Definite's Extractor

My findings on Life, Linux, Open Source, and so on.

Properly use gnome-keyring-daemon Enlightenment (E-17) with ssh-agent support

Now enlightenment (E-17) become my favorite  window manager because it looks elegant and have the most sane automatic tiling action that do not require you to remember lots of keyboard short-cut. However, I got tire on inputting passcode of ssh keys over and over again.

After some searching,  articles like https://wiki.archlinux.org/index.php/Enlightenment#Gnome_Keyring_integration and http://kill-0.com/duplo/2010/01/27/e17-and-the-gnome-keyring-daemon/ suggest that following code block in ~/.profile do the trick:

if [ -n "$GNOME_KEYRING_PID" ]; then
    eval $(gnome-keyring-daemon --start)
    export SSH_AUTH_SOCK
    export GNOME_KEYRING_CONTROL
    export GPG_AGENT_INFO
fi

After apply it, it did work, typing

ssh-add -L

returns all my keys, but I cannot use any network that manual password typing, the network manager applet shows “User authentication is required”, but the god-damn password dialog just not showing. Other than actually switch network, there is a command, seahorse,  can be used to spot this symptom. Just run

seahorse

enable View->By keyring, and look at upper left. If it does not have section “Password” or “Login”, then you are bitten by this bug.

Oh, I forgot to mention that I use lightdm as Display manager. In order to make the gnome-keyring work with it, /etc/pam.d/lightdm should look like:

auth [success=done ignore=ignore default=bad] pam_selinux_permit.so
...
auth optional pam_gnome_keyring.so 
auth include postlogin 
...
session optional pam_gnome_keyring.so auto_start 
session include postlogin

And if you need autologin, you need to do something similar to /etc/pam.d/lightdm-autologin

After some digging with journalctl  and systemd-loginctl, I found that .profile actually sourced twice, first is by /usr/bin/enlightenment_start (or lightdm), that one does not have ssh-agent associate with it, so calling gnome-keyring-daemon –start on that time let you neither be able to use network password dialog, nor the ssh keys are imported.

The second time is by /usr/bin/ssh-agent /bin/sh -c exec -l /bin/zsh -c “/usr/bin/enlightenment_start”,  you can safely call gnome-keyring-daemon now, as ssh-agent is now on.

So my ~/.profile ends like

if [ -n "$DESKTOP_SESSION" ];then 
    # No point to start gnome-keyring-daemon if ssh-agent is not up 
    if [ -n "$SSH_AGENT_PID" ];then 
        eval $(gnome-keyring-daemon --start) 
        export SSH_AUTH_SOCK export GPG_AGENT_INFO
        export GNOME_KEYRING_CONTROL
    fi
fi

One more thing, if you are using bash and has ~/.bash-profile, better to put above in to ~/.bash-profile.

zsh is similar, use ~/.zprofile instead.

Now be enlighten by enlightenment.

About these ads

One response to “Properly use gnome-keyring-daemon Enlightenment (E-17) with ssh-agent support

  1. stuntspt 2014/03/10 at 2:16 am

    Thanks! I have just updated the ArchWiki page with the information provided here!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 303 other followers

%d bloggers like this: