-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Marek Marczykowski-Górecki: > Hi, > > Currently gnome-keyring (if installed) is started in every VM, > providing, among other things, SSH agent. There is no sane way to > disable it for the user[2]. > > Since the original reason why it is started this way is not true for a > long time, I think about disabling it[1]. The (side?) effect will be - no > longer gnome-keyring working as SSH agent, instead standard ssh-agent > will be pointed by SSH_AUTH_SOCK variable. For some this may be a > feature (as gnome-keyring do not support EC for example), but some may > see this as a bug - no longer keys loaded automatically with a nice GUI > prompt for a password (if set).
FWIW I have disabled it manually for a long time. But I'm a bad reference for user-friendly defaults. > It is still possible to enable it back for example by adding it to > `~/.profile`. The tricky part is it can't be started just from > `/etc/xdg/autostart`, because it isn't possible to set $SSH_AUTH_SOCK > in shell environment from there (on real GNOME, some GNOME specific dbus > API is used for this). > > So, now the questions: > 1. Is this change in behavior ok? > 2. If not, how to enable it by default, to make it easier to disable it > if someone want to? I think it would be easy to check for /etc/qubes/no-gnome-keyring before starting it. Or maybe use Qubes "services" (but IIRC setting defaults for them is also not easy ...). > [1] https://github.com/marmarek/qubes-gui-agent-linux/pull/21 > [2] https://github.com/QubesOS/qubes-issues/issues/2351 -----BEGIN PGP SIGNATURE----- iQIsBAEBCgAWBQJYImypDxxodzQyQGlwc3Vtai5kZQAKCRDkrMknimRoFp3dD/wP iXGDmZJ5WKzYobu8lKRs3+JwCkz476bit8XeU/TNuM6V9zqXJAXQDnak4TZMdH/L 8+MnmmqccypBIPJ0WgayIXhz3u5/2IMJc4M5PaWjXDhUTkj9L+YOSVTdOE6Nm6b9 yxszp4j+4m+n4sKwrUytiRXEQJr5nWon+OAJSYnjy4gKYy79czZGO+wgys2KIJGp 8kO2UerfrUtP9jSi8t2ldsOEzOq/N4ed4e3B4b1xS/1PnmYEjldWs7BQMw7fTO9+ UMxtdzAHlUOIt2x8oExyAw5R/9T5yRBkcAidfWaHPDP8JtzWAOI66F+5YkTf5h1a DXrzblfjieYvKrXYW/gI+lPv5rq2BLWYUAQz4NytuLFxSTbUxhebLB/EK3jqjU/y lCU/4xXADZ1FZBZeGrt2LMnoTt9Jz7GKI9FOV+eEjMm8vDnLWRXDK6xLo0Db7qFF lHgECC9cWOSzkh2YsqN7gtK8P+3kOkRbiOw2AlaFHOWc9Bsn+FmCWALftxVHJSwJ 5D5iu2JHIhSXTpCBsp3mcU1vsUsegxtD4RI91OzF9GYMD6E6k3euKkVzny7tQRke RY6ID3Hr6Noa7VKSX0MpL2t9ZTVAs4XqNDGzDb5tv3ZkSr70KV/T/UAbWR6xLOmw lT/MyAYAWotHE0E5SvvrfCPm0L1/YOs+R9wOSMFqtA== =awcC -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/7c60d230-3b85-e1d1-a7d0-bbb806218d4a%40ipsumj.de. For more options, visit https://groups.google.com/d/optout.
