked immediatly after login in again for the password to unlock the keyring I have seen this was introduced in 3.27.2 due to this fix: https://bugzilla.gnome.org/show_bug.cgi?id=781486 And, indeed, simply reversing this patch: https://gitlab.gnome.org/GNOME/gnome-keyring/commit/9db67ef6e39ac51d426dee91da3b9305670241e6 Makes it work again. But I don't know what have changed in other involved parties in recent gnome versions to not get into this issue (I have checked gdm and libsecret commits for that days without success)
(In reply to Pacho Ramos from comment #13) > The update to gnome-keyring-3.28.2 (and anything >=3.27.2) breaks the > automatic unlocking of the keyring password. Previously, I simply needed to > type my password at login time, and the keyring was automatically unlocked > with it. Now, I am asked immediatly after login in again for the password to > unlock the keyring > > I have seen this was introduced in 3.27.2 due to this fix: > https://bugzilla.gnome.org/show_bug.cgi?id=781486 I observed this breakage too after re-login, but it's just a double entering of password in practice, as far as I can see. This seems like bug 652194. Meanwhile it feels like it's better to 1) have working login against certain server without having to USE=-ssh-agent; 2) have more secure password handling, as that upstream bug suggests this patch in 3.27.2 was with security implications (improving it).
Personally I would reverse the patch to not push now all the users to need to type the passwords two times on every login I will check anyway the pambase bug to see if it can be solved there
It works with fixed pambase... I would then simply stabilize the three packages soon
gnome-keyring-3.28.2 + pambase-20150213-r1 seem to be operating nicely here. Bug title warning has disappeared, and keyring unlock on login seemed to work.
The same for me, I think we can CC arches finally
x86 stable
ppc64 stable
ia64 stable
amd64 stable
(In reply to Pacho Ramos from comment #16) > It works with fixed pambase... I would then simply stabilize the three > packages soon On Xfce automatic unlocking no longer works after updaing pambase and gnome-keyring. Is this expected?
gnome-keyring-3.28.2 fails tests on ppc due to bug #671958. Not good but no regression over gnome-keyring-3.20.1.
arm64 stable
alpha stable
s390 stable
arm stable
An automated check of this bug failed - the following atom is unknown: sys-auth/pambase-20150213-r2 Please verify the atom list.
An automated check of this bug succeeded - the previous repoman errors are now resolved.
dropping m68k/sh as they are not in the stabilization list (and i assume they were never intended to be stabilized)
ppc and sparc got done from a newer collection bug too
Closing as this is still requested in bug 685254 anyways for hppa
