Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 671132

Summary: =sys-auth/pambase-20201013 no longer allows unlocking gnome-base/gnome-keyring after login
Product: Gentoo Linux Reporter: Gleb <kirokko+gentoo>
Component: Current packagesAssignee: Mikle Kolyada (RETIRED) <zlogene>
Status: RESOLVED FIXED    
Severity: normal CC: alexander, pam-bugs+disabled, sam
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: emerge --info

Description Gleb 2018-11-14 13:53:05 UTC
Created attachment 555088 [details]
emerge --info

Since update =sys-auth/pambase-20150213-r2 was introduced, automatic unlocking of gnome-keyring storage doesn't work anymore.

gnome-base/gnome-keyring is version 3.28.2.

Other components:
- lightdm (stable)
- xfce (stable)
- consolekit.

Downgrading pambase to a previous stable resolves the problem.
Comment 1 Alexander Tsoy 2019-03-23 00:06:24 UTC
Support for gnome-keyring should be added to lightdm package. See bug 652194 for more info.
Comment 2 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2020-08-04 14:39:34 UTC
Test again, it must work now for a long time.
Comment 3 Gleb 2020-10-20 14:23:31 UTC
It doesn't work with pambase-20201013

If add:
auth       optional     pam_gnome_keyring.so
session    optional     pam_gnome_keyring.so auto_start

Then it works.
Comment 4 Gleb 2020-10-20 14:24:14 UTC
If I add these two lines to /etc/pam.d/lightdm, then it works:
auth       optional     pam_gnome_keyring.so
session    optional     pam_gnome_keyring.so auto_start
Comment 5 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2020-10-20 14:33:03 UTC
we do not ship this module by default un xdm.
Comment 6 Gleb 2020-10-20 14:34:34 UTC
Previously you claimed "it must work now for a long time."

I don't unerstand how it can be resolved if it is not.
Comment 7 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2020-10-20 14:35:23 UTC
that is pambase irrelevant, it has been fixed in lightdm
Comment 8 Gleb 2020-10-20 14:36:38 UTC
The problem is not fixed. I have stable lightdm and pambase and unlocking does not work.

If it is not about pambase, then I can rename this ticket, but closing it does not fix the problem.
Comment 9 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2020-10-20 14:37:59 UTC
(In reply to Gleb from comment #8)
> The problem is not fixed. I have stable lightdm and pambase and unlocking
> does not work.
> 
> If it is not about pambase, then I can rename this ticket, but closing it
> does not fix the problem.

no, it works, configuration you provided in comment#4 is simply wrong.
Comment 10 Gleb 2020-10-20 14:39:11 UTC
If I don't have this configuration, then it does not work.
Comment 11 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2020-10-20 14:45:43 UTC
(In reply to Gleb from comment #10)
> If I don't have this configuration, then it does not work.

As I said above I do not take responsibility for lightdm's pam file, it only inherits pambase's files but has nothing to do with pambase itself (because pambase is correct here). You take responsibility for what you are putting into your configuration of lightdm.
Comment 12 Gleb 2020-10-20 14:50:08 UTC
OK, I have removed these two files from lightdm.

I have default config files for all files in /etc/pam.d/

Unlocking gnome keyring does not work with DEFAULT (I REPEAT - DEFAULT CONFIG FILES). This is what I get after I login:
https://imgur.com/uj1dGIf.png

If this problem is not about pambase, then you can reassing this ticket and I will rename it and remove pambase from the title. But the problem is not fixed.
Comment 13 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2020-10-20 14:53:53 UTC
(In reply to Gleb from comment #12)
> OK, I have removed these two files from lightdm.
> 
> I have default config files for all files in /etc/pam.d/
> 
> Unlocking gnome keyring does not work with DEFAULT (I REPEAT - DEFAULT
> CONFIG FILES). This is what I get after I login:
> https://imgur.com/uj1dGIf.png
> 
> If this problem is not about pambase, then you can reassing this ticket and
> I will rename it and remove pambase from the title. But the problem is not
> fixed.

Again, it will not work for you out of box with lightdm, so yes, it does not work with the default config and has never been, you need to modify /etc/pam.d/lightdm on your own.
Comment 14 Gleb 2020-10-20 15:06:58 UTC
Can it be added to gentoo so users don't need to change files on their own? For example, can it be added to lightdm package?

/etc/pam.d/lightdm is installed with lightdm package, and other distros include their own configuration (Arch does that).
Comment 15 Alexander Tsoy 2020-10-26 19:36:02 UTC
(In reply to Gleb from comment #14)
See bug #751388