New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to disable autostart applications in fedora23 #2351
Comments
Also, using |
Take a look here: https://github.com/QubesOS/qubes-gui-agent-linux/blob/master/appvm-scripts/usrbin/qubes-session#L43-L45 It is done this way exactly to make |
Ah yes. I was really confused as to how the env vars were being propagated. You may want to consider propagating env vars from autostart scripts in a way like this jpouellet/qubes-gui-agent-linux@e0d8bf9 (untested - just to illustrate the idea) where the autostart.desktop Exec would actually point to a wrapper which extracts the desired var from the agent's stdout and qubes-session-export's it. Although, upon looking into it I do not see why nm-applet actually needs gnome-keychain in qubes. It appears to only be used when the user wishes to only save a network credential for their own user (as opposed to system-wide, and having root put it in /etc/NetworkManager/system-connections), but in the case of a net-vm with passwordless sudo, these appear to me to have no meaningful difference at all. Am I missing something? |
It makes impossible to use standard ssh-agent and the one from gnome-keyring isn't perfect. The reason why it was needed isn't true for a long time - NetworkManager store wifi passwords and other credentials in its configuration files, not gnome-keyring. Anyway, if anyone want to restore old behaviour, it is still possible using `/etc/X11/xinit/xinitrc.d/`. Or `~/.profile`, which is also sourced there. Fixes QubesOS/qubes-issues#2351
Automated announcement from builder-github The package
|
Automated announcement from builder-github The package
|
Automated announcement from builder-github The package
|
Automated announcement from builder-github The package
|
Automated announcement from builder-github The package
|
Automated announcement from builder-github The package
|
Automated announcement from builder-github The package
|
Automated announcement from builder-github The package
|
Related discussion: https://groups.google.com/d/msgid/qubes-devel/20161108233339.GS22572%40mail-itl |
Gnome keyring is apparently still installed and/or a dependency of the qubes-agent (at least in archlinux). Can we also clean this dependency up along with the qubes autostart dropin ? Or should we keep it as a "default ssh agent" program until a qubes specific agent is used (such as a split ssh agent). If the answer is "keep it for now", we should at least add a profile.d file with the following line so that the users benefits from the ssh agent that is installed and running: |
Idk about arch specifics, but can confirm that things are working fine without gnome-keyring on fedora templates (without no-ed25519 restriction for SSH, and without any collateral regressions observed over the past few months). I'd say proceed with removing it as a dependency. |
xref env var propagation: https://groups.google.com/d/topic/qubes-devel/gXj5KWSkPIM/discussion |
Qubes OS version (e.g.,
R3.1
):R3.2
Affected TemplateVMs (e.g.,
fedora-23
, if applicable):fedora-23
General notes:
I am trying to use the actual OpenSSH ssh-agent instead of gnome-keychain because it does not support ed25519 keys, and I use them.
According to the Qubes autostart readme and the xdg autostart spec, I should be able to set
Hidden=true
in /etc/qubes/autostart/whatever.d/xx_asdf.conf to prevent whatever from starting, however trying to do this for gnome-keyring-ssh.desktop does not prevent ghome-keyring from starting.Steps to reproduce the behavior:
Expected behavior:
ssh-agent should either not be started, or possibly be started from xinitrc-common due to:
I expect something possibly like this:
Actual behavior:
Instead, I get the same thing as without any changes:
This path is the unix domain socket set up by gnome-keychain. The auth sock path used by openssh ssh-agent (/usr/bin/ssh-agent) is something like:
The text was updated successfully, but these errors were encountered: