[CentOS] a-gnome-oyences

Fri Mar 29 15:19:38 UTC 2013
m.roth at 5-cent.us <m.roth at 5-cent.us>

Gordon Messmer wrote:
> On 03/28/2013 07:00 AM, m.roth at 5-cent.us wrote:
>> Most of my users are on kde, as am I (I really don't like gnome). I've
got one on gnome, though, CentOS 6.4, and I have a problem: I have to
start
>> an agent running ->on login<-, so that the same one is in the
environment
>> of every term window he opens.
> That would be the normal configuration.
>> In kde, no problem, I modify /etc/X11/xinit/xinitrc-common so that code

>> in there calls our (newer) ssh-agent instead of the stock one.
>>  (And, of course, it's killed on  logout, and there's only one running,

>> not one every time that never go away unless killed manually.)
> You're already making things more complicated than they should be.  The
ssh agent is supposed to be the parent process of your login session.
That is, your login session should be:
>   ssh-agent startkde
> or:
>   ssh-agent gnome-session

Well, no. If you look at the stock /etc/X11/xinit/xinitrc-common. at the
bottom of the file, that's where it sets this stuff. As I said, we *have*
to use the compiled from more recent versions of ssh, because the current
stock version doesn't support US gov't PIV cards for authentication. And
doing this, I only get one agent, and it gets killed automagically when I
log out, as expected.

> With GDM, you'd modify the session file in /usr/share/xsessions.  You'd

a) /usr/share? Why are system-wide configuration files NOT IN /etc? b)
UTF-8? What freakin' morons decided it shouldn't be plain ascii, like
everything else? #$%^&*$%^&*($%^&*($%^&*(%^&*()_+

No matter what I open it in, it keeps showing up with garbage chars.

So I look at /etc/gdm, as I said, and I see it sourcing
/etc/X11/xinit/xinitrc-common, where I've got it set to reference our
agent. Then I go further down, and see
<snip>***************
 case "$1" in
        failsafe)
            exec -l $SHELL -c "xterm -geometry 80x24-0-0"
            ;;
        gnome|gnome-session)
            # lack of SSH_AGENT is intentional, see #441123.  though # the
whole thing should really happen in xinitrc.d anyway. exec -l
$SHELL -c gnome-session
            exec /bin/sh -c "exec -l $SHELL -c \"gnome-session\""
            ;;
        kde|kde1|kde2)
            exec $CK_XINIT_SESSION $SSH_AGENT /bin/sh -c "exec -l $SHELL
-c \"startkde\""
<snip>***************

Pause for some googling, ah, here's my answer that's less ugly, from 
<https://ask.fedoraproject.org/question/10225/is-it-possible-to-replace-gnome-keyring-daemon-with-ssh-agent/>,
which is to create /etc/X11/xinit/Xclients.d/Xclients.gnome-session.sh,
whose contents are
#!/bin/sh
exec -l $SHELL -c "$SSH_AGENT gnome-session"

> prefix the "Exec" line with "ssh-agent ", and be done.  As those files
would be
<snip>

> Xclients, which runs your session.  You shouldn't need to change
> anything at all, unless your newer ssh-agent is at a different path.
>  So, in that case, the only thing you should need to change is to
> run gnome-session-properties, and uncheck "SSH Key Agent".

First, of course it's in a different path. Second, no, I do *not* want to
run a gnome thing - I need to a) do this from a command line, and b) fix
it so it can be built that way, or updated. This isn't my machine, I've
got dozens of users, and need to administer this remotely, without having
to make them stop what they're doing so I can screw with this.

Ok, I followed the guy's instructions, but a) I'm afraid to let the
keyring not run, and b) I get the one agent running... but
gnome-keyring-agent runs *after* it, and so overwrites the environment
variables, which means this is the final trick I need to resolve. As a
first question on that, in that created file,
/etc/X11/xinit/Xclients.d/Xclients.gnome-session.sh, I've got the one
line; however, in /etc/gdn/Xession (really /etc/X11/Xsession), to start
gnome, it has, as you can see above, *two* execs. Any idea why, and any
idea where I can start the agent so that the environment variables are
*not* overwritten by gnome-keyring-agent.

        mark