diff --git a/gnome-keyring-2.31.5-ssh-agent-unlock.patch b/gnome-keyring-2.31.5-ssh-agent-unlock.patch new file mode 100644 index 0000000..345e03e --- /dev/null +++ b/gnome-keyring-2.31.5-ssh-agent-unlock.patch @@ -0,0 +1,67 @@ +From 629fecbd61c8585a2bc95e2fcb059de260c34fb8 Mon Sep 17 00:00:00 2001 +From: Stef Walter +Date: Sun, 11 Jul 2010 23:18:23 +0000 +Subject: [ssh-agent] Try to unlock key before use. + + * This allows us to keep the unlocking for the rest of the session. + * Restores behavior from gnome-keyring 2.30 and before. +--- +diff --git a/daemon/ssh-agent/gkd-ssh-agent-ops.c b/daemon/ssh-agent/gkd-ssh-agent-ops.c +index 759a06a..dc02245 100644 +--- a/daemon/ssh-agent/gkd-ssh-agent-ops.c ++++ b/daemon/ssh-agent/gkd-ssh-agent-ops.c +@@ -892,6 +892,42 @@ make_raw_sign_hash (GChecksumType algo, const guchar *data, gsize n_data, + return hash; + } + ++static guchar* ++unlock_and_sign (GP11Session *session, GP11Object *key, gulong mech_type, const guchar *input, ++ gsize n_input, gsize *n_result, GError **err) ++{ ++ GP11Attributes *attrs; ++ GP11Object *cred; ++ gboolean always; ++ ++ /* First check if we should authenticate the key */ ++ attrs = gp11_object_get (key, err, CKA_ALWAYS_AUTHENTICATE, GP11_INVALID); ++ if (!attrs) ++ return NULL; ++ ++ /* Authenticate the key if necessary, this allows long term */ ++ if (!gp11_attributes_find_boolean (attrs, CKA_ALWAYS_AUTHENTICATE, &always)) ++ g_return_val_if_reached (NULL); ++ ++ gp11_attributes_unref (attrs); ++ ++ if (always == TRUE) { ++ cred = gp11_session_create_object (session, err, ++ CKA_TOKEN, GP11_BOOLEAN, FALSE, ++ CKA_CLASS, GP11_ULONG, CKO_G_CREDENTIAL, ++ CKA_VALUE, 0, NULL, ++ CKA_G_OBJECT, GP11_ULONG, gp11_object_get_handle (key), ++ GP11_INVALID); ++ if (cred == NULL) ++ return NULL; ++ ++ g_object_unref (cred); ++ } ++ ++ /* Do the magic */ ++ return gp11_session_sign (session, key, mech_type, input, n_input, n_result, err); ++} ++ + static gboolean + op_sign_request (GkdSshAgentCall *call) + { +@@ -961,8 +997,7 @@ op_sign_request (GkdSshAgentCall *call) + session = gp11_object_get_session (key); + g_return_val_if_fail (session, FALSE); + +- /* Do the magic */ +- result = gp11_session_sign (session, key, mech, hash, n_hash, &n_result, &error); ++ result = unlock_and_sign (session, key, mech, hash, n_hash, &n_result, &error); + + g_object_unref (session); + g_object_unref (key); +-- +cgit v0.8.3.1 diff --git a/gnome-keyring.spec b/gnome-keyring.spec index cdf8091..da2c2fa 100644 --- a/gnome-keyring.spec +++ b/gnome-keyring.spec @@ -8,7 +8,7 @@ Summary: Framework for managing passwords and other secrets Name: gnome-keyring Version: 2.31.4 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ and LGPLv2+ Group: System Environment/Libraries #VCS: git:git://git.gnome.org/gnome-keyring @@ -22,6 +22,11 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Patch3: gnome-keyring-2.28.1-nopass.patch +# Bug 611642 - gnome-keyring isn't staying unlocked +# https://bugzilla.redhat.com/show_bug.cgi?id=611642 +Patch4: gnome-keyring-2.31.5-ssh-agent-unlock.patch + + BuildRequires: glib2-devel >= %{glib2_version} BuildRequires: gtk2-devel >= %{gtk2_version} BuildRequires: GConf2-devel @@ -77,6 +82,7 @@ automatically unlock the "login" keyring when the user logs in. %prep %setup -q -n gnome-keyring-%{version} %patch3 -p1 -b .no-pass +%patch4 -p1 -b .ssh-unlock # Enable daemon autostart in XFCE for i in daemon/*.desktop.in.in; do @@ -166,6 +172,9 @@ fi %changelog +* Tue Jul 20 2010 Tomas Bzatek - 2.31.4-2 +- ssh-agent: fix key unlocking (#611642) + * Tue Jun 29 2010 Tomas Bzatek - 2.31.4-1 - Update to 2.31.4