You are not logged in.
About two weeks ago gnome-keyring stopped unlocking the "login"-keyring, in fact it does not show up at all in seahorse https://slimgr.com/images/2015/10/06/a5 … 31269e.png. I can neither save any keys or passwords nor access them. However if I it kill with "killall gnome-keyring-daemon" suddenly my keyring appears although not unlocked. https://slimgr.com/images/2015/10/06/38 … cd05a9.png
I use i3 , started with startx, no login manager. gnome-keyring-daemon is started by pam and xinitrc (see https://wiki.archlinux.org/index.php/GN … sole_login).
Everything is up to date.
% ps aux | grep gnome-keyring
hotty 1787 0.0 0.0 352652 9216 ? Sl 14:44 0:00 /usr/bin/gnome-keyring-daemon --daemonize --login
% ls -l /etc/xdg/autostart
-rw-r--r-- 1 root root 8110 28. Sep 21:13 gnome-keyring-pkcs11.desktop
-rw-r--r-- 1 root root 7672 28. Sep 21:13 gnome-keyring-secrets.desktop
-rw-r--r-- 1 root root 6248 28. Sep 21:13 gnome-keyring-ssh.desktop
% gnome-keyring-daemon
SSH_AUTH_SOCK=/run/user/1000/keyring/ssh
% journalctl -a | grep gnome-keyring
The SSH agent was already initialized
gnome-keyring-daemon[1784]: The PKCS#11 component was already initialized
gnome-keyring-daemon[1784]: The Secret Service was already initialized
gnome-keyring-daemon[1784]: The SSH agent was already initialized
gnome-keyring-daemon[1784]: The SSH agent was already initialized
gnome-keyring-daemon[1784]: The Secret Service was already initialized
gnome-keyring-daemon[4251]: The SSH agent was already initialized
After nearly two weeks of searching and trying different stuff like adding lines to ~/.profile or .xsession or disable gnome-keyring in pam I'm not the wiser, what the issue is or how to even solve it.
Thinks I tried:
Removing gnome-keyring from pam
Uninstalling and Reinstalling gnome-keyring
Installing different versions of gnome-keyring and seahorse
Moving daemon-initialization from .xinitrc to .xsession, .i3/config, .bashrc and .profile
Killing gnome-keyring-daemon at login or startx
Replacing daemon with "gnome-keyring-daemon -r (...)"
I would be happy, if I could unlock the keyring manually but for that it has to show up in seahorse in the first place.
For anyone who could offer me some help, ideas or advice, I would be grateful.
Offline
Same issue here, could not find a proper fix either. Are you on XFCE4 as well as me?
If I'm correctly interpreting my upgrade logs, the package gnome-keyring seems to have dropped support for XFCE when I upgraded from 3.16.0-1 to 1:3.18.3-1 , as I can find this in the logging:
==> The polkit-gnome agent is no longer autostarted by default
except in GNOME Flashback.
For Xfce, LXDE etc., lxsession is the suggested lightweight alternative.
See https://wiki.archlinux.org/index.php/Po … ion_agents
for more details.
Strange support was dropped though, as gnome-keyring is still required by XFCE4...
Offline
After some poking around, when commenting out the pam_gnome_keyring entries in /etc/pam.d/lightdm, at least the login keyring is available again in Seahorse. Also, you get rid of the "Reading from keychain failed with error: 'No keychain service available'" from ownCloud client this way.
#%PAM-1.0
auth include system-login
#-auth optional pam_gnome_keyring.so
account include system-login
password include system-login
session include system-login
#-session optional pam_gnome_keyring.so auto_start
Something does not seem right yet in the standard system configuration.
Offline
Instead of PAM I use a python-script to open the keyring
#!/usr/bin/python2
import gnomekeyring
gnomekeyring.unlock_sync('login', '<password>');
Change <password> to the keyring-password. Of course, this script should be saved in an encrypted home.
After weeks of searching and testing I'm just happy that it works somehow.
Offline
Yes, thanks for the response! Without PAM -as far as I know now, you need to have an encrypted directory somewhere to hide your keyring password, if you care about it.
Seems like your configuration differs from mine, as commenting out the keyring entries in PAM as explained in my previous post, there still an application that starts the genome-keyring in my case.
ps aux | grep gnome-keyring
userxxx 956 0.0 0.0 351032 7540 ? SLl 08:14 0:00 /usr/bin/gnome-keyring-daemon --start --foreground --components=secrets
If I only knew which application now starts gnome-keyring if PAM is not doing it...
Offline
Switched to Gnome, which "solved" the issue for me. No solution to date yet for Xfce4.
Offline
I don't know if something have been fixed recently but I tried the following today and it worked:
Tested under Arch(updated) with Cinnamon(no login manager) and XFCE(no login manager)
This requires that gnome-keyring and seahorse is installed.
As explained in the Arch-Wiki:
Add auth optional pam_gnome_keyring.so at the end of the auth section and session optional pam_gnome_keyring.so auto_start at the end of the session section in:
/etc/pam.d/login
#%PAM-1.0
auth required pam_securetty.so
auth requisite pam_nologin.so
auth include system-local-login
auth optional pam_gnome_keyring.so
account include system-local-login
session include system-local-login
session optional pam_gnome_keyring.so auto_start
Next, add password optional pam_gnome_keyring.so to the end of:
/etc/pam.d/passwd
#%PAM-1.0
#password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
#password required pam_unix.so sha512 shadow use_authtok
password required pam_unix.so sha512 shadow nullok
password optional pam_gnome_keyring.so
In .xinitrc after exec cinnamon-session or exec startxfce4 for example:
~/.xinitrc
..
eval $(/usr/bin/gnome-keyring-daemon --start --components=pkcs11,secrets,ssh)
export SSH_AUTH_SOCK
For Bash, add the following to the bottom of ~/.bash_profile
[[ -z $DISPLAY && $XDG_VTNR -eq 1 ]] && exec startx
When i login with this settings the keyring "Login" is automatically unlocked when I check in Passwords and Keys. I also made sure that "Login" is set as default in Passwords and Keys. Passwords stored for gmail for example in Chromium works as they should and are stored in the "Login" keyring.
Maybe this works because I recently installed the required packages. In an older installation where a lot of packages have been updated several times between versions something might have broke along the way.
Last edited by BjornA (2015-12-18 21:17:46)
Offline
I don't know if something have been fixed recently but I tried the following today and it worked:
Your suggested steps didn't work for me. I even tried installing this patched gnome-keyring: https://bbs.archlinux.org/viewtopic.php … 0#p1587230 (Maybe that's addressing a different issue.)
Still no love. I'm on an XFCE4 / updated arch desktop (32-bit). LXDM login manager (although I tried it without the LXDM, too.)
Hey, be nice...I'm new at this!
Offline
Hmm It seems to be a related issue, can you check the output of:
ps aux | grep gnome-keyring
gnome-keyring-daemon
journalctl --since="24 hours ago" | grep -i gnome-keyring
pacman -Qe | grep 'gnome-keyring\|seahorse'
Also doublecheck the settings in:
/etc/pam.d/login
/etc/pam.d/passwd
~/.xinitrc
and that "Login" keyring is set as default in Passwords and Keys.
When a login manager is used it usually takes care of opening the keyring so the steps with pam and .xinitrc should only be needed when you are not using one.
Offline
Well, this is embarrassing. I'm auto-connecting just as I should be now. Not sure what changed, other than I re-installed and reconfigured my vpn package from the AUR. (I'm still using the patched gnome-keyring mentioned earlier.)
[edit] I notice there's a new archlinux-keyring package available yesterday. Do you think that would address any part of our situation, here?
Last edited by wilberfan (2015-12-21 17:20:04)
Hey, be nice...I'm new at this!
Offline
The archlinux-keyring is a dependancy of pacman and has to do with repositories and packages. It shouldn't affect our situation with gnome-keyring.
Great that it works now, interesting though why it didn't before, can you paste the output of the following commands:
That might give us some information we could use.
journalctl --since="72 hours ago" | grep -i gnome-keyring
pacman -Qe | grep 'gnome-keyring\|seahorse'
Offline
The archlinux-keyring is a dependancy of pacman and has to do with repositories and packages. It shouldn't affect our situation with gnome-keyring.
Great that it works now, interesting though why it didn't before, can you paste the output of the following commands:
That might give us some information we could use.journalctl --since="72 hours ago" | grep -i gnome-keyring
pacman -Qe | grep 'gnome-keyring\|seahorse'
Here you go. Hope this helps!
$ journalctl --since="72 hours ago" | grep -i gnome-keyring
Hint: You are currently not seeing messages from other users and the system.
Users in groups 'adm', 'systemd-journal', 'wheel' can see all messages.
Pass -q to turn off this notice.
Dec 19 16:21:48 arch32 gnome-keyring-daemon[768]: The SSH agent was already initialized
Dec 19 16:21:48 arch32 gnome-keyring-daemon[768]: The Secret Service was already initialized
Dec 19 16:21:48 arch32 gnome-keyring-daemon[768]: The PKCS#11 component was already initialized
Dec 19 16:21:58 arch32 gnome-keyring-daemon[768]: The Secret Service was already initialized
Dec 19 16:21:58 arch32 gnome-keyring-daemon[768]: The SSH agent was already initialized
Dec 19 16:21:58 arch32 gnome-keyring-daemon[768]: The PKCS#11 component was already initialized
Dec 20 18:30:05 arch32 gnome-keyring-daemon[882]: The SSH agent was already initialized
Dec 20 18:30:05 arch32 gnome-keyring-daemon[882]: The Secret Service was already initialized
Dec 20 18:30:05 arch32 gnome-keyring-daemon[882]: The PKCS#11 component was already initialized
Dec 20 18:30:15 arch32 gnome-keyring-daemon[882]: The Secret Service was already initialized
Dec 20 18:30:16 arch32 gnome-keyring-daemon[882]: The SSH agent was already initialized
Dec 20 18:30:16 arch32 gnome-keyring-daemon[882]: The PKCS#11 component was already initialized
Dec 21 08:21:15 arch32 gnome-keyring-daemon[790]: The SSH agent was already initialized
Dec 21 08:21:15 arch32 gnome-keyring-daemon[790]: The Secret Service was already initialized
Dec 21 08:21:15 arch32 gnome-keyring-daemon[790]: The PKCS#11 component was already initialized
Dec 21 08:21:25 arch32 gnome-keyring-daemon[790]: The Secret Service was already initialized
Dec 21 08:21:25 arch32 gnome-keyring-daemon[790]: The SSH agent was already initialized
Dec 21 08:21:25 arch32 gnome-keyring-daemon[790]: The PKCS#11 component was already initialized
Dec 21 08:58:48 arch32 gnome-keyring-daemon[531]: The SSH agent was already initialized
Dec 21 08:58:48 arch32 gnome-keyring-daemon[531]: The Secret Service was already initialized
Dec 21 08:58:48 arch32 gnome-keyring-daemon[531]: The PKCS#11 component was already initialized
Dec 21 08:58:58 arch32 gnome-keyring-daemon[531]: The Secret Service was already initialized
Dec 21 08:58:58 arch32 gnome-keyring-daemon[531]: The SSH agent was already initialized
Dec 21 08:58:58 arch32 gnome-keyring-daemon[531]: The PKCS#11 component was already initialized
Dec 21 09:59:19 arch32 gnome-keyring-daemon[523]: The SSH agent was already initialized
Dec 21 09:59:19 arch32 gnome-keyring-daemon[523]: The Secret Service was already initialized
Dec 21 09:59:19 arch32 gnome-keyring-daemon[523]: The PKCS#11 component was already initialized
Dec 21 09:59:29 arch32 gnome-keyring-daemon[523]: The Secret Service was already initialized
Dec 21 09:59:29 arch32 gnome-keyring-daemon[523]: The SSH agent was already initialized
Dec 21 09:59:29 arch32 gnome-keyring-daemon[523]: The PKCS#11 component was already initialized
Dec 21 18:48:51 arch32 gnome-keyring-daemon[526]: The SSH agent was already initialized
Dec 21 18:48:51 arch32 gnome-keyring-daemon[526]: The Secret Service was already initialized
Dec 21 18:48:51 arch32 gnome-keyring-daemon[526]: The PKCS#11 component was already initialized
Dec 21 18:49:01 arch32 gnome-keyring-daemon[526]: The Secret Service was already initialized
Dec 21 18:49:01 arch32 gnome-keyring-daemon[526]: The SSH agent was already initialized
Dec 21 18:49:01 arch32 gnome-keyring-daemon[526]: The PKCS#11 component was already initialized
# pacman -Qe | grep 'gnome-keyring\|seahorse'
gnome-keyring 1:3.18.3-1
seahorse 3.18.0-1
Hey, be nice...I'm new at this!
Offline
Hmm we don't have that much information there I see that can give us more clues. Hopefully it will continue to work now, otherwise just post here and we can look more into it and maybe other people have ideas too with similar problems.
Offline