On Sun, 31 Jan 2021 at 11:45:08 +0000, Simon McVittie wrote: > I suspect I know what change triggered this: it'll be the security hardening > imported from the upstream glib-2-66 branch in 2.66.4-2. However, I couldn't > reproduce this failure to unlock in a test VM.
I've prepared several sets of packages that partially revert that change, to test this theory. They're all available from <https://people.debian.org/~smcv/bug981420/> as amd64 and i386 packages, signed by my key in the Debian keyring. The set versioned as "2.66.4-3+revert981420targeted" revert only the change that is most likely to be the cause of this regression. They also add new warnings that are printed whenever it matters. Please could you try those and report back whether it is successful? Whether they solve it or not, please also report what messages are logged in the systemd journal while you are logging in. I would expect to see a message something like this: Suppressing use of DBUS_SESSION_BUS_ADDRESS because setuid: euid 0 != ruid 1000 or like this: Not suppressing use of DBUS_SESSION_BUS_ADDRESS because not setuid, even though AT_SECURE If that set doesn't solve the regression, the next set to try is the one versioned as "2.66.4-3+revert981420dbus". Finally, if that doesn't solve it either, "2.66.4-3+revert981420entirely" might. Whatever the results of this, I'll still need to know whether your gnome-keyring-daemon is setuid and/or setcap (see previous messages). Thanks, smcv