gnome-keyring not working in qubes Debian 7

[peter.p...@gmail.com]

Hi.

Using gnome-keyring in debian 7 template based VMs does not work.
seahorse can not add key(ring)s, evolution can not store passwords, and gkeyring also fails.

I believe password-less login and dbus might be connected to the problem.

The logs tell
"The name org.gnome.SessionManager was not provided by any .service files"
and
"Error communicating with gnome-keyring-daemon".

Any clue how to solve that?
It works fine in fedora-template based VMs.

Peter.

[cprise]

It sounds like it is related to a problem some of us are having in
Debian 8: The same org.gnome.SessionManager error when trying to run
nautilus, and the window may not appear (especially if you run it from
the launcher menu).

However, if you run nautilus from terminal it should start the gnome
SessionManager service before opening the window. So if you keep a
nautilus window open while testing gnome-keyring functions you may find
that it works.

[peter.p...@gmail.com]

It does not work in Debian 7 but in Debian 8

-> will migrate to Debian 8. :-)

[Unman]

If you turn off dbus in the nautilus desktop file (under
/usr/share/applications) in the template this will fix the launcher
issue.
I dont think the session manager warning is related: I see this all the
time under kali-it's because you're not running gnome.
unman

[cprise]

There are 4 nautilus-related files under /usr/share/applications:

nautilus-autorun-software.desktop
nautilus-classic.desktop
nautilus-connect-server.desktop
org.gnome.Nautilus.desktop

The last one has a line referencing dbus:

DBusActivatable=true

Setting it to 'false' does seem to solve the problem.

FWIW, I checked in the f20 template and a Mint 17.1 HVM and neither of
them have a .desktop file for nautilus that uses DBusActivatable (they
have no org.gnome.Nautilus.desktop file at all).

[peter.p...@gmail.com]

That does not help to solve my problem.
The situation is as follows:

Debian 8 template based VM. Seahorse, evolution, etc. can use Gnome keyring, but there is no CLI tool that works.
I have tried
- gnome-keyring-query https://gist.github.com/adamhotep/e5798989187b393789c1
- gkeyring https://github.com/kparal/gkeyring
- own python scripts using gnomekeyring python bindings
They work perfectly well with F20 based VMs.

Any idea?

[Unman]

Well it might not solve it but it does tell you where to look.
The problem is that the debian templates arent setting up dbus
correctly. I'll have a look at fixing this.

In the meantime here's a quick workaround:
find the dbus socket:
netstat -a|grep dbus
You should see many lines:in the final column something like @/tmp/dbus-xxxx
You might notice that there are two distinct values - use the most
common one and put it in your environment:

export DBUS_SESSION_BUS_ADDRESS="unix:abstract=/tmp/dbus-xxxx"
(use the value from netstat without the "@")

Now your command line tools should work fine.

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I guess the problem is order of scripts in
/etc/X11/Xsession.d. Especially 98qubes-session probably should be
before 75dbus_dbus-launch, perhaps it should be even something like
20qubes-session. But I haven't tested that. Can you test that? If that
solves the problem, I'll fix the package.

> In the meantime here's a quick workaround:
> find the dbus socket:
> netstat -a|grep dbus
> You should see many lines:in the final column something like @/tmp/dbus-xxxx
> You might notice that there are two distinct values - use the most
> common one and put it in your environment:
>
> export DBUS_SESSION_BUS_ADDRESS="unix:abstract=/tmp/dbus-xxxx"
> (use the value from netstat without the "@")
>
> Now your command line tools should work fine.
>

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJVfjUDAAoJENuP0xzK19csQiYH/3MXgGMG6uyBr32tscfy8Hly
f8gH45VXhwr0D1lr6BrybMkXSx92bPntxC56LGN3IcCToE6tpJaSlkdyC6eqIbce
yjHYruSjEzDM4Y2C3DPuUPWNKSiBcxUrjsEv6lbAMyl/lCjjVAgn+p4kkk2t4GPG
7+wxM/WrB+0XhxOO1sPO9jX6I7dMsAFd3aLW2bz+EMj7Xj5c8a/4bI1Bc1e58VX/
Ue6AdBdMaHnXvfNrjMw84nQ8zBRG9IdRRYwdLgpEVTdKfpb68JyE6Mq11GBe/X89
bZPg24BL0SeauO94dK0sT4yoWpYE/DPgJP7xhVZpHSaA/0fI/a9v6m6HdXJodsE=
=rj8T
-----END PGP SIGNATURE-----

[Jason M]

I have a fix almost complete.  There is a problem with qubes-run-desktop; maybe some GLib bug.

I have one fix that works, but working on a better implementation using dbus instead of subprocess.  Stay tuned...

[Jason M]

One of the problems I noticed is apps that had DBusActivatable=true would not start in a reliable manner via qubes-desktop-run launched either from qubes-manager or gnome-terminal, but they would load properly with the `gapplication launch org.gnome.Nautilus`

Therefore I attempted to modify qubes-desktop-run to first identify applications that support being activated by dbus, then activating those applications via dbus.  My initial attempt which seems to work fine was just to call `gapplication launch` via a python subprocess.Popen call, but I figured it would be better in the long run to use a proper dbus message to activate.

Currently I have the dbus activate working for an application if no files are part of the args.  I still need to work on 'open'.  I will include my test code here if anyone want to take it for a test run.  Just replace the '/usr/bin/qubes-desktop-run' code with the following and let me know the results.

#! /usr/bin/env python
# -*- coding: utf-8 -*-
# vim: set ft=python ts=4 sw=4 sts=4 et :

import sys
from gi.repository import Gio, GLib

def main(myname, desktop, *files):
    info = Gio.DesktopAppInfo()
    dbus_activate = False

    try:
        launcher = info.new_from_filename(desktop)
    except TypeError:
        launcher = None

    if launcher:
        dbus_activate = launcher.get_boolean('DBusActivatable')

    if not dbus_activate:
        launcher.launch(files, None)

    else:
        #import subprocess
        #if dbus_activate:
        #    print launcher.get_id().replace('.desktop', '')
        #    process = subprocess.Popen(['gapplication', 'launch', launcher.get_id().replace('.desktop', '')], close_fds=True)
        #return
       
        # (Gio.DBusConnection) – A Gio.DBusConnection
        session = Gio.bus_get_sync(Gio.BusType.SESSION, None)

        # (Gio.DBusProxyFlags) – Flags used when constructing the proxy.
        flags = Gio.DBusProxyFlags.NONE  

        # (Gio.DBusInterfaceInfo|None) – A Gio.DBusInterfaceInfo specifying the minimal interface that proxy conforms to or None.
        info = None

        # (str or None) – A bus name (well-known or unique) or None if connection is not a message bus connection.
        app_id = launcher.get_id()
        if app_id.endswith('.desktop'):
            app_id = app_id[:-8]

        # (str) – An object path.
        object_path = '/' + app_id.replace('.', '/').replace('-', '_')

        # (str) – A D-Bus interface name.
        interface_name = 'org.freedesktop.Application'

        # cancellable (Gio.Cancellable or None) – A Gio.Cancellable or None.
        cancellable = None

        proxy = Gio.DBusProxy.new_sync(session,
                                       flags,
                                       info,
                                       app_id,
                                       object_path,
                                       interface_name,
                                       cancellable
                                       )

        builder = GLib.VariantBuilder.new(GLib.VariantType.new('r'))

        if files:
            builder.open(GLib.VariantType.new('as'))
            for filename in files:
                print 'Adding ', filename
                builder.add_value(GLib.Variant('s', filename))
            builder.close()

        builder.open(GLib.VariantType.new('a{sv}'))
        #startup_id = GLib.getenv("DESKTOP_STARTUP_ID") or app_id
        #if startup_id:
        #    #builder.add_value(GLib.Variant('a{sv}', {'startup-id': GLib.Variant('s', startup_id)}))
        builder.close()
       
        parameters = builder.end()

        print 'Calling call_sync...'
        if files:
            print 'Open...'
            result = proxy.call_sync ("Open", parameters, Gio.DBusCallFlags.NONE, -1, cancellable)
        else:
            print 'Activate...'
            result = proxy.call_sync ("Activate", parameters, Gio.DBusCallFlags.NONE, -1, cancellable)

        print 'Result: ', result
        print 'Done.'

if __name__ == "__main__":
    main(*sys.argv)

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

According to previous messages - it seems that the source of the problem
isn't method of starting the application. The problem is that session
bus daemon isn't started properly. When I check that in my VM, every
application (which tries to use dbus) have its own dbus session daemon.
It isn't surprising that they cannot communicate with each other...

So IMO its better for first fix session dbus setup and check if that
fixes the other problems. If not - then try to modify qubes-desktop-run.

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJVfpk7AAoJENuP0xzK19csuFkH/jM5MCceW+wUfDwY0+skJoY2
gKMc8M5oQdV/PfT+9j56NZDUPz+gNKTBZ12KxoO/rqCZ0LqLWImGMv1F5RmfvCsf
Gt4u+JD7QkoJnr7c8AkL/qy5UZ2WLnY5GvdNmOV9Q0PBb0TkTfX/u8YT5RrqK1h2
M3kE29eHGxCFF4yAfhgeJYnC6X42F5usYVdvfUYdrL/QcSbRNceM91p+MFhRE0a4
sSqA+0aYAMNoXIAkOpyHo17fhItzhx2eEs1Oiugia7+l6jM9Ypu0QQ8CKemW97q1
zlB5VlzpnV+RAF6Gy9cpRV0QRtQ/UwG3suG7FZLYH5GD9AczYh53IHeZQjM5wYY=
=H1pl
-----END PGP SIGNATURE-----

[peter.p...@gmail.com]

YES! That helps!
gkeyring and my own python code work now.

Thanks, you guys rock!
Hope that this leads to a fix in the template soon.

Peter.

[Jason M]

I understand your point that you want to confirm the system Dbus is started properly.

Though, we still need to look at the proper way  to start applications that support DBusActivatable.  The recommended way to start such an application now is to start it via Dbus, not by it's Exec statement [4].  The Exec is there for backwards compatibility. [1]

If you start Nautilus via Dbus, it starts every time even in it in its current configuration.  I do suggest that the problem, or at least part of the problem is in the way the applications is currently being started that support DBusActivatable.  For instance, if you use 'gapplication' to start Nautilus, it will start it using Dbus.

Here are some references to my points above:
[1] https://developer.gnome.org/gio/stable/gapplication-tool.html
[2] http://standards.freedesktop.org/desktop-entry-spec/latest/ar01s07.html
[3] https://wiki.gnome.org/HowDoI/DBusApplicationLaunching
[4] http://lists.freedesktop.org/archives/xdg/2013-June/012828.html
[5]https://wiki.freedesktop.org/www/Software/desktop-file-utils/

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ok, I see. So we need to fix two problems:
1. properly start session dbus (bug)
2. handle DBusActivatable (feature)

> Here are some references to my points above:
> [1] https://developer.gnome.org/gio/stable/gapplication-tool.html
> <https://developer.gnome.org/gio/stable/gapplication-tool.html>
> [2] http://standards.freedesktop.org/desktop-entry-spec/latest/ar01s07.html
> <http://standards.freedesktop.org/desktop-entry-spec/latest/ar01s07.html>
> [3] https://wiki.gnome.org/HowDoI/DBusApplicationLaunching
> <https://wiki.gnome.org/HowDoI/DBusApplicationLaunching>
> [4] http://lists.freedesktop.org/archives/xdg/2013-June/012828.html
> <http://lists.freedesktop.org/archives/xdg/2013-June/012828.html>
> [5]https://wiki.freedesktop.org/www/Software/desktop-file-utils/

> <https://wiki.freedesktop.org/www/Software/desktop-file-utils/>

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJVf1zqAAoJENuP0xzK19csY58H/3Xc6mIt8YzlWZ+tKulMYB6I
2YCI6G96yLKCZZZXICqLNVH8337Uw5gPWUO5hRT03YXFmNAP7sTkbQvIb0ATNpbY
16Rttjd+xHVrt5UDQuGJFqzYdC7nP+akLxIakNs0FNEjfgNUm+EeOVL7OwN3nZbp
RO6ltXi37+ADNvs184LltLVI0GEfdgP2yGmW2iI1ngP0dtTDwnGAo+W8q73SQbzM
shrMlmKwSaG4RVJr+O7PFyKmaWXnWCykVZgQwqd6Ywe4kv6bUP4s0TUJWG91nGxC
zW0lGjV5x/Kf/PtNb+Z8DW/g9b0JDvQ8reg6r4ZNgM+ZIXGFxDhosJ/8COkm11s=
=hV4D
-----END PGP SIGNATURE-----

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've read the thread again and I see that DBusActivatable currently
isn't ignored but also isn't handled correctly (as setting
DBusActivatable=false fixes the problem).
But this can be because of first problem - no session dbus. See message
from Peter sent Jun 15 13:23 - setting DBUS_SESSION_BUS_ADDRESS
correctly fixes some of those problems.

> > Here are some references to my points above:
> > [1] https://developer.gnome.org/gio/stable/gapplication-tool.html
> > <https://developer.gnome.org/gio/stable/gapplication-tool.html>
> > [2] http://standards.freedesktop.org/desktop-entry-spec/latest/ar01s07.html
> > <http://standards.freedesktop.org/desktop-entry-spec/latest/ar01s07.html>
> > [3] https://wiki.gnome.org/HowDoI/DBusApplicationLaunching
> > <https://wiki.gnome.org/HowDoI/DBusApplicationLaunching>
> > [4] http://lists.freedesktop.org/archives/xdg/2013-June/012828.html
> > <http://lists.freedesktop.org/archives/xdg/2013-June/012828.html>
> > [5]https://wiki.freedesktop.org/www/Software/desktop-file-utils/
> > <https://wiki.freedesktop.org/www/Software/desktop-file-utils/>
>

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJVf2PfAAoJENuP0xzK19cs+4cH/juSDthvYmzApKNNt6TQ+JvI
AAK+Nd9925qxL8RoS3vOUpxRYbDshlnkfKgttltpK1RQzWILKfoFxT3hVwqmzLzz
Yp+lqXqwiyQ4lb9xzQHNtq+uNYVDnZkYoUwGMOvUZf6Yeqh4PZid7iNjamwwig3+
kjqbgw+/2hf+eeB439WcBykjqQLMry9oKIuS3sAxvgcdhb6nMTa496RhznVvdIue
bii7tlDjX1Xm8NXD78DEhO7sEEmS56fu+Abmn/n/bR2U9javpdx0NLw/Rl1bWFPK
Nw3OZaLmZMyXJdTjK1xpWK2pe/76IgjiY9OLFrTjSCQK/bblgHyInf+sHP2Khos=
=lXR1
-----END PGP SIGNATURE-----