Summary: | =dev-libs/glib-2.70.0 breaks gnome-keyring-daemon which does not list the 'Passwords' store anymore | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Nikolay Kichukov <hjckr> |
Component: | Current packages | Assignee: | Gentoo Linux Gnome Desktop Team <gnome> |
Status: | UNCONFIRMED --- | ||
Severity: | normal | CC: | b4b1, venerix |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://gitlab.gnome.org/GNOME/gnome-keyring/-/issues/77 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Nikolay Kichukov
2021-09-27 13:41:17 UTC
Installing =dev-libs/glib-2.70.0 with recompiled sys-apps/dbus[+user-session] does not fix the problem on openRC system. same problem, temporarily downgrade glib and glib-networking helps me. Please try USE=-caps on gnome-keyring only and report back. If that helps, I think we can just remove the USE flag to match what Fedora did to fix this, but I can't test tonight myself. Recompiling gnome-keyring with USE=-caps fixes the issue for me. Recompiling gnome-keyring with USE=-caps helps me. thanks. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2a3e929650d327c5f57ec2f646b1cb749d60843 commit c2a3e929650d327c5f57ec2f646b1cb749d60843 Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2021-09-29 12:11:13 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2021-09-29 12:11:13 +0000 gnome-base/gnome-keyring: drop IUSE=caps for compat with glib-2.70 Always disable libcap-ng dependency. Drop cap_ipc_lock capability setting that was needed for libcap-ng case, but does not work right with glib-2.70 stricter security checks. This unbreaks the dbus service when ran with glib-2.70 or later. This matches what was done in Fedora and Debian for the time being (they had always built with our equivalent of USE=caps) to fix the compatibility. There must be enough memlock limit (RLIMIT_MEMLOCK) for this to work afterwards, however when it doesn't, it fallbacks to arguably less secure malloc (the memory could be swapped out) and doesn't lose actual functionality. This was the case already with larger keyrings, and thus not a security regression in practice. If you want extra security, encrypt your swap. Further technical details were discussed in: https://gitlab.gnome.org/GNOME/gnome-keyring/-/issues/77 https://gitlab.gnome.org/GNOME/gnome-keyring/-/merge_requests/41 https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1862 https://gitlab.gnome.org/GNOME/glib/-/issues/2316 Bug: https://bugs.gentoo.org/815154 Package-Manager: Portage-3.0.20, Repoman-3.0.2 Signed-off-by: Mart Raudsepp <leio@gentoo.org> .../gnome-keyring/gnome-keyring-40.0-r1.ebuild | 79 ++++++++++++++++++++++ 1 file changed, 79 insertions(+) Thanks, the new -r1 ebuild works here too. I have struggled with evolution that couldn't connect to gnome-keyring and finally go the way to downgrade glib and glib-networking and that solve it. I decide to open a bug and finish here ! So I go to full upgrade with gnome-keyring-40.0-r1.ebuild and I confirm that is working like a charm. Thanks ! After upgrading to gnome-keyring-40.0-r1.ebuild,
my keyring stopped working. I now get from gnome-keyring-daemon:
> gnome-keyring-daemon[14275]: Couldn't connect to session bus: Cannot spawn a message bus when setuid
Any hint, I can do against that?
Got it working with setcap -r /usr/bin/gnome-keyring-daemon But why is /usr/bin/gnome-keyring-daemon setcap? I thought the caps useflag has been removed. |