Anonymous | Login | 2024-04-28 20:55 CEST |
Main | My View | View Issues |
Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||
0004765 | [gnomekeyring] packaging | minor | always | 2011-04-29 15:36 | 2011-04-30 13:42 | ||
Reporter | maciej | View Status | public | ||||
Assigned To | maciej | ||||||
Priority | normal | Resolution | fixed | ||||
Status | closed | ||||||
Summary | 0004765: keyring_tool: "socket credentials not supported on this OS" | ||||||
Description |
$ keyring_tool --create=svn Enter password for 'svn' keyring: ERROR: Error communicating with gnome-keyring-daemon Successive attempts to run keyring_tool result in a new error from gnome-keyring-daemon each time that reads: socket credentials not supported on this OS |
||||||
Additional Information |
Hi, I'm having trouble getting gnome-keyring-daemon 2.28.2 to work on Solaris 10 x64. I'm trying to get it up and running on a non-graphical server so that the CollabNet Subversion client can make use of it to encrypt svn user passwords. When I try to start the gnome-keyring-daemon, I get the following messages: $ gnome-keyring-daemon --components keyring,pkcs11 -f GNOME_KEYRING_SOCKET=/var/tmp/keyring-vTJviG/socket GNOME_KEYRING_PID=13541 ** Message: couldn't connect to dbus session bus: /opt/csw/bin/dbus-launch terminated abnormally with the following error: Autolaunch error: X11 initialization failed. ** Message: couldn't allocate secure memory to keep passwords and or keys from being written to the disk socket credentials not supported on this OS The keyring_tool that comes with CollabNet Subversion reports: $ keyring_tool --create=svn Enter password for 'svn' keyring: ERROR: Error communicating with gnome-keyring-daemon Successive attempts to run keyring_tool result in a new error from gnome-keyring-daemon each time that reads: socket credentials not supported on this OS I'm using Solaris 10 update 8 *without the GNOME desktop installed*. Instead I've installed the following packages from OpenCSW (and their dependencies): CSWgnomekeyring 2.28.2,REV=2010.03.05 CSWgnomekeyringmgr 2.14.0 CSWdbus 1.3.1,REV=2010.07.04 I also needed to run 'dbus-uuidgen --ensure' as root before I could get this far. Any help would be much appreciated. Best regards, Mark. ===================================================================== Hi Maciej, Looking at the source code, egg-unix-credentials.c lines 142-156: #elif defined(HAVE_GETPEERUCRED) ucred_t *uc = NULL; if (getpeerucred (sock, &uc) == 0) { *pid = ucred_getpid (uc); *uid = ucred_geteuid (uc); ucred_free (uc); } else { fprintf (stderr, "getpeerucred() failed: %s\n", strerror (errno)); return -1; } #else /* !SO_PEERCRED && !HAVE_CMSGCRED */ fprintf (stderr, "socket credentials not supported on this OS\n" ); return -1; #endif The 'socket credentials not supported on this OS' error should only occur if the OS does not have getpeerucred(). But Solaris 10 does have this function. So maybe I thought the configure script was wrong, but no, if I download gnome-keyring-2.28.2 (which is, I believe, the version you packaged), then after configure has finished: $ grep HAVE_GETPEERUCRED config.h #define HAVE_GETPEERUCRED 1 I guess that something went wrong when you were compiling the source code, because it works ok for me. I've worked around this problem in the end by installing the standard Solaris packages that include gnome-keyring-manager and it works fine. However, you will want to fix the CSWgnomekeyring packagem, which, as far as I can tell, is not compiled correctly. More details here: http://kenneho.net/2011/01/30/using-svn-client-and-gnome-keyring-in-ssh-sessions/ [^] Best regards, Mark. ==================================================================== Maciej wrote: I did a little bit of poking, here are my findings: The CSWgnomekeyring package in the current catalog was build on 5.8. I checked that the 5.9 build does not have the HAVE_GETPEERUCRED option enabled, so assuming it's not a detection problem, Solaris 9 is missing this feature. Solaris 9: maciej@current9s :~/src/opencsw/pkg/gnome-base/gnome-keyring/trunk > grep HAVE_GETPEERUCRED work/solaris9-sparc/build-isa-sparcv8/gnome-keyring-2.28.2/config.h /* #undef HAVE_GETPEERUCRED */ Solaris 10: maciej@current9s :~/src/opencsw/pkg/gnome-base/gnome-keyring/trunk > grep HAVE_GETPEERUCRED work/solaris10-sparc/build-isa-sparcv8/gnome-keyring-2.28.2/config.h #define HAVE_GETPEERUCRED 1 I've rebuilt gnome-keyring, creating separate packages for 9 and 10. I've also split the package according to the new policy, that's why you'll see four packages instead of one. Please try gnomekeyring from the experimental catalog: http://buildfarm.opencsw.org/experimental.html#gnome-keyring [^] Maciej ======================================================================== Mark wrote: Thanks Maciej, that seems to work. However I do see the following errors from gnome-keyring-daemon: ** Message: couldn't allocate secure memory to keep passwords and or keys from being written to the disk couldn't lock 16384 bytes of private memory: Broken pipe It doesn't seem to affect the result, but you might want to look into whether you can improve the build so that private memory can be locked. Best regards, Mark. ====================================================================== It might be the same thing that affects gpg. Linux for example has the ability to let user lock a small amount of memory. Solaris seems to require root privileges, so gpg needs to be installed with setuid root bit set. Not sure about this program, maybe it needs the same thing. Maciej =========================================================================== Mark wrote: Hi Maciej, You're right, running under 'ppriv -D' for privilege debugging: gnome-keyring-da[9730]: missing privilege "proc_lock_memory" (euid = 59173, syscall = 131) needed at memcntl+0x108 It's down to the Solaris privilege system. So this isn't a problem with your package. Thanks again, Mark. |
||||||
Tags | No tags attached. | ||||||
Attached Files | |||||||
|
Copyright © 2000 - 2008 Mantis Group |