Re: [Sugar-devel] [PATCH sugar] Create a default unencrypted keyring, OLPC #10290
On 06/11/2012 07:11 PM, Simon Schampijer wrote: Follow-up: Upstream seem to work on the possibility to use the XDG dirs, so one can specify an alternative path. https://bugzilla.gnome.org/show_bug.cgi?id=613644 Thanks to Marco for pointing that out, Simon The enhancement to use the XDG dirs for storing keys has landed now. Would be great if someone could follow up on that and give feedback to Stef on his approach. Regards, Simon ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] [PATCH sugar] Create a default unencrypted keyring, OLPC #10290
Follow-up: Upstream seem to work on the possibility to use the XDG dirs,
so one can specify an alternative path.
https://bugzilla.gnome.org/show_bug.cgi?id=613644
Thanks to Marco for pointing that out,
Simon
On 04/16/2012 12:33 PM, Simon Schampijer wrote:
This patch does create an ununcrypted default keyring
if there is not one available already. This will stop
prompts for unlocking the keyring after logging into
Sugar.
In GNOME the session manager deals with creating
that keyring. In the OLPC images we do create a default
keyring on image creation time (see olpc-configure), same
is true for Soas. This patch does check/create the
keyring on every Sugar run. The advantage is that
for example installs the live image to a disk install
using liveinst, or install Sugar from the Fedora installer
without installing or ever running GNOME that workaround
will work for them as well.
Signed-off-by: Peter Robinson
Signed-off-by: Simon Schampijer
---
bin/sugar.in | 20
1 files changed, 20 insertions(+), 0 deletions(-)
diff --git a/bin/sugar.in b/bin/sugar.in
index 12098db..df27143 100644
--- a/bin/sugar.in
+++ b/bin/sugar.in
@@ -62,6 +62,26 @@ export LANGUAGE="${LANGUAGE:-${LANG}}"
# Set Sugar's telepathy accounts directory
export MC_ACCOUNT_DIR=$HOME/.sugar/$SUGAR_PROFILE/accounts
+# Check if the keyring exists and create a default
+# unencrypted keyring (OLPC #10290)
+keyring_path=$HOME/.gnome2/keyrings
+if [ ! -e $keyring_path/login.keyring ]&&
+[ ! -e $keyring_path/default.keyring ]; then
+mkdir -p $keyring_path
+echo 'default'> $keyring_path/default
+TIME=$(/bin/date +%s)
+cat>> $keyring_path/default.keyring.tmp
Re: [Sugar-devel] [PATCH sugar] Create a default unencrypted keyring, OLPC #10290
Thanks Sascha for commenting, On 04/23/2012 11:13 PM, Sascha Silbe wrote: Excerpts from Simon Schampijer's message of 2012-04-16 12:33:05 +0200: This patch does create an ununcrypted default keyring if there is not one available already. This will stop prompts for unlocking the keyring after logging into Sugar. In GNOME the session manager deals with creating that keyring. In the OLPC images we do create a default keyring on image creation time (see olpc-configure), same is true for Soas. This patch does check/create the keyring on every Sugar run. The advantage is that for example installs the live image to a disk install using liveinst, or install Sugar from the Fedora installer without installing or ever running GNOME that workaround will work for them as well. At least the patch description is too downstream-centric for my taste. It also looks like something the distro X session scripts should do, not sugar. It may be fine to include in sugar-emulator, because we're setting up the X session manually there, without calling the distro X session scripts. Ok the description can be tweaked, any suggestions? IIRC, somebody mentioned (on IRC?) that this functionality is also included in gnome-session. Replacing our ancient embedded copy of gnome-session in sugar-toolkit with using upstream gnome-session would do the trick as well then. I've been working with upstream on that for some time. gnome-session can now properly run non-default (read non-Gnome) sessions [1] and I have working sugar [2] and sugar-toolkit [3] patches to make use of that facility. The only reason I've not posted it for upstream (Sugar) inclusion is that gnome-session doesn't provide API for Sugar to trigger Shutdown and Reboot without presenting non-Sugar UI [4]. With the systemd support patch that landed recently (99bb52c [5]), this hurdle is gone at least on systemd based systems (i.e. Fedora). Great work, I am keen on making this happen in the 0.98 cycle. In the meantime I think this workaround is good to have, I heard rumors that Peter will patch the Fedora rpm with it. Regards, Simon ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] [PATCH sugar] Create a default unencrypted keyring, OLPC #10290
On Mon, Apr 23, 2012 at 10:13 PM, Sascha Silbe wrote: > Excerpts from Simon Schampijer's message of 2012-04-16 12:33:05 +0200: > >> This patch does create an ununcrypted default keyring >> if there is not one available already. This will stop >> prompts for unlocking the keyring after logging into >> Sugar. >> >> In GNOME the session manager deals with creating >> that keyring. In the OLPC images we do create a default >> keyring on image creation time (see olpc-configure), same >> is true for Soas. This patch does check/create the >> keyring on every Sugar run. The advantage is that >> for example installs the live image to a disk install >> using liveinst, or install Sugar from the Fedora installer >> without installing or ever running GNOME that workaround >> will work for them as well. > > At least the patch description is too downstream-centric for my > taste. It also looks like something the distro X session scripts should > do, not sugar. It may be fine to include in sugar-emulator, because > we're setting up the X session manually there, without calling the > distro X session scripts. It should work fine on all distros and releases, the whole reason I did the patch is to fix issues not on the XO. > IIRC, somebody mentioned (on IRC?) that this functionality is also > included in gnome-session. Replacing our ancient embedded copy of > gnome-session in sugar-toolkit with using upstream gnome-session would > do the trick as well then. I've been working with upstream on that for > some time. gnome-session can now properly run non-default (read > non-Gnome) sessions [1] and I have working sugar [2] and sugar-toolkit > [3] patches to make use of that facility. The only reason I've not > posted it for upstream (Sugar) inclusion is that gnome-session doesn't > provide API for Sugar to trigger Shutdown and Reboot without presenting > non-Sugar UI [4]. With the systemd support patch that landed recently > (99bb52c [5]), this hurdle is gone at least on systemd based systems > (i.e. Fedora). I believe it is, ultimately if/when we move to that the whole start up will have to be re-written which is a bit to big for this cycle, I don't see the issues with including this in the interim. Peter ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] [PATCH sugar] Create a default unencrypted keyring, OLPC #10290
Excerpts from Simon Schampijer's message of 2012-04-16 12:33:05 +0200: > This patch does create an ununcrypted default keyring > if there is not one available already. This will stop > prompts for unlocking the keyring after logging into > Sugar. > > In GNOME the session manager deals with creating > that keyring. In the OLPC images we do create a default > keyring on image creation time (see olpc-configure), same > is true for Soas. This patch does check/create the > keyring on every Sugar run. The advantage is that > for example installs the live image to a disk install > using liveinst, or install Sugar from the Fedora installer > without installing or ever running GNOME that workaround > will work for them as well. At least the patch description is too downstream-centric for my taste. It also looks like something the distro X session scripts should do, not sugar. It may be fine to include in sugar-emulator, because we're setting up the X session manually there, without calling the distro X session scripts. IIRC, somebody mentioned (on IRC?) that this functionality is also included in gnome-session. Replacing our ancient embedded copy of gnome-session in sugar-toolkit with using upstream gnome-session would do the trick as well then. I've been working with upstream on that for some time. gnome-session can now properly run non-default (read non-Gnome) sessions [1] and I have working sugar [2] and sugar-toolkit [3] patches to make use of that facility. The only reason I've not posted it for upstream (Sugar) inclusion is that gnome-session doesn't provide API for Sugar to trigger Shutdown and Reboot without presenting non-Sugar UI [4]. With the systemd support patch that landed recently (99bb52c [5]), this hurdle is gone at least on systemd based systems (i.e. Fedora). Sascha [1] https://bugzilla.gnome.org/show_bug.cgi?id=633276 [2] https://git.sugarlabs.org/sugar/silbe/commits/gnome-session [3] https://git.sugarlabs.org/sugar-toolkit/silbe/commits/gnome-session [4] https://bugzilla.gnome.org/show_bug.cgi?id=575880 [5] https://git.sugarlabs.org/sugar/mainline/commit/99bb52c5dbea01a3ffc9b8821ec12af2536f76ca -- http://sascha.silbe.org/ http://www.infra-silbe.de/ signature.asc Description: PGP signature ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] [PATCH sugar] Create a default unencrypted keyring, OLPC #10290
On 04/16/2012 12:33 PM, Simon Schampijer wrote: This patch does create an ununcrypted default keyring if there is not one available already. This will stop prompts for unlocking the keyring after logging into Sugar. In GNOME the session manager deals with creating that keyring. In the OLPC images we do create a default keyring on image creation time (see olpc-configure), same is true for Soas. This patch does check/create the keyring on every Sugar run. The advantage is that for example installs the live image to a disk install using liveinst, or install Sugar from the Fedora installer without installing or ever running GNOME that workaround will work for them as well. Signed-off-by: Peter Robinson Signed-off-by: Simon Schampijer Hi Sascha, you were saying in the last developer meeting that there was a bigger issue with that patch, can you point that out please? Thanks, Simon ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] [PATCH sugar] Create a default unencrypted keyring, OLPC #10290
On Tue, Apr 17, 2012 at 12:26 PM, Peter Robinson wrote: > Not off the top of my head, it took a lot of googleing to find it but > basically it moves what we currently do in OOB, with a few tweaks, to Quick nitpick here: It's not OOB, but olpc-configure, part of olpc-utils. IOWs, not at image build time, but at first boot (or of the files are missing). m -- martin.langh...@gmail.com mar...@laptop.org -- Software Architect - OLPC - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] [PATCH sugar] Create a default unencrypted keyring, OLPC #10290
On Tue, Apr 17, 2012 at 5:04 PM, Daniel Drake wrote: > On Mon, Apr 16, 2012 at 4:33 AM, Simon Schampijer wrote: >> In GNOME the session manager deals with creating >> that keyring. > > Nice find, I was always wondering about that. Do you have a reference > to the exact code that does this? Not off the top of my head, it took a lot of googleing to find it but basically it moves what we currently do in OOB, with a few tweaks, to the sugar startup so it can handle multiple users and the like, it was causing me hell with people that either "yum install @sugar-desktop" or use liveinst to make a real install from the SoaS live image. Peter ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] [PATCH sugar] Create a default unencrypted keyring, OLPC #10290
On Mon, Apr 16, 2012 at 07:33, Simon Schampijer wrote: > This patch does create an ununcrypted default keyring > if there is not one available already. This will stop > prompts for unlocking the keyring after logging into > Sugar. On Debian Testing I used these commands to stop the prompt: echo "default" > ~/.gnome2/keyrings/default echo "[keyring]" > ~/.gnome2/keyrings/default.keyring echo "display-name=default" >> ~/.gnome2/keyrings/default.keyring TIME=$(/bin/date +%s) echo "ctime=$TIME" >> ~/.gnome2/keyrings/default.keyring echo "mtime=$TIME" >> ~/.gnome2/keyrings/default.keyring echo "lock-on-idle=false" >> ~/.gnome2/keyrings/default.keyring echo "lock-timeout=0" >> ~/.gnome2/keyrings/default.keyring -- Kaufmann Manuel Blog: http://humitos.wordpress.com/ Porfolio: http://fotos.mkaufmann.com.ar/ PyAr: http://www.python.com.ar/ ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
Re: [Sugar-devel] [PATCH sugar] Create a default unencrypted keyring, OLPC #10290
On Mon, Apr 16, 2012 at 4:33 AM, Simon Schampijer wrote: > In GNOME the session manager deals with creating > that keyring. Nice find, I was always wondering about that. Do you have a reference to the exact code that does this? Thanks, Daniel ___ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
[Sugar-devel] [PATCH sugar] Create a default unencrypted keyring, OLPC #10290
This patch does create an ununcrypted default keyring
if there is not one available already. This will stop
prompts for unlocking the keyring after logging into
Sugar.
In GNOME the session manager deals with creating
that keyring. In the OLPC images we do create a default
keyring on image creation time (see olpc-configure), same
is true for Soas. This patch does check/create the
keyring on every Sugar run. The advantage is that
for example installs the live image to a disk install
using liveinst, or install Sugar from the Fedora installer
without installing or ever running GNOME that workaround
will work for them as well.
Signed-off-by: Peter Robinson
Signed-off-by: Simon Schampijer
---
bin/sugar.in | 20
1 files changed, 20 insertions(+), 0 deletions(-)
diff --git a/bin/sugar.in b/bin/sugar.in
index 12098db..df27143 100644
--- a/bin/sugar.in
+++ b/bin/sugar.in
@@ -62,6 +62,26 @@ export LANGUAGE="${LANGUAGE:-${LANG}}"
# Set Sugar's telepathy accounts directory
export MC_ACCOUNT_DIR=$HOME/.sugar/$SUGAR_PROFILE/accounts
+# Check if the keyring exists and create a default
+# unencrypted keyring (OLPC #10290)
+keyring_path=$HOME/.gnome2/keyrings
+if [ ! -e $keyring_path/login.keyring ] &&
+[ ! -e $keyring_path/default.keyring ]; then
+mkdir -p $keyring_path
+echo 'default' > $keyring_path/default
+TIME=$(/bin/date +%s)
+cat >> $keyring_path/default.keyring.tmp
