Unable to disable autostart applications in fedora23 #2351
Comments
|
Also, using |
|
Take a look here: https://github.com/QubesOS/qubes-gui-agent-linux/blob/master/appvm-scripts/usrbin/qubes-session#L43-L45 It is done this way exactly to make |
|
Ah yes. I was really confused as to how the env vars were being propagated. You may want to consider propagating env vars from autostart scripts in a way like this jpouellet/qubes-gui-agent-linux@e0d8bf9 (untested - just to illustrate the idea) where the autostart.desktop Exec would actually point to a wrapper which extracts the desired var from the agent's stdout and qubes-session-export's it. Although, upon looking into it I do not see why nm-applet actually needs gnome-keychain in qubes. It appears to only be used when the user wishes to only save a network credential for their own user (as opposed to system-wide, and having root put it in /etc/NetworkManager/system-connections), but in the case of a net-vm with passwordless sudo, these appear to me to have no meaningful difference at all. Am I missing something? |
It makes impossible to use standard ssh-agent and the one from gnome-keyring isn't perfect. The reason why it was needed isn't true for a long time - NetworkManager store wifi passwords and other credentials in its configuration files, not gnome-keyring. Anyway, if anyone want to restore old behaviour, it is still possible using `/etc/X11/xinit/xinitrc.d/`. Or `~/.profile`, which is also sourced there. Fixes QubesOS/qubes-issues#2351
|
Automated announcement from builder-github The package |
|
Automated announcement from builder-github The package |
|
Automated announcement from builder-github The package |
|
Automated announcement from builder-github The package |
|
Automated announcement from builder-github The package |
|
Automated announcement from builder-github The package |
|
Automated announcement from builder-github The package |
|
Automated announcement from builder-github The package |
|
Related discussion: https://groups.google.com/d/msgid/qubes-devel/20161108233339.GS22572%40mail-itl |
|
Gnome keyring is apparently still installed and/or a dependency of the qubes-agent (at least in archlinux). Can we also clean this dependency up along with the qubes autostart dropin ? Or should we keep it as a "default ssh agent" program until a qubes specific agent is used (such as a split ssh agent). If the answer is "keep it for now", we should at least add a profile.d file with the following line so that the users benefits from the ssh agent that is installed and running: |
|
Idk about arch specifics, but can confirm that things are working fine without gnome-keyring on fedora templates (without no-ed25519 restriction for SSH, and without any collateral regressions observed over the past few months). I'd say proceed with removing it as a dependency. |
|
xref env var propagation: https://groups.google.com/d/topic/qubes-devel/gXj5KWSkPIM/discussion |
Qubes OS version (e.g.,
R3.1):R3.2
Affected TemplateVMs (e.g.,
fedora-23, if applicable):fedora-23
General notes:
I am trying to use the actual OpenSSH ssh-agent instead of gnome-keychain because it does not support ed25519 keys, and I use them.
According to the Qubes autostart readme and the xdg autostart spec, I should be able to set
Hidden=truein /etc/qubes/autostart/whatever.d/xx_asdf.conf to prevent whatever from starting, however trying to do this for gnome-keyring-ssh.desktop does not prevent ghome-keyring from starting.Steps to reproduce the behavior:
Expected behavior:
ssh-agent should either not be started, or possibly be started from xinitrc-common due to:
I expect something possibly like this:
Actual behavior:
Instead, I get the same thing as without any changes:
This path is the unix domain socket set up by gnome-keychain. The auth sock path used by openssh ssh-agent (/usr/bin/ssh-agent) is something like:
The text was updated successfully, but these errors were encountered: