Description of problem: I have removed mate-keyring, lib64matekeyring1 and lib64mate-keyring0. Installed gnome-keyring-3.10.1-2.mga4, lib64gnome-keyring0-3.10.1-2.mga4,libgnome-keyring-i18n-3.10.1-2.mga4,gnome-python-gnomekeyring-2.32.0-17.mga4, lib64gnome-keyring-gir1.0-3.10.1-2.mga4 Now, i can not use mgarepo and cannot see a passphrase popup. ps aux | grep keyring: atilla 322 0.0 0.0 23292 940 pts/0 S+ 22:57 0:00 grep --color keyring atilla 13510 0.0 0.0 447592 6468 ? Sl 22:47 0:00 /usr/bin/gnome-keyring-daemon --daemonize --login journalctl -a | grep keyring: Åub 20 22:47:09 localhost gnome-keyring-daemon[11284]: exponent1 exponent1: no decoded value Åub 20 22:47:09 localhost gnome-keyring-daemon[11284]: RSAPrivateKey RSAPrivateKey: decoded tag did not match expected Åub 20 22:47:09 localhost gnome-keyring-daemon[11284]: DSAPrivateKey DSAPrivateKey: decoded tag did not match expected Åub 20 22:47:10 localhost gnome-keyring-daemon[11284]: RSAPrivateKey RSAPrivateKey: decoded tag did not match expected Åub 20 22:47:10 localhost gnome-keyring-daemon[11284]: DSAPrivateKey DSAPrivateKey: decoded tag did not match expected Åub 20 22:47:10 localhost gnome-keyring-daemon[11284]: couldn't create system prompt: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.keyring.SystemPrompter was not provided by any .service files Åub 20 22:47:57 localhost gnome-keyring-daemon[13510]: couldn't set environment variable in session: The name org.gnome.SessionManager was not provided by any .service files Åub 20 22:47:57 localhost gnome-keyring-daemon[13510]: couldn't set environment variable in session: The name org.gnome.SessionManager was not provided by any .service files Åub 20 22:47:57 localhost gnome-keyring-daemon[13510]: couldn't set environment variable in session: The name org.gnome.SessionManager was not provided by any .service files Åub 20 22:47:58 localhost gnome-keyring-daemon[13510]: The SSH agent was already initialized Åub 20 22:47:58 localhost gnome-keyring-daemon[13510]: The GPG agent was already initialized Åub 20 22:47:58 localhost gnome-keyring-daemon[13510]: The PKCS#11 component was already initialized Version-Release number of selected component (if applicable): Cauldron-x86_64-Mate Desktop-gnome-keyring How reproducible: Just set gnome keyring begins at session start (all /etc/xdg/autostart/gnome-keyring* stuff) Steps to Reproduce: 1.Login with gnome-keyring enabled session 2.Try to mgarepo co somestuff 3.See commandline output like this: [atilla@localhost ~]$ mgarepo co mate-media-pulse Agent admitted failure to sign using the key. Permission denied (publickey,password,keyboard-interactive). svn: E210002: Unable to connect to a repository at URL 'svn+ssh://svn.mageia.org/svn/packages/cauldron/mate-media-pulse/current' svn: E210002: To better debug SSH connection problems, remove the -q option from 'ssh' in the [tunnels] section of your Subversion configuration file. svn: E210002: Network connection closed unexpectedly It seems ssh-agent or ForwardAgent are not setup or your username is wrong. See https://wiki.mageia.org/en/Packagers_ssh for more information. [atilla@localhost ~]$ Reproducible: Steps to Reproduce:
I forget to add some info: mgarepo co command still works with mate-keyring and also ssh-agent is installed.
I have found that "gcr" package needs to be installed alongside with gnome-keyring if it will be used outside of GNOME. Gnome-keyring should pull it by default. With gcr installed it works like a charm. I' ll add it to gnome-keyring package requires. See also: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673845
URL: (none) => https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673845Assignee: bugsquad => tarakbumbaWhiteboard: (none) => Triaged
Whiteboard: Triaged => Triaged, MGA4TOO
Fixed gnome-keyring-3.10.1-3.mga5 had been submitted to Cauldron
I have uploaded a updated gnome-keyring-3.10.1-2.1.mga4 package for Mageia 4. Suggested advisory: ======================== Updated gnome-keyring package fixes a dbus service issue if it used in a DE other than GNOME: gnome-keyring needs "org.gnome.keyring.SystemPrompter" service file. This file is provided by "gcr" package. But gcr is not pulled by gnome-keyring. So, at non-gnome desktops, gnome-keyring throws "couldn't create system prompt: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.keyring.SystemPrompter was not provided by any .service files" error. This update adds "gcr" package as a dependency to gnome-keyring package. References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673845 ======================== Test case: 1. On a non-gnome desktop (tested for MATE) remove any other keyring tools. 2- Install gnome-keyring 3- Run a ssh related command; in my case "mgarepo co foo" 4- Without suggested update ssh related command fails. You also do not get a passphrase prompt. For mgarepo message: "Agent admitted failure to sign using the key. Permission denied (publickey,password,keyboard-interactive). svn: E210002: Unable to connect to a repository at URL " 5- Install suggested update or gcr now. You should be prompted for your passphrase and your ssh command works as expected. Updated packages in core/updates_testing: ======================== gnome-keyring-3.10.1-2.1.mga4 Source RPMs: gnome-keyring-3.10.1-2.1.mga4.src.rpm
Keywords: (none) => TriagedAssignee: tarakbumba => qa-bugsWhiteboard: Triaged, MGA4TOO => MGA4TOO
Version: Cauldron => 4Whiteboard: MGA4TOO => (none)
I don't understand how I am supposed to remove mate-keyring and install gnome-keyring instead? Removing mate-keyring would remove mate-desktop.
CC: (none) => remiWhiteboard: (none) => feedback
(In reply to Rémi Verschelde from comment #5) > I don't understand how I am supposed to remove mate-keyring and install > gnome-keyring instead? Removing mate-keyring would remove mate-desktop. Well, you can use "rpm -e --nodeps" but i understand your point. Then test case should be so: Test case: 1. On a non-gnome desktop (tested for MATE) disable any other keyring tools. For MATE Desktop Go to Mate Control Center > Startup Applications and disable Mate keyring entries by unchecking relevant boxes. 2- Log out and log back in. 4- Install gnome-keyring 5- Run a ssh related command; in my case "mgarepo co foo" 6- Without suggested update ssh related command fails. You also do not get a passphrase prompt. For mgarepo message: "Agent admitted failure to sign using the key. Permission denied (publickey,password,keyboard-interactive). svn: E210002: Unable to connect to a repository at URL " 5- Install suggested update or gcr now. You should be prompted for your passphrase and your ssh command works as expected. I' m always in a hurry and doing all work after midnight. So, things may messed at my side.
Whiteboard: feedback => (none)
Whiteboard: (none) => has_procedure
I am about to try testing this for MGA4 64-bit.
CC: (none) => lewyssmith
I am UNable to confirm this update, using Mate desktop, because of having too many things installed which correctly allow SSH to localhost. This works even with all Mate keyring thingies disabled for startup as per comment 6, *and* gnome-keyring itself UNinstalled. I could not remove residual gnome-keyring libraries because of the raft of things they would have taken with them; even more so for gcr (already installed). If I read the bug correctly, the fault will not happen if gcr is installed. So the test starting point needs a system *without* gcr. To satisfy the need to actually use SSH without having previous need of it, I followed https://wiki.mageia.org/en/Nomachine steps 1 & 2, (*not* allowing incoming SSH on the Ethernet link in the firewall configuration). Then $ ssh 127.0.0.1
(In reply to Lewis Smith from comment #8) > I am UNable to confirm this update, using Mate desktop, because of having > too many things installed which correctly allow SSH to localhost. This works > even with all Mate keyring thingies disabled for startup as per comment 6, > *and* gnome-keyring itself UNinstalled. I could not remove residual > gnome-keyring libraries because of the raft of things they would have taken > with them; even more so for gcr (already installed). > > If I read the bug correctly, the fault will not happen if gcr is installed. > So the test starting point needs a system *without* gcr. > > To satisfy the need to actually use SSH without having previous need of it, > I followed > https://wiki.mageia.org/en/Nomachine > steps 1 & 2, (*not* allowing incoming SSH on the Ethernet link in the > firewall configuration). Then > $ ssh 127.0.0.1 I think something is misunderstood. Why did you Uninstalled gnome-keyring? It is all about gnome-keyring. Also, https://wiki.mageia.org/en/Nomachine describes nothing with gnome-keyring. Please, disable all mate-keyring stuff; install gnome-keyring (which should not pull "gcr") on MATE desktop and try to use it. Do you see a passphrase dialog?
Atilla > Why did you Uninstalled gnome-keyring? When starting, I had the released version installed *and* gcr, got errors when I tried your SSH test (magrepo) - similar but not identical to yours; disabled all 4 Mate keyring options; updated gnome-keyring; re-tried your magrepo test and got the same errors as previously. Suspecting the need to have a valid SSH application (magrepo means nothing to me), I then installed SSHd as per the Nomachine page. ssh worked - with a password prompt. > Why did you Uninstalled gnome-keyring [the updated one] I wanted to revert my system to *issued* gnome-keyring, and at the same time get rid of gcr, to better reproduce the original fault using ssh; i.e. NO gcr, issued gnome-keyring. So I removed the updated gnome-keyring to re-install the issued version (which I never did). I could *not* remove gcr (which seems essential to test the update) as noted in comment 8. Out of curiosity, I tried ssh - which worked fine in the absence of gnome-keyring itself, but not all the related libraries. > Please, disable all mate-keyring stuff; install gnome-keyring > (which should not pull "gcr") on MATE desktop and try to use it. > Do you see a passphrase dialog? I did all this, but gcr was always there. I got no password request trying 'mgarepo' before or after updating gnome-keyring. I got a password prompt using 'ssh' regardless of the presence or absence of gnome-keyring. All I can say is that with the *updated* gnome-keyring ssh works: a password prompt. But this is meaningless because gcr was already in place, and it works with no gnome-keyring at all. If no-one else can do better, I will go ahead and remove the residual g-k libraries *and* gcr, and to hell with everything else that gets removed also. I think I need a system without gcr and with issued g-k and a valid SSH application as a starting point. I think for me to try *your* SSH test was not valid for me. Should 'ssh' suffice?
Not winning. I cannot reproduce the original described fault. I threw out the last 2 gnome-keyring libraries (and whatever went with them), and gcr (likewise). Re-installed gnome-keyring with urpmi from Core Release. *It pulled in gcr anyway*. Removed gcr again. Logout, Login under Mate (all 4 Mate keyring programs disabled for startup). $ ssh 127.0.0.1 *still* offers password prompt. I have also KDE, Gnome, XFCE, E17 installed. Could this matter?
Note that uninstalling mate-keyring ... # urpme mate-keyring To satisfy dependencies, the following 5 packages will be removed (20MB): mate-desktop-1.6.2-2.mga4.i586 (due to missing mate-panel) mate-keyring-1.6.1-1.mga4.i586 mate-panel-1.6.2-1.mga4.i586 (due to missing mate-screensaver, due to missing mate-desktop) mate-screensaver-1.6.2-1.mga4.i586 (due to unsatisfied mate-keyring >= 1.1.0) task-mate-minimal-1.6.0-8.1.mga4.noarch (due to unsatisfied mate-panel >= 1.6.0) I'll use rpm -e --nodeps, for this test.
CC: (none) => davidwhodgins
I've installed mga-advisories, svn, and openssh-clients. mate-keyring has been removed, The updated gnome-keyring is installed, with gcr. I've copied my .mga-advisories/ .ssh/ mageia-advisories/ and .subversion/ directories from the host,to the mate only vb guest, set ownership/ permission properly, and rebooted. ps aux |grep key dave 1686 0.0 0.1 57056 3908 ? Sl 13:58 0:00 /usr/bin/gnome-keyring-daemon --daemonize --login svn -v ls svn+ssh://svn.mageia.org/svn/advisories/ does not prompt for a password. ssh-add .ssh/mageia Could not open a connection to your authentication agent. Should I have ssh-agent running too, or is there some setting I'm missing to get ssh to use gnome-keyring?
Whiteboard: has_procedure => has_procedure feedback
(In reply to Dave Hodgins from comment #13) > I've installed mga-advisories, svn, and openssh-clients. mate-keyring has > been removed, The updated gnome-keyring is installed, with gcr. Did you get the original fault (see comment 4) *without* gcr before updating G-K? All the update does (I think) is ensure that gcr is made a dependancy of G-K so that installing the latter pulls in the former if necessary. > Should I have ssh-agent running too, or is there some setting I'm missing to > get ssh to use gnome-keyring? Just the sort of dilemma I faced. The last bit seems the essence.
Assigning back to you for now Atilla. Please reassign when you're ready. Thanks.
CC: (none) => qa-bugsAssignee: qa-bugs => tarakbumbaWhiteboard: has_procedure feedback => has_procedure
Thanks for your action Claire. I'm so sorry that i forgot this update. Further investigation shows that not only gnome-keyring should have gcr dependency but also mate-session-manager package should be patched to use proper environment variables for gnome-keyring. I found and cherry picked upstream commits for mate-session-manager-1.8.0 and create a patch for our mate-session-manager. I submitted mate-session-manager-1.6.1-7.mga4 to updates/testing repository and it is building right now. Should i open another bug report against mate-session-manager or create another advisory in this bug report?
I have uploaded a updated gnome-keyring-3.10.1-2.1.mga4 and mate-session-manager-1.6.1-6.2.mga4 packages for Mageia 4. Suggested advisory: ======================== Updated gnome-keyring package fixes a dbus service issue if it used in a DE other than GNOME: gnome-keyring needs "org.gnome.keyring.SystemPrompter" service file. This file is provided by "gcr" package. But gcr is not pulled by gnome-keyring. So, at non-gnome desktops, gnome-keyring throws "couldn't create system prompt: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.keyring.SystemPrompter was not provided by any .service files" error. This update adds "gcr" package as a dependency to gnome-keyring package. Updated mate-session-manager package fixes an environment issue for gnome-keyring on MATE Desktop: Previously it can not set proper environment variables for gnome-keyring. This update fixes gnome-keyring can not be started issue by setting right environment variables. References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673845 ======================== Test case: 1- On MATE Desktop Go to Mate Control Center > Startup Applications and disable Mate keyring entries by unchecking relevant boxes. 2- Log out and log back in. 4- Install gnome-keyring 5- Run a ssh related command; in my case "mgarepo co foo" 6- Without suggested update ssh related command fails. You also do not get a passphrase prompt. For mgarepo message: "Agent admitted failure to sign using the key. Permission denied (publickey,password,keyboard-interactive). svn: E210002: Unable to connect to a repository at URL " 5- Install suggested updates now. You should be prompted for your passphrase and your ssh command works as expected. Updated packages in core/updates_testing: ======================== gnome-keyring-3.10.1-2.1.mga4 mate-session-manager-1.6.1-6.2.mga4 Source RPMs: gnome-keyring-3.10.1-2.1.mga4.src.rpm mate-session-manager-1.6.1-6.2.mga4.src.rpm
Assignee: tarakbumba => qa-bugs
Running "mgarepo co foo" in a mate terminal before or after installing update results in the following error: [root@localhost wilcal]# mgarepo co foo bash: mgarepo: command not found
CC: (none) => wilcal.int
Try mgaadv Bill, that's the one we use for advisories, or install mgarepo but there is further config to do for that.
Testing Mageia 4 i586. There's something I might be missing, because I don't manage to _lose_ ssh access with mgarepo. I tried removing gnome-keyring and mate-keyring and gcr (that I had installed because of nemo-seahorse), but I could still use "mgarepo co null" and even commit changes. So I can't test this update candidate, I don't manage to reproduce the bug.
Did you notice any regressions Rémi?
(In reply to claire robinson from comment #21) > Did you notice any regressions Rémi? I couldn't tell, because I don't see any difference in my usage of SSH when I have gnome-keyring and when I don't. So even if I install the update candidate, I wouldn't be able to determine whether it's used or not (I'm not really knowledgeable on this matter). If think it would help to test the update candidate on a system with ssh not being configured. I've always found it somewhat messy to configure ssh, ssh-agents and so on; on a system with "vanilla" ssh configuration, it would be easier to reproduce the bug and test the fix I guess.
Please use a clean install. The whole point of these updates are starting keyring and obviously ssh-agent. I reproduce this issue both on my laptop install and on a VM on my Cauldron. There are methods to start ssh-agent automatically rather than using *-keyring. If anohter round of testing fails, skip this. I don't think that i messed up but i don' t want to waste your time, while you' re so overhelmed with security updates or so (yes i read QA mailing list daily but not have time to help. Sorry.)
Let's validate this update. It has been sitting here for months since we haven't been able to reliably reproduce the issue. As Atilla said, this update would be needed for people who haven't been able to start ssh-agent using *-keyring, therefore it shouldn't break anything for people who could (at least for me). Will upload the advisory later.
Keywords: (none) => validated_updateWhiteboard: has_procedure => has_procedure MGA4-32-OKCC: (none) => sysadmin-bugs
(In reply to Rémi Verschelde from comment #24) > Let's validate this update. It has been sitting here for months since we > haven't been able to reliably reproduce the issue. Agreed; I was thinking of suggesting the same thing. It boiled down to simply needing gcr as a dependancy of the pkg, Comment 2. I was one of those who could not reproduce the fault.
Advisory uploaded.
Whiteboard: has_procedure MGA4-32-OK => has_procedure MGA4-32-OK advisory
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGAA-2014-0159.html
Status: NEW => RESOLVEDResolution: (none) => FIXED