I'm facing a ugly problem with my system. my login manager (LightDM) is starting gnome-keyring-daemon at login successfully and unlocking my keyring as it should (EDIT: Everything via PAM).
The thing is, I get gnome-keyring-daemon started with just one component: secrets
, but I need all these: pkcs11
, secrets
, ssh
, and gpg
. I don't know why the latter is not the default, I neither know if I should report this to the package maintainer.
The file /usr/share/dbus-1/services/org.freedesktop.secrets.service
defines how gnome-keyring-daemon should run:
[D-BUS Service]
Name=org.freedesktop.secrets
Exec=/usr/bin/gnome-keyring-daemon --start --foreground --components=secrets
I could just edit it on Emacs and problem solved, but, that's dirty and my changes will be gone for the next upgrade of the gnome-keyring package.
So, the question is: How do I change the Exec
line of that service while preventing this to be lost in the next system upgrade? Is there a way to enable custom services and disable those services that comes by default?
The relevant packages and their versions installed on my system.
$ LC_ALL=C pacman -Qi dbus gnome-keyring lightdm | egrep "(Name|Version)"
Name : dbus
Version : 1.8.8-1
Name : gnome-keyring
Version : 3.12.2-1
Name : lightdm
Version : 1:1.12.0-1
Best Answer
Ok, I found a way to solve this issue. This not address my question directly, but solves the issue that pushed me to ask here.
The problem
as it was, gnome-keyring wasn't unlocking my GPG keys, so I was asked for the password of my GPG key every time I login (because Emacs reads a .gpg file for configuration), all my passwords were available after login so offlineimap didn't complain about don't be able to get the passwords of my e-mail account at all when working.
I tried then to start gnome-keyring-daemon from the
.xprofile
(which is read by LightDM, other DM may read different files) in this way:After rebooting (I like this best than logout and login again) and login, I wasn't asked for my GPG key password, however offlineimap was complaining about not being able to get the passwords of my e-mail accounts. Running seahorse I notice that there is no Passwords section.
The solution
After fighting for few hours and trying many different combinations (one of them, showing the Passwords section but with the folder Login locked!) I found out what was the correct solution:
Done. problem solved. el es fin, muchachos.
EDIT: Beware, your gnome-keyring-daemon may issue more environment variables for you to export. To be sure you don't need more than
GPG_AGENT_INFO
orSSH_AUTH_SOCK
rungnome-keyring-daemon --start --components=gpg,pkcs11,secrets,ssh
from your shell and add more variables toexport
sentence according.Please note that LightDM is still starting gnome-keyring-daemon thanks to its PAM configuration and I wouldn't recommend you to change such configuration. However, if you find yourself inserting your password after login to unlock something on gnome-keyring, it might be because LightDM is not providing your password to it. I did this addition to LightDM PAM module
/etc/pam.d/lightdm
:The addition was the
try_first_pass
thing (reading The Linux-PAM System Administrators' Guide is not a bad idea), in my system LightDM don't have that parameter included.This is how I solved my problem with Gnome Keyring!