My messages to networkmanager-list aren't getting through yet, but... Jouni Malinen wrote: > On Thu, Jul 24, 2008 at 02:29:32AM +0900, David Smith wrote: > >> For implementing PKCS#11 support in the network manager gnome applet >> using gnome keyring as the backing store, it's necessary to tell >> wpasupplicant the environment variable of GNOME_KEYRING_SOCKET before >> loading the gnome keyring PKCS#11 library. This socket will be protected >> to the local user, but since wpasupplicant must run as root, it should >> be able to access it and indeed it must. > > wpa_supplicant can actually be run without root capabilities when using > privacy separation. However, that may not be of much help here. Using > environment variable for this type of configuration for a library sounds > a bit odd, but maybe there is no better way of passing that information.
It's not configuration per-se. The socket is per session, and could be different for multiple programs run on the same session. It would be nice if the gnome-keyring pkcs11 module could could use the DBus session bus to locate the daemon/socket. However PKCS#11 modules have to run in all sorts of strange applications, and DBus wasn't an option. :( > I have to say that I don't really like this at all.. If I understood the > design correctly, it may indeed be necessary to be able to set > GNOME_KEYRING_SOCKET. However, I don't see need for setting any other > environment variable. I would certainly prefer to do this in some other > way, but if this is the only feasible one, I would be fine with a > compromise that adds a new DBus command for setting GNOME_KEYRING_SOCKET > (i.e., just this particular environment variable, not arbitrary > variables). I would rather not go through the details of what external > programs could do by setting some other variables and as such, it would > be simpler to just limit this to a single variable as a workaround for > the particular issue. It's easy enough to get around. gnome-keyring already has something to address this problem. You can call the /org/gnome/keyring/daemon interface and use the GetSocketPath call, which will return the socket path of the currently running daemon. You can then easily set the correct environment variable in your process. > string org.gnome.keyring.Dameon.GetSocketPath() > > at /org/gnome/keyring/daemon Cheers, Stef _______________________________________________ NetworkManager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
