Meh, i've looked more into this, and I'm still annoyed. I've tried to use gpg smartcard by default for both gpg signing/encryption and ssh authentication and it's harder than it should be.
Thus I'm gonna flip "NoDisplay=true" keys on gpg/ssh components such that one can toggle those off in the UI. Split the gpg/ssh components from the default upstart job, and make those be sensitive on X-GNOME-Autostart-enabled=false in the matching xdg autostart keys (either global /etc/xdg/autostart/gnome-keyring- ssh|gpg.desktop or per user ~/.config/autostart/gnome-keyring- ssh|gpg.desktop) The net effect should be that if one disables the gnome-keyring- ssh.desktop via UI, or any standard way, a standard ssh-agent will be used. Ditto with gnome-keyring-gpg.desktop. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/1387303 Title: regression: gnome-keyring components can't be disabled anymore Status in “gnome-keyring” package in Ubuntu: In Progress Bug description: To disable user session gnome-keyring upstart job: $ echo manual ~/.config/upstart/gnome-keyring.override ... and also disable the XDG auto-start jobs (Startup Applications) ====== GNOME Keyring is by default a rather invasive service, which meddles with security sensitive processes invasively. This may or may not be wise depending on a users situation. One particular case is GNOME Keyring's gpg-agent implementation, which is incomplete and therefore doesn't support GPG's OpenPGP smartcard support. gpg simply fails (with smartcards) when GNOME Keyring is impersonating gpg-agent... So to be able to use OpenPGP smartcards on Ubuntu, one needs to disable GNOME Keyring from impersonating gpg-agent, which for quite some time now has been trivial to effectively do: echo 'X-GNOME-Autostart-enabled=false' >> /etc/xdg/autostart/gnome- keyring-gpg.desktop With GNOME Keyring's recent update (3.10.1-1ubuntu4.1) in Trusty, this seems to have been broken by the addition of: /usr/share/upstart/sessions/gnome-keyring.conf So it seems the /etc/xdg/autostart/gnome-keyring files are either being ignored, or the started process is supplanted by the process started by the upstart session config. What is unclear to me is what the upstart session configuration is supposed to achieve? And if it is meant to supplant the xdg/autostart files, those should probably have been removed to prevent them from causing any confusion as to how gnome-keyring is started/managed. Presuming the upstart session is meant to stay, I would suggest to remove the /etc/xdg/autostart/gnome-keyring-*.desktop files to prevent confusion as mentioned above. And in my opinion a mechanism should be provided so users can control which gnome-keyring components '-- components=pkcs11,secrets,ssh,gpg' are activated using some configuration file in /etc, as files in /usr aren't meant to be user edited. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: gnome-keyring 3.10.1-1ubuntu4.1 ProcVersionSignature: Ubuntu 3.13.0-39.66-generic 3.13.11.8 Uname: Linux 3.13.0-39-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.5 Architecture: amd64 CurrentDesktop: Unity Date: Wed Oct 29 18:14:57 2014 EcryptfsInUse: Yes InstallationDate: Installed on 2014-04-07 (205 days ago) InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Beta amd64 (20140326) SourcePackage: gnome-keyring UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.xdg.autostart.gnome.keyring.gpg.desktop: 2014-04-09T19:49:03.884840 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1387303/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
