From Fedora Project Wiki
mNo edit summary
mNo edit summary
Line 44: Line 44:
== Detailed Description ==
== Detailed Description ==


GNOME Keyring was originally designed to be the central cryptographic service on desktop, though its scope has been gradually reduced over years. Notable examples are [https://bugzilla.gnome.org/show_bug.cgi?id=750514 gpg-agent removal] in 2015, [https://bugzilla.gnome.org/show_bug.cgi?id=791401 PKCS #11 module deprecation] and [https://bugzilla.gnome.org/show_bug.cgi?id=775981 ssh-agent rewrite to wrap ssh-agent from OpenSSH] in 2018.
GNOME Keyring provides multiple services exposed as part of a single daemon program called gnome-keyring-daemon, launched by the session manager (gnome-session) or PAM, depending on desktop environments. That design makes the desktop integration quite complex and troubleshooting is hard when any issue arises.


All the GNOME Keyring services are exposed as part of a single daemon program called gnome-keyring-daemon, launched by the session manager (gnome-session) or PAM, depending on desktop environments. Now that only the essential service remaining in gnome-keyring-daemon are D-Bus secret-service and the ssh-agent wrapper, it would be worth splitting the daemon into sub-daemons, so they can be managed by systemd.
Despite its original goal to be the central cryptographic service on desktop, the scope of GNOME Keyring has been gradually reduced over years. Notable examples are [https://bugzilla.gnome.org/show_bug.cgi?id=750514 gpg-agent removal] in 2015, [https://bugzilla.gnome.org/show_bug.cgi?id=791401 PKCS #11 module deprecation] and [https://bugzilla.gnome.org/show_bug.cgi?id=775981 ssh-agent rewrite to wrap ssh-agent from OpenSSH] in 2018. Now that only the essential service remaining in gnome-keyring-daemon are D-Bus secret-service and the ssh-agent wrapper, it would be worth splitting the daemon into sub-daemons, so they can be managed by systemd.


<!-- Expand on the summary, if appropriate.  A couple sentences suffices to explain the goal, but the more details you can provide the better. -->
<!-- Expand on the summary, if appropriate.  A couple sentences suffices to explain the goal, but the more details you can provide the better. -->

Revision as of 13:05, 26 October 2020

Modular GNOME Keyring services

Summary

The monolithic daemon provided by GNOME Keyring will be split into dedicated sub-daemons, so that they can be consistently managed by systemd.

Owner

  • Product: Workstation
  • Responsible WG: Workstation

Current status

  • Targeted release: Fedora 34
  • Last updated: 2020-10-26
  • FESCo issue: <will be assigned by the Wrangler>
  • Tracker bug: <will be assigned by the Wrangler>
  • Release notes tracker: <will be assigned by the Wrangler>

Detailed Description

GNOME Keyring provides multiple services exposed as part of a single daemon program called gnome-keyring-daemon, launched by the session manager (gnome-session) or PAM, depending on desktop environments. That design makes the desktop integration quite complex and troubleshooting is hard when any issue arises.

Despite its original goal to be the central cryptographic service on desktop, the scope of GNOME Keyring has been gradually reduced over years. Notable examples are gpg-agent removal in 2015, PKCS #11 module deprecation and ssh-agent rewrite to wrap ssh-agent from OpenSSH in 2018. Now that only the essential service remaining in gnome-keyring-daemon are D-Bus secret-service and the ssh-agent wrapper, it would be worth splitting the daemon into sub-daemons, so they can be managed by systemd.


Feedback

Benefit to Fedora

This will bring in consistent experience of setting up and managing the GNOME Keyring services, taking advantage of the fine grained systemd service units. This would simplify the security related services running on desktop, and make it easier to adopt modern security features e.g., hardware-based security.

Scope

  • Proposal owners: gnome-keyring-daemon currently provides 3 services: D-Bus secret-service, ssh-agent wrapper, and a control socket for PAM to automatically unlock the login keyring. Those services are either split out, or removed in favor of other means, in the following steps:
    • Make the D-Bus secret-service D-Bus activatable
    • Make the ssh-agent wrapper code socket activatable
    • Modify the PAM module to use libsecret API to unlock the login keyring, instead of the control socket
    • Install systemd unit files for those services, modify the current session initialization sequence to use them
    • (Stretch goal) move the service implementations from gnome-keyring to more appropriate packages (gcr and libsecret) and remove the gnome-keyring package from the default compose
  • Other developers: N/A (not a System Wide Change)
  • Policies and guidelines: N/A (not a System Wide Change)
  • Trademark approval: N/A (not needed for this Change)
  • Alignment with Objectives:

Upgrade/compatibility impact

The migration should be transparent.

N/A (not a System Wide Change)

How To Test

Check if the GNOME Keyring services are now managed by systemd, using systemctl status. Check if the existing applications (Seahorse, SSH clients, etc.) still work.

N/A (not a System Wide Change)

User Experience

No visible change should be observed by normal users.

Dependencies

N/A (not a System Wide Change)

Contingency Plan

  • Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change), Yes/No
  • Blocks product? product

Documentation

N/A (not a System Wide Change)

Release Notes