it seems silly to me to even be running all that background stuff. can we do without it? maybe a simple x session just running qubes window manager and ssh-agent?
Jean-Philippe Ouellet
unread,
Oct 12, 2016, 12:27:28 PM10/12/16
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to pixel fairy, qubes-devel
On Wed, Oct 12, 2016 at 8:21 AM, pixel fairy <pixel...@gmail.com> wrote:
> gnome-keyring runs in template VMs, breaking ssh on newer keys. see
(Sorry for duplicate reply, 1st email forgot to CC the list)
That said... I am running without gnome-keyring and nm-applet still
works fine... so... ¯\_(ツ)_/¯
pixel fairy
unread,
Oct 12, 2016, 11:18:18 PM10/12/16
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to qubes-devel, pixel...@gmail.com
On Wednesday, October 12, 2016 at 12:27:28 PM UTC-4, Jean-Philippe Ouellet wrote:
On Wed, Oct 12, 2016 at 8:21 AM, pixel fairy <pixel...@gmail.com> wrote:
> gnome-keyring runs in template VMs, breaking ssh on newer keys. see
...
That said... I am running without gnome-keyring and nm-applet still
works fine... so... ¯\_(ツ)_/¯
how did you disable it? just comment it out in your template? do you have ssh-agent working?
Jean-Philippe Ouellet
unread,
Oct 12, 2016, 11:39:44 PM10/12/16
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to pixel fairy, qubes-devel
On Wed, Oct 12, 2016 at 11:18 PM, pixel fairy <pixel...@gmail.com> wrote:
> how did you disable it? just comment it out in your template?
Yes. And remove the xdg-autostart entry for it too.
> do you have ssh-agent working?
Yes. I am starting it via xdg-autostart using a wrapper which writes
the reported SSH_{AUTH_SOCK,AGENT_PID} env vars to
/tmp/qubes-session-env, which then gets sourced on shell init by
/etc/profile.d/qubes-session.sh.
pixel fairy
unread,
Oct 13, 2016, 12:18:04 AM10/13/16
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to qubes-devel, pixel...@gmail.com
i was going to ask for your scripts, but, why not pull request it? just change the call to gnome-keyring-daemon to leave out ssh and gpg (for sake of the split-gpg thing)
Jean-Philippe Ouellet
unread,
Oct 13, 2016, 12:41:22 AM10/13/16
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to pixel fairy, qubes-devel
On Thu, Oct 13, 2016 at 12:18 AM, pixel fairy <pixel...@gmail.com> wrote:
> i was going to ask for your scripts, but, why not pull request it? just
> change the call to gnome-keyring-daemon to leave out ssh and gpg (for sake
> of the split-gpg thing)
But I still don't understand the interactions of all relevant
components well enough to be confident I'm not breaking things for
other people.
I like to know what I'm doing before trying to upstream stuff. I'm
slowly reading my way through the qubes docs, various
design/architecture rationale threads, and the implementations of
various qubes subsystems, but free time remains eternally scarcer than
one might wish ;)
pixel fairy
unread,
Oct 13, 2016, 4:33:12 AM10/13/16
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to qubes-devel, pixel...@gmail.com
Im glad you did as much as you did. i applied your patch, but instead of deleting the call to gnome-keyring, i just added "--components=secrets,pkcs11" to make it ignore ssh. just did it, just rebooted some qubes, sshed using the ssh agent with an ed25519 key to make sure it all works.