Can't get gnome-keyring to work properly.

JontomXire · 2025-07-08 16:36:44

I am following the article at https://wiki.archlinux.org/title/GNOME/Keyring. I installed `gnome-keyring` and `libsecret`.

I skipped section 3 because I don't want to manage the keyring through the GUI.

In section 2 the article says "The gnome-keyring-daemon is automatically started via a systemd user service upon logging in. It can also be started upon request via a socket." I also am looking at the steps in section 5.1.

I enabled `gnome-keyring-daemon.service` because it didn't seem to have been done when I installed the package. `sudo systemctl enable gnome-keyring-daemon.service` failed so I did `sudo systemctl enable /usr/lib/systemd/user/gnome-keyring-daemon.service` which seemed to work. The equivalent socket unit seems to have already been enabled.

I then started gnome-keyring-daemon with `sudo systemctl start gnome-keyring-daemon.service`, and all seemed well, but `sudo systemctl status gnome-keyring-daemon.service` showed:

● gnome-keyring-daemon.service - GNOME Keyring daemon
     Loaded: loaded (/etc/systemd/system/gnome-keyring-daemon.service; enabled; preset: disabled)
     Active: active (running) since Tue 2025-07-08 17:02:49 BST; 31s ago
 Invocation: e37ccfb0c354461d9f905b09924835d2
TriggeredBy: ● gnome-keyring-daemon.socket
   Main PID: 3184 (gnome-keyring-d)
      Tasks: 5 (limit: 9190)
     Memory: 1.1M (peak: 2.1M)
        CPU: 10ms
     CGroup: /system.slice/gnome-keyring-daemon.service
             └─3184 /usr/bin/gnome-keyring-daemon --foreground --components=pkcs11,secrets --control-directory=/run/keyring

Jul 08 17:02:49 shikamaru systemd[1]: Started GNOME Keyring daemon.
Jul 08 17:02:49 shikamaru gnome-keyring-daemon[3184]: GNOME_KEYRING_CONTROL=/run/keyring
Jul 08 17:02:49 shikamaru gnome-keyring-daemon[3184]: couldn't connect to dbus session bus: Cannot autolaunch D-Bus without X11 $DISPLAY
Jul 08 17:02:49 shikamaru gnome-keyring-daemon[3184]: couldn't connect to dbus session bus: Cannot autolaunch D-Bus without X11 $DISPLAY
Jul 08 17:02:49 shikamaru gnome-keyring-d[3184]: couldn't connect to dbus session bus: Cannot autolaunch D-Bus without X11 $DISPLAY
Jul 08 17:02:49 shikamaru gnome-keyring-d[3184]: couldn't connect to dbus session bus: Cannot autolaunch D-Bus without X11 $DISPLAY

I am running xfce and I have "lightdm 1:1.32.0-6" and "lightdm-gtk-greeter 1:2.0.9-1" installed. X11 is most definitely running.

I read around a bit and tried doing `sudo systemctl enable dbus-broker.service` and `sudo systemctl start dbus-broker.service` and then stopped and started `gnome-keyring-daemon`, but I still have the same issue.

I did `sudo systemctl status dbus` and it seems to be running fine although there was one warning: "Activation request for 'org.freedesktop.home1' failed: The systemd unit 'dbus-org.freedesktop.home1.service' could not be found."

On a related note, I enabled `gcr-ssh-agent.socket` but starting fails, complaining "Socket service gcr-ssh-agent.service not loaded, refusing."

I enabled `/usr/lib/systemd/user/gcr-ssh-agent.service` then started `gcr-ssh-agent` and that seems to be running fine. I then tried to start `gcr-ssh-agent.socket` again, and it seemed to work, but status says "Failed to connect to user scope bus via local transport: $DBUS_SESSION_BUS_ADDRESS and $XDG_RUNTIME_DIR not defined (consider using --machine=<user>@.host --user to connect to bus of other user)". I think this is going back to the fact that the dbus service isn't starting properly.

What I am trying to achieve is what I get with XUbuntu on my work partition: The first time I use a git command that needs to access my private key, a dialog pops up asking for my password. After that time I never have to do anything with it again.

On my Windows system with MSys I added ssh-agent stuff to my bashrc, but it is a fricking nuisance. Every time I open a shell for an unrelated matter, I get asked for passwords for my keys. I want to be asked on first use and never again.

Once again I find myself wishing that the Arch Linux wiki was a bit more idiot friendly. Not that I am an idiot. But I have just finished an 8 hour day working on a ferociously complicated software project for a defence company where I have to manage a bunch of idiots to prevent them mangling the code base, and I just want something that works because I am mentally exhausted. Explanation is wonderful, but to just have a list of commands to type, or to have the packages automatically install and configure all the dependencies and themselves. The wiki article I linked above suggests that I should be modifying PAM config files and so on and so forth and I don't understand why the package installation doesn't just do that automatically. I have built Debian packages before and I know handling dependencies is non trivial, but other distributions manage auto-configuration so you just install a package and it all just works out of the box. Installing packages and getting them to work should not involve 6 hours of detective work!

Last edited by JontomXire (2025-07-08 17:14:43)

JontomXire · 2025-07-08 17:18:17

I just found on another post that `sudo systemctl --user enable <name>` should not be run as sudo.

When on the linked article it says to start a service, and that word "start" is a link, this subtlety of the `--user` option is COMPLETELY missed! If the articles just said something like "Run this command: systemctl --user enable gcr-ssh-agent.socket" instead of "Enable the gcr-ssh-agent.socket systemd user unit" then everything would be much better

Last edited by JontomXire (2025-07-08 17:22:34)

JontomXire · 2025-07-08 17:26:20

So. These commands are working much much better than previously:

systemctl --user enable gnome-keyring-daemon.socket
systemctl --user enable gnome-keyring-daemon.service
systemctl --user start gnome-keyring-daemon.service
systemctl --user status gnome-keyring-daemon.service
systemctl --user enable gcr-ssh-agent.service
systemctl --user start gcr-ssh-agent.service

All services start and run without any apparent errors.

Still not working though.

JontomXire · 2025-07-08 17:42:04

Section 5.1 of the aforementioned wiki page, step 3, states:

Manual configuration of SSH_AUTH_SOCK environment variable shall not be necessary, if gcr-ssh-agent.socket unit is active. The value of SSH_AUTH_SOCK environment variable shall be set to $XDG_RUNTIME_DIR/gcr/ssh after user logs out and logs in.

I logged out.

I logged in.

$ echo $SSH_AUTH_SOCK
/tmp/ssh-XXXXXXSXNEr9/agent.3756
$ echo $XDG_RUNTIME_DIR
/run/user/1000

The value of SSH_AUTH_SOCK environment variable WAS NOT set to $XDG_RUNTIME_DIR/gcr/ssh after I logged out and in. That wiki page is wrong.

So fed up. It appears that I am not the first person to have this problem (https://bbs.archlinux.org/viewtopic.php?id=292403) yet the wiki has not been updated.

So following that forum post, it suggested that ~/.xprofle should contain:

export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/gcr/ssh

It also suggested that that didn't solve the problem. So I tried setting my .xprofile up with that (should NOT be necessary to do per user configuration to get a package to work) and rebooted. Still didn't work. I tried manually running the `export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/gcr/ssh` and it worked fine so I am tempted to put it in my .bashrc, but that is not a proper solution. None of the other solutions in that post work.

Last edited by JontomXire (2025-07-08 18:03:28)

seth · 2025-07-08 20:59:07

1. please don't blog, edit your previous post to mend it if nobody has yet replied.
2. make sure to deactivate and stop the system-wide gcr sockets and services you enabled in your first post
Then check

find /etc/systemd -type l -exec test -f {} \; -print | awk -F'/' '{ printf ("%-40s | %s\n", $(NF-0), $(NF-1)) }' | sort -f

3. "/tmp/ssh-XXXXXXSXNEr9/agent.3756" sounds like you're running dbus-launch or dbus-session-run somewhere. Don't. It breaks the session integration.

loginctl session-status; ps aux | grep dbus

It btw. however actually doesn't matter where the socket is created, only that SSH_AUTH_SOCK actually points there (and not some void - if $XDG_RUNTIME_DIR/gcr/ssh doesn't exist, it won't help to )
4. fooling around w/ pam is optional so you won't have to type your password to unlock the keyring. It's also a great way to lock yourself out of the system, so I recommend not flailing around there until you're not exhausted or whatever it will take for you to structure your thoughts and not just mess around.
5.

What I am trying to achieve: The first time I use a git command that needs to access my private key, a dialog pops up asking for my password. After that time I never have to do anything with it again.

https://wiki.archlinux.org/title/GNOME/Keyring#SSH_keys - do you have gcr-4 ?
Also, just ftr: that has absolutely nothing to do w/ GKR itself, https://wiki.archlinux.org/title/SSH_keys#SSH_agents - it is *one* implementation of that.
And it seems not the one xfce defaults to (though idk that first hand, https://forum.xfce.org/viewtopic.php?pid=62752#p62752 )

Arch Linux

#1 2025-07-08 16:36:44

Can't get gnome-keyring to work properly.

#2 2025-07-08 17:18:17

Re: Can't get gnome-keyring to work properly.

#3 2025-07-08 17:26:20

Re: Can't get gnome-keyring to work properly.

#4 2025-07-08 17:42:04

Re: Can't get gnome-keyring to work properly.

#5 2025-07-08 20:59:07

Re: Can't get gnome-keyring to work properly.

Board footer