-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Tue, Nov 08, 2016 at 07:01:26PM -0500, Jean-Philippe Ouellet wrote: > On Tue, Nov 8, 2016 at 6:33 PM, Marek Marczykowski-Górecki > <[email protected]> wrote: > > no longer keys loaded automatically with a nice GUI prompt for a password > > (if set). > > This is not true. > > OpenSSH's ssh-agent invoked with DISPLAY set and stdin not a tty will > invoke ssh-askpass with such a nice gui prompt for a password. This is > easy to accomplish if desired.
But do not load keys automatically. This isn't a big problem, just some difference. > > It is still possible to enable it back for example by adding it to > > `~/.profile`. The tricky part is it can't be started just from > > `/etc/xdg/autostart`, because it isn't possible to set $SSH_AUTH_SOCK > > in shell environment from there (on real GNOME, some GNOME specific dbus > > API is used for this). > > However, env vars can be made to be propagated from xdg-autostart via > /tmp/qubes-session-env[.tmp] with minimal changes to the startup > scripts. See https://groups.google.com/forum/#!topic/qubes-devel/lRwuYIF_hWE /tmp/qubes-session-env isn't sourced second time, at least in theory (QUBES_ENV_SOURCED=1). How could it work? In older version (Qubes 3.0?) it was indeed sourced at each shell startup. > > So, now the questions: > > 1. Is this change in behavior ok? > > I have been running with essentially the change you describe for a few > weeks and have observed no regressions. > > +1 for changing it > > > 2. If not, how to enable it by default, to make it easier to disable it > > if someone want to? > > Starting it via xdg-autostart and propagating env vars as described > above would accomplish this, but regardless I believe openssh's > ssh-agent is preferable to gnome-keychain. Ok, so given the feedback, I believe the best option is to default to openssh's ssh-agent, then document somewhere how to enable gnome-keyring one. > > [1] https://github.com/marmarek/qubes-gui-agent-linux/pull/21 > > [2] https://github.com/QubesOS/qubes-issues/issues/2351 - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJYI7TBAAoJENuP0xzK19cs4psH/jDe7Bp9MD9El7odXGguURDR VmcdWcdhvi/a6O4YXzjRinmJoxKKax5tEJrmJhM7yKisW+0VG1k3cOUBd4MwgZ0e 47fmLLXl5DFGlWfCWzPIau6Yy/kEtds9qG5S7o5BbiKocM6XLbLL45cRL10OCQUV uko7KBazCrdRJuvbJJPIu5F57eAsm+OZF5YUltdhSS1xd8lORXqEdIMrT/N3NMGR cmN6hiujOB9NzCBg66PCT/AQynJaf8gLvVF9ACRaPqFmG4f1CGrvF4ppKWNCzoCz 3j5zcg6gVOtQriVEehfyYs0pXSAgvnVpUWJrrfAecRwiV1ZmJRRPCoSyTp2QlK8= =3HZK -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20161109234401.GT22572%40mail-itl. For more options, visit https://groups.google.com/d/optout.
