For a long time, I used i3[1] as window manager. It was fine as I like stripped down environment. However, I missed some features of my Gnome 2 experience. Thus I moved to Mate[2] and easily configured it to match my minimalistic needs. All was perfect and I was happy with it, until I realize something was really bothering me: even with all the known methods[3] to disable Gnome keyring autostart, it keeps launching when my session starts. This behavior leads to very nasty bugs, like breaking Emacs tramp or continually bothering me to enter my passphrase.
I finally found a working solution in the Mate Session Manager[4] issues traker. So for all other people, who goes mad because of this, here is the definitive guide to definitely shut Gnome keyring down.
[4] a working solution in the Mate Session Manager (HTTPS)
First, you need to configure your OpenSSH SSH agent. Nothing specific here, we just need to add a systemd service file for our current user, in order to automatically start the SSH agent when our session starts. I use the following file:
[Unit] Description=SSH key agent [Service] Type=simple Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket ExecStart=/usr/bin/ssh-agent -D -a $SSH_AUTH_SOCK [Install] WantedBy=default.target
You must save it in `\~/.config/systemd/user/ssh-agent.service'. Then enter `systemctl --user enable ssh-agent' in your console to active it at startup.
The important point here is the line `Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket', where I inform systemd to launch the ssh-agent with the environment variable set to the rather cryptic `%t/ssh-agent.socket'. The `%t' placeholder will expand to the runtime directory root[1], that is to say `/run/user/UID/'. In my case `/run/user/1000/ssh-agent.socket'. So, when ssh-agent will start, it will create a socket in this place.
To inform your desktop environment (and other programs, like Emacs), you must add this environment variable either in your `\~/.profile' file (if you'll use only TTY terminals) or, more surely in your `\~/.pam_environment' file. No other variable are available in that file, thus you must be explicit when setting the `SSH_AUTH_SOCK' variable. And yes there is a space between the variable name and `DEFAULT'. My own `\~/.pam_environment' file looks like:
SSH_AUTH_SOCK DEFAULT="/run/user/1000/ssh-agent.socket"
[1] will expand to the runtime directory root (HTTPS)
Now that ssh-agent will start just fine, we need to disable the SSH component of Gnome Keyring.
The first step is to "officially" asking it to don't start. You must copy the default `.desktop' autostart file in your home folder to customize it. Then append two magic lines to it to remove it from the Startup Application configuration dialog (the `Hidden=True' directive) and disable it for Mate desktop only (the `X-MATE-Autostart-enabled=false' directive):
cp /etc/xdg/autostart/gnome-keyring-ssh.desktop ~/.config/autostart/ echo 'Hidden=True' >> ~/.config/autostart/gnome-keyring-ssh.desktop echo 'X-MATE-Autostart-enabled=false' >> ~/.config/autostart/gnome-keyring-ssh.desktop
We now arrive to the core of the problem. The previous operation should have been sufficient, but there still exists a weird bug, which will spawn Gnome Keyring SSH agent each time you start your session.
To completely deactivate it, you must remove the `'keyring'' component from the `gnome-compat-startup' option in Gsettings. As this key holds an array value, the better way to do it is to use the `dconf-editor' application. Once you open it, browse to `org', then `mate', `desktop', and finally `session'. You should find the `gnome-compat-startup' in there. Click on it, unset the "Use default value" switch and remove `'keyring'' from the text field bellow. Take attention to remove the next comma. In my case, the field now contains only `['smproxy']'.
That's all, you can now enjoy a keyring-free desktop :)
[1] https://mlohr.com/gpg-agent-ssh-gnome/ (HTTPS)
[2] https://github.com/mate-desktop/mate-session-manager/issues/182 (HTTPS)
nil
--
π vendredi 22 mars 2019 Γ 12:34
π Γtienne Pflieger with GNU/Emacs 29.4 (Org mode 9.7.11)