Request for review: keychain opt-in mechanism

Alexander Dalloz alex at dalloz.de
Fri Aug 5 01:02:25 UTC 2005 

Am Do, den 04.08.2005 schrieb Ville Skyttä um 23:00:

> > http://www.uni-x.org/review/keychain.spec
> > http://www.uni-x.org/review/keychain-2.5.4.1-2.src.rpm
> 
> Looks mostly good to me.  Remarks:
> 
> - 2.5.5 is out, looks like a simple tarball update wrt this package.

Ok, I'll head up. The changelog speak about an added feature only.

> - keychain.pod isn't useful and should be dropped.

Wasn't sure about that, so I left it. Will follow your advise.

> Take care of the above and go ahead and commit to CVS, and I'll follow
> up with an approval.

Fine.

> The bad interaction with X login I mentioned earlier: I can no longer
> reproduce it, things seem to work.  Still, two ssh-agents are started on
> initial X login, but it might be tricky to avoid that, and probably
> shouldn't be even attempted in the keychain package.  The culprit
> appears to be "exec -l $SHELL -c "$SSH_AGENT ...""
> in /etc/X11/xdm/Xsession, where the -l triggers loading of keychain
> along with the shell profile, and $SSH_AGENT is then launched by the
> shell later.  xinitrc-common doesn't set $SSH_AGENT if one is already
> running, but that check is done too early wrt. keychain in the X
> login/startup sequence.

Does that cause any harm on your system? On my freshly rebootet system I
now get following result:

$ ps axuwww | grep ssh-agent
root      3430  0.0  0.0  3584  720 ?        S    01:57   0:00 ssh-agent
adalloz   3801  0.0  0.0  4424  848 ?        S    01:59   0:00 ssh-agent
adalloz   3880  0.0  0.0  3396  700 ?        S    01:59   0:00
/usr/bin/ssh-agent /etc/X11/xinit/Xclients
backup    6144  0.0  0.0  5188  752 ?        S    02:04   0:00 ssh-agent
adalloz   7409  0.0  0.0  5616  712 pts/16   R    02:52   0:00 grep
ssh-agent

1 ssh-agent for 1 root login, 2 ssh-agent processes as I am logged in as
"adalloz" graphically and 1 ssh-agent for my "backup" user running
automated backups through cron. Though "adalloz" has 2 ssh-agents I do
not perceive any problem, while I share the opinion it could be prettier
;)

Thanks!

Alexander


-- 
 
1024D/866ED681 2005-07-11 Alexander Dalloz (Fedora Project) <alex at dalloz.de>
Key fingerprint = CD40 0A91 7814 C1E4 5940  8E0E 1FD5 C316 866E D681

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-extras-list/attachments/20050805/ca33a5c9/attachment.sig>

More information about the fedora-extras-list mailing list