wish: docs on gnome-keyring-daemon / ssh-agent integration

[markstos]

Gnome Keyring works "out of the box" with a number of display managers.

https://wiki.archlinux.org/index.php/GNOME/Keyring#With_a_display_manager

It would be great of the docs mentioned an approach that works with Ly.

If someone describes a solution here, I'll volunteer to write up a version of it as a doc-patch.

Thanks.

[michaelsx]

Actually the steps mentioned in the wiki entry listed under without a display manger ' seem to work for me.
Some kind of advice that is not mentioned there: Keep a recovery device (e.g. live usb) ready, because you could lock you out of your system if you mess up in the pam-config (I did in the beginning).

In /etc/pam.d/login I added pam_gnome_keyring.so as auth and session and to /etc/pam.d/ly as password. And as added as note in ~/.xinitrc I added the code to set the environmental variables (otherwise you might have to log-out and in again to unlock the wallet).

/etc/pam.d/login

#%PAM-1.0
 
auth       required     pam_securetty.so
auth       requisite    pam_nologin.so
auth       include      system-local-login
auth       optional     pam_gnome_keyring.so
account    include      system-local-login
session    include      system-local-login
session    optional     pam_gnome_keyring.so auto_start

/etc/pam.d/ly

#%PAM-1.0

auth       include      login
account    include      login
password   include      login
session    include      login
password   optional     pam_gnome_keyring.so

~/.xinitrc

...
eval $(/usr/bin/gnome-keyring-daemon --start --components=pkcs11,secrets,ssh)
export SSH_AUTH_SOCK

[AcaDemIQ]

In Linux Mint, you should write this lines to /etc/pam.d/ly:

...
auth     optional  pam_gnome_keyring.so
session  optional  pam_gnome_keyring.so auto_start

It works for me :)

[markstos]

Thanks for the feedback.

the steps mentioned in the wiki entry listed under without a display manger ' seem to work for me.

That's confusing because Ly is a display manager, so it's not clear that the non-display-manager directions would apply. Perhaps the wiki should be updated to clarify the instructions are for display managers besides Ly.

And as added as note in ~/.xinitrc I added the code to set the environmental variables

That's helpful for X11 users, but it doesn't help Wayland users.

[pshanoop]

That's helpful for X11 users, but it doesn't help Wayland users.

For sway, I made wrapper script to run keyring and export var.

❯ cat /usr/local/bin/sway-start.sh
#!/usr/bin/env sh
eval $(/usr/bin/gnome-keyring-daemon --start --components=pkcs11,secrets,ssh)
export SSH_AUTH_SOCK
/sbin/sway

And then modified sway.desktop to this

❯  cat /usr/share/wayland-sessions/sway.desktop
[Desktop Entry]
Name=Sway
Comment=An i3-compatible Wayland compositor
Exec=/usr/local/bin/sway-start.sh
Type=Application

This works for me.

[markstos]

I can confirm testing @pshanoop method, but refined it further.

First, --components=pkcs11,secrets,ssh can be omitted-- loading all the components is the default behavior.

Second, I recommend putting custom files under your home directory so that they might be be managed with a dotfile manager.

Third, I recommend using unique file names and descriptions to clarify how this is different than the usual Sway launcher. Those changes result in the following:

❯ cat ~/.local/bin/start-swith-with-gnome-keyring.sh
#!/usr/bin/env sh
eval $(/usr/bin/gnome-keyring-daemon --start)
export SSH_AUTH_SOCK
/sbin/sway

❯  cat ~/.local/share/wayland-sessions/sway-with-gnome-keyring.desktop
[Desktop Entry]
Name=Sway with Gnome Keyring
Comment=An i3-compatible Wayland compositor
Exec=/home/YOURUSER/.local/share/wayland-sessions/start-swith-with-gnome-keyring.sh
Type=Application

Finally:

sudo ln -s /home/YOURUSER/.local/share/wayland-sessions/sway-with-gnome-keyring.desktop /usr/share/wayland-sessions/

[mangelozzi]

In Linux Mint, you should write this lines to /etc/pam.d/ly:

...
auth     optional  pam_gnome_keyring.so
session  optional  pam_gnome_keyring.so auto_start

It works for me :)

Did not work for me, even though it ties up with what this says:

When following the https://wiki.gnome.org/Projects/GnomeKeyring/Pam:

In /etc/pam.d/gdm, add lines like this at the end of the 'auth', 'session' blocks. The 'session' line below should come towards the end of the other 'session' lines. This allows other modules like the pam systemd module to setup environment variables.

Unfortunately neither way worked for me.

[pocco81]

Following michaelsx's instructions worked, however I had to change this env var:

export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/gcr/ssh"

Reference: https://wiki.archlinux.org/title/GNOME/Keyring#SSH_keys