Thanks @ueno . Ok in a world without gcr yet, we have this in F39:
in top, I see that
systemd --system
is the one that spaws gnome-keyring-daemon with the arguments
–daemonize --login
I’m a little confused. I see:
./user/gnome-keyring-daemon.service
./user/gnome-keyring-daemon.socket
under /lib/systemd.
./user/gnome-keyring-daemon.service contains
ExecStart=/usr/bin/gnome-keyring-daemon --foreground --components=“pkcs11,secrets” --control-directory=%t/keyring
This doesn’t match the arguments how gnome-keyring-daemon is running.
There’s no other occurence of gnome-keyring inside /lib/systemd
Also, I don’t understand this 2 steps mechanism. The manpage says that gnome-keyring-daemon will read the password from stdin (but presumably gdm UI) but not complete initialization. That happens with gnome-keyring-daemon gets called with --start later.
I don’t see that 2nd invocation, is it ephemeral, does gdm do it?
The --components arguments is absent. That means that all 3 of ssh , secrets and pkcs11 are used?
I’ve noticed a situation where the unix socket open by gnome-keyring-daemon is
/run/user/1000/keyring/ssh
while the child process ssh-agent used this
/run/user/1000/keyring/.ssh
2 different unix sockets, is that normal?
I suppose in a working
state , I expect this:
gnome-keyring-daemon running (so it knows about the ssh keys) and the ssh-agent as well.
if I run ssh to the server, it shouldn’t ask me for the passphrase to the private key