D-Bus Service – Modify Exec Line Without Losing Changes on Upgrade

d-busgnome-keyring

I'm facing a ugly problem with my system. my login manager (LightDM) is starting gnome-keyring-daemon at login successfully and unlocking my keyring as it should (EDIT: Everything via PAM).

The thing is, I get gnome-keyring-daemon started with just one component: secrets, but I need all these: pkcs11, secrets, ssh, and gpg. I don't know why the latter is not the default, I neither know if I should report this to the package maintainer.

The file /usr/share/dbus-1/services/org.freedesktop.secrets.service defines how gnome-keyring-daemon should run:

[D-BUS Service]
Name=org.freedesktop.secrets
Exec=/usr/bin/gnome-keyring-daemon --start --foreground --components=secrets

I could just edit it on Emacs and problem solved, but, that's dirty and my changes will be gone for the next upgrade of the gnome-keyring package.

So, the question is: How do I change the Exec line of that service while preventing this to be lost in the next system upgrade? Is there a way to enable custom services and disable those services that comes by default?

The relevant packages and their versions installed on my system.

$ LC_ALL=C pacman -Qi dbus gnome-keyring lightdm | egrep "(Name|Version)"
Name           : dbus
Version        : 1.8.8-1
Name           : gnome-keyring
Version        : 3.12.2-1
Name           : lightdm
Version        : 1:1.12.0-1

Best Answer

Ok, I found a way to solve this issue. This not address my question directly, but solves the issue that pushed me to ask here.

The problem

as it was, gnome-keyring wasn't unlocking my GPG keys, so I was asked for the password of my GPG key every time I login (because Emacs reads a .gpg file for configuration), all my passwords were available after login so offlineimap didn't complain about don't be able to get the passwords of my e-mail account at all when working.

I tried then to start gnome-keyring-daemon from the .xprofile (which is read by LightDM, other DM may read different files) in this way:

#!/bin/bash

eval $(gnome-keyring-daemon --start --components=gpg,pkcs11,secrets,ssh)
export GPG_AGENT_INFO SSH_AUTH_SOCK

After rebooting (I like this best than logout and login again) and login, I wasn't asked for my GPG key password, however offlineimap was complaining about not being able to get the passwords of my e-mail accounts. Running seahorse I notice that there is no Passwords section.

The solution

After fighting for few hours and trying many different combinations (one of them, showing the Passwords section but with the folder Login locked!) I found out what was the correct solution:

#!/bin/bash

source /etc/X11/xinit/xinitrc.d/30-dbus  # You need a dbus session, duh
eval $(gnome-keyring-daemon --start --components=gpg,pkcs11,secrets,ssh)
export GPG_AGENT_INFO SSH_AUTH_SOCK

Done. problem solved. el es fin, muchachos.

EDIT: Beware, your gnome-keyring-daemon may issue more environment variables for you to export. To be sure you don't need more than GPG_AGENT_INFO or SSH_AUTH_SOCK run gnome-keyring-daemon --start --components=gpg,pkcs11,secrets,ssh from your shell and add more variables to export sentence according.

Please note that LightDM is still starting gnome-keyring-daemon thanks to its PAM configuration and I wouldn't recommend you to change such configuration. However, if you find yourself inserting your password after login to unlock something on gnome-keyring, it might be because LightDM is not providing your password to it. I did this addition to LightDM PAM module /etc/pam.d/lightdm:

auth       optional    pam_gnome_keyring.so try_first_pass

The addition was the try_first_pass thing (reading The Linux-PAM System Administrators' Guide is not a bad idea), in my system LightDM don't have that parameter included.

This is how I solved my problem with Gnome Keyring!

Related Solutions

Linux – dbus-launch terminated abnormally with the following error: No protocol specified

Try:

export $(dbus-launch)

and then try any dbus based commands.

What is the difference between exec and dbus-launch

dbus-launch is DBus-related. exec is a shell built-in. See their manpages/help pages:

dbus-launch - Utility to start a message bus from a shell script.
exec - Replace the shell with the given command.

So... they basically do two different things... While both are expected to start program p passed as a parameter, you can read that in the case of dbus-launch, a few other things are done first:

You may specify a program to be run; in this case, dbus-launch will launch a session bus instance, set the appropriate environment variables so the specified program can find the bus, and then execute the specified program, with the specified arguments.

In this case, a DBus daemon instance is created prior to creating the process, and it should be running a secondary session bus, which is made available to the child process through environment variables.

Also note that in the case of exec, the current shell is replaced by a new program. dbus-launch will not replace the shell, and nor will the program you start alongside the daemon.