You are not logged in.

#1 2015-10-06 17:17:28

hotty
Member
Registered: 2015-10-06
Posts: 11

Gnome Keyring Daemon stopped unlocking "login" keyring

About two weeks ago gnome-keyring stopped unlocking the "login"-keyring, in fact it does not show up at all in seahorse https://slimgr.com/images/2015/10/06/a5 … 31269e.png.  I can neither save any keys or passwords nor access them. However if I it kill with "killall gnome-keyring-daemon" suddenly my keyring appears although not unlocked. https://slimgr.com/images/2015/10/06/38 … cd05a9.png

I use i3 , started with startx, no login manager. gnome-keyring-daemon is started by pam and xinitrc (see https://wiki.archlinux.org/index.php/GN … sole_login).
Everything is up to date.

% ps aux | grep gnome-keyring
hotty     1787  0.0  0.0 352652  9216 ?        Sl   14:44   0:00 /usr/bin/gnome-keyring-daemon --daemonize --login

% ls -l /etc/xdg/autostart 
-rw-r--r-- 1 root root 8110 28. Sep 21:13 gnome-keyring-pkcs11.desktop
-rw-r--r-- 1 root root 7672 28. Sep 21:13 gnome-keyring-secrets.desktop
-rw-r--r-- 1 root root 6248 28. Sep 21:13 gnome-keyring-ssh.desktop

% gnome-keyring-daemon
SSH_AUTH_SOCK=/run/user/1000/keyring/ssh

% journalctl -a | grep gnome-keyring
The SSH agent was already initialized
gnome-keyring-daemon[1784]: The PKCS#11 component was already initialized
gnome-keyring-daemon[1784]: The Secret Service was already initialized
gnome-keyring-daemon[1784]: The SSH agent was already initialized
gnome-keyring-daemon[1784]: The SSH agent was already initialized
gnome-keyring-daemon[1784]: The Secret Service was already initialized
gnome-keyring-daemon[4251]: The SSH agent was already initialized

After nearly two weeks of searching and trying different stuff like adding lines to ~/.profile or .xsession or disable gnome-keyring in pam I'm not the wiser, what the issue is or how to even solve it.
Thinks I tried:

  • Removing gnome-keyring from pam

  • Uninstalling and Reinstalling gnome-keyring

  • Installing different versions of gnome-keyring and seahorse

  • Moving daemon-initialization from .xinitrc to .xsession, .i3/config, .bashrc and .profile

  • Killing gnome-keyring-daemon at login or startx

  • Replacing daemon with "gnome-keyring-daemon -r (...)"

I would be happy, if I could unlock the keyring manually but for that it has to show up in seahorse in the first place.

For anyone who could offer me some help, ideas or advice, I would be grateful.

Offline

#2 2015-11-10 12:37:19

jheller
Member
Registered: 2015-08-17
Posts: 14

Re: Gnome Keyring Daemon stopped unlocking "login" keyring

Same issue here, could not find a proper fix either. Are you on XFCE4 as well as me?

If I'm correctly interpreting my upgrade logs, the package gnome-keyring seems to have dropped support for XFCE when I upgraded from 3.16.0-1 to 1:3.18.3-1 , as I can find this in the logging:
    ==> The polkit-gnome agent is no longer autostarted by default
    except in GNOME Flashback.
    For Xfce, LXDE etc., lxsession is the suggested lightweight alternative.
    See https://wiki.archlinux.org/index.php/Po … ion_agents
    for more details.

Strange support was dropped though, as gnome-keyring is still required by XFCE4...

Offline

#3 2015-11-11 11:19:07

jheller
Member
Registered: 2015-08-17
Posts: 14

Re: Gnome Keyring Daemon stopped unlocking "login" keyring

After some poking around, when commenting out the pam_gnome_keyring entries in /etc/pam.d/lightdm, at least the login keyring is available again in Seahorse. Also, you get rid of the "Reading from keychain failed with error: 'No keychain service available'" from ownCloud client this way.

#%PAM-1.0
auth        include     system-login
#-auth       optional    pam_gnome_keyring.so
account     include     system-login
password    include     system-login
session     include     system-login
#-session    optional    pam_gnome_keyring.so auto_start

Something does not seem right yet in the standard system configuration.

Offline

#4 2015-11-12 00:15:53

hotty
Member
Registered: 2015-10-06
Posts: 11

Re: Gnome Keyring Daemon stopped unlocking "login" keyring

Instead of PAM I use a python-script to open the keyring

#!/usr/bin/python2

import gnomekeyring
gnomekeyring.unlock_sync('login', '<password>');

Change <password> to the keyring-password. Of course, this script should be saved in an encrypted home.
After weeks of searching and testing I'm just happy that it works somehow.

Offline

#5 2015-11-12 08:20:34

jheller
Member
Registered: 2015-08-17
Posts: 14

Re: Gnome Keyring Daemon stopped unlocking "login" keyring

Yes, thanks for the response! Without PAM -as far as I know now, you need to have an encrypted directory somewhere to hide your keyring password, if you care about it. 

Seems like your configuration differs from mine, as commenting out the keyring entries in PAM as explained in my previous post, there still an application that starts the genome-keyring in my case.

ps aux | grep gnome-keyring
userxxx    956  0.0  0.0 351032  7540 ?        SLl  08:14   0:00 /usr/bin/gnome-keyring-daemon --start --foreground --components=secrets

If I only knew which application now starts gnome-keyring if PAM is not doing it...

Offline

#6 2015-12-16 16:26:03

jheller
Member
Registered: 2015-08-17
Posts: 14

Re: Gnome Keyring Daemon stopped unlocking "login" keyring

Switched to Gnome, which "solved" the issue for me. No solution to date yet for Xfce4.

Offline

#7 2015-12-18 21:14:10

BjornA
Member
Registered: 2015-12-04
Posts: 5

Re: Gnome Keyring Daemon stopped unlocking "login" keyring

I don't know if something have been fixed recently but I tried the following today and it worked:
Tested under Arch(updated) with Cinnamon(no login manager) and XFCE(no login manager)

This requires that gnome-keyring and seahorse is installed.
As explained in the Arch-Wiki:

Add auth optional pam_gnome_keyring.so at the end of the auth section and session optional pam_gnome_keyring.so auto_start at the end of the session section in:
/etc/pam.d/login

#%PAM-1.0
 
 auth       required     pam_securetty.so
 auth       requisite    pam_nologin.so
 auth       include      system-local-login
 auth       optional     pam_gnome_keyring.so
 account    include      system-local-login
 session    include      system-local-login
 session    optional     pam_gnome_keyring.so        auto_start

Next, add password optional pam_gnome_keyring.so to the end of:
/etc/pam.d/passwd

#%PAM-1.0

 #password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
 #password	required	pam_unix.so sha512 shadow use_authtok
 password	required	pam_unix.so sha512 shadow nullok
 password	optional	pam_gnome_keyring.so

In .xinitrc after exec cinnamon-session or exec startxfce4 for example:
~/.xinitrc

..
eval $(/usr/bin/gnome-keyring-daemon --start --components=pkcs11,secrets,ssh)
export SSH_AUTH_SOCK

For Bash, add the following to the bottom of ~/.bash_profile

[[ -z $DISPLAY && $XDG_VTNR -eq 1 ]] && exec startx

When i login with this settings the keyring "Login" is automatically unlocked when I check in Passwords and Keys. I also made sure that "Login" is set as default in Passwords and Keys. Passwords stored for gmail for example in Chromium works as they should and are stored in the "Login" keyring.

Maybe this works because I recently installed the required packages. In an older installation where a lot of packages have been updated several times between versions something might have broke along the way.

Last edited by BjornA (2015-12-18 21:17:46)

Offline

#8 2015-12-19 00:50:04

wilberfan
Member
From: So. Cal
Registered: 2010-12-18
Posts: 264

Re: Gnome Keyring Daemon stopped unlocking "login" keyring

BjornA wrote:

I don't know if something have been fixed recently but I tried the following today and it worked:

Your suggested steps didn't work for me.  I even tried installing this patched gnome-keyring: https://bbs.archlinux.org/viewtopic.php … 0#p1587230  (Maybe that's addressing a different issue.)

Still no love.     I'm on an XFCE4 / updated arch desktop (32-bit).  LXDM login manager (although I tried it without the LXDM, too.)


Hey, be nice...I'm new at this!

Offline

#9 2015-12-20 11:04:35

BjornA
Member
Registered: 2015-12-04
Posts: 5

Re: Gnome Keyring Daemon stopped unlocking "login" keyring

Hmm It seems to be a related issue, can you check the output of:

ps aux | grep gnome-keyring
gnome-keyring-daemon
journalctl --since="24 hours ago" | grep -i gnome-keyring
pacman -Qe | grep 'gnome-keyring\|seahorse'

Also doublecheck the settings in:
/etc/pam.d/login
/etc/pam.d/passwd
~/.xinitrc

and that "Login" keyring is set as default in Passwords and Keys.

When a login manager is used it usually takes care of opening the keyring so the steps with pam and .xinitrc should only be needed when you are not using one. smile

Offline

#10 2015-12-21 17:14:52

wilberfan
Member
From: So. Cal
Registered: 2010-12-18
Posts: 264

Re: Gnome Keyring Daemon stopped unlocking "login" keyring

Well, this is embarrassing.  I'm auto-connecting just as I should be now.  Not sure what changed, other than I re-installed and reconfigured my vpn package from the AUR.  (I'm still using the patched gnome-keyring mentioned earlier.)

[edit]  I notice there's a new archlinux-keyring package available yesterday.  Do you think that would address any part of our situation, here?

Last edited by wilberfan (2015-12-21 17:20:04)


Hey, be nice...I'm new at this!

Offline

#11 2015-12-21 19:34:58

BjornA
Member
Registered: 2015-12-04
Posts: 5

Re: Gnome Keyring Daemon stopped unlocking "login" keyring

The archlinux-keyring is a dependancy of pacman and has to do with repositories and packages. It shouldn't affect our situation with gnome-keyring.

Great that it works now, interesting though why it didn't before, can you paste the output of the following commands:
That might give us some information we could use.

journalctl --since="72 hours ago" | grep -i gnome-keyring
pacman -Qe | grep 'gnome-keyring\|seahorse'

Offline

#12 2015-12-22 02:58:52

wilberfan
Member
From: So. Cal
Registered: 2010-12-18
Posts: 264

Re: Gnome Keyring Daemon stopped unlocking "login" keyring

BjornA wrote:

The archlinux-keyring is a dependancy of pacman and has to do with repositories and packages. It shouldn't affect our situation with gnome-keyring.

Great that it works now, interesting though why it didn't before, can you paste the output of the following commands:
That might give us some information we could use.

journalctl --since="72 hours ago" | grep -i gnome-keyring
pacman -Qe | grep 'gnome-keyring\|seahorse'

Here you go.  Hope this helps!

$ journalctl --since="72 hours ago" | grep -i gnome-keyring
Hint: You are currently not seeing messages from other users and the system.
      Users in groups 'adm', 'systemd-journal', 'wheel' can see all messages.
      Pass -q to turn off this notice.
Dec 19 16:21:48 arch32 gnome-keyring-daemon[768]: The SSH agent was already initialized
Dec 19 16:21:48 arch32 gnome-keyring-daemon[768]: The Secret Service was already initialized
Dec 19 16:21:48 arch32 gnome-keyring-daemon[768]: The PKCS#11 component was already initialized
Dec 19 16:21:58 arch32 gnome-keyring-daemon[768]: The Secret Service was already initialized
Dec 19 16:21:58 arch32 gnome-keyring-daemon[768]: The SSH agent was already initialized
Dec 19 16:21:58 arch32 gnome-keyring-daemon[768]: The PKCS#11 component was already initialized
Dec 20 18:30:05 arch32 gnome-keyring-daemon[882]: The SSH agent was already initialized
Dec 20 18:30:05 arch32 gnome-keyring-daemon[882]: The Secret Service was already initialized
Dec 20 18:30:05 arch32 gnome-keyring-daemon[882]: The PKCS#11 component was already initialized
Dec 20 18:30:15 arch32 gnome-keyring-daemon[882]: The Secret Service was already initialized
Dec 20 18:30:16 arch32 gnome-keyring-daemon[882]: The SSH agent was already initialized
Dec 20 18:30:16 arch32 gnome-keyring-daemon[882]: The PKCS#11 component was already initialized
Dec 21 08:21:15 arch32 gnome-keyring-daemon[790]: The SSH agent was already initialized
Dec 21 08:21:15 arch32 gnome-keyring-daemon[790]: The Secret Service was already initialized
Dec 21 08:21:15 arch32 gnome-keyring-daemon[790]: The PKCS#11 component was already initialized
Dec 21 08:21:25 arch32 gnome-keyring-daemon[790]: The Secret Service was already initialized
Dec 21 08:21:25 arch32 gnome-keyring-daemon[790]: The SSH agent was already initialized
Dec 21 08:21:25 arch32 gnome-keyring-daemon[790]: The PKCS#11 component was already initialized
Dec 21 08:58:48 arch32 gnome-keyring-daemon[531]: The SSH agent was already initialized
Dec 21 08:58:48 arch32 gnome-keyring-daemon[531]: The Secret Service was already initialized
Dec 21 08:58:48 arch32 gnome-keyring-daemon[531]: The PKCS#11 component was already initialized
Dec 21 08:58:58 arch32 gnome-keyring-daemon[531]: The Secret Service was already initialized
Dec 21 08:58:58 arch32 gnome-keyring-daemon[531]: The SSH agent was already initialized
Dec 21 08:58:58 arch32 gnome-keyring-daemon[531]: The PKCS#11 component was already initialized
Dec 21 09:59:19 arch32 gnome-keyring-daemon[523]: The SSH agent was already initialized
Dec 21 09:59:19 arch32 gnome-keyring-daemon[523]: The Secret Service was already initialized
Dec 21 09:59:19 arch32 gnome-keyring-daemon[523]: The PKCS#11 component was already initialized
Dec 21 09:59:29 arch32 gnome-keyring-daemon[523]: The Secret Service was already initialized
Dec 21 09:59:29 arch32 gnome-keyring-daemon[523]: The SSH agent was already initialized
Dec 21 09:59:29 arch32 gnome-keyring-daemon[523]: The PKCS#11 component was already initialized
Dec 21 18:48:51 arch32 gnome-keyring-daemon[526]: The SSH agent was already initialized
Dec 21 18:48:51 arch32 gnome-keyring-daemon[526]: The Secret Service was already initialized
Dec 21 18:48:51 arch32 gnome-keyring-daemon[526]: The PKCS#11 component was already initialized
Dec 21 18:49:01 arch32 gnome-keyring-daemon[526]: The Secret Service was already initialized
Dec 21 18:49:01 arch32 gnome-keyring-daemon[526]: The SSH agent was already initialized
Dec 21 18:49:01 arch32 gnome-keyring-daemon[526]: The PKCS#11 component was already initialized 
# pacman -Qe | grep 'gnome-keyring\|seahorse'
gnome-keyring 1:3.18.3-1
seahorse 3.18.0-1

Hey, be nice...I'm new at this!

Offline

#13 2015-12-23 18:42:46

BjornA
Member
Registered: 2015-12-04
Posts: 5

Re: Gnome Keyring Daemon stopped unlocking "login" keyring

Hmm we don't have that much information there I see that can give us more clues. Hopefully it will continue to work now, otherwise just post here and we can look more into it and maybe other people have ideas too with similar problems. smile

Offline

Board footer

Powered by FluxBB