Bug 586480 – gnome-keyring should clear SSH_AGENT_PID

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 586480 - gnome-keyring should clear SSH_AGENT_PID


Summary:	gnome-keyring should clear SSH_AGENT_PID


Status:	RESOLVED WONTFIX

Product:	gnome-keyring
Classification:	Core
Component:	general
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	GNOME keyring maintainer(s)
QA Contact:	GNOME keyring maintainer(s)

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2009-06-20 17:35 UTC by Vincent Untz
Modified:	2012-03-15 09:18 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Clear SSH_AGENT_PID when setting SSH_AUTH_SOCK (1.42 KB, patch) 2009-06-26 14:33 UTC, Stef Walter	none	Details \| Review

Description Vincent Untz 2009-06-20 17:35:51 UTC

If gnome-keyring is started after a ssh-agent was started, then the value in SSH_AGENT_PID will be stale.

I guess we don't want "ssh-agent -k" to kill the keyring daemon, so gnome-keyring should probably just clear SSH_AGENT_PID.

Comment 1 Stef Walter 2009-06-26 14:33:00 UTC

Created attachment 137422 [details] [review]
Clear SSH_AGENT_PID when setting SSH_AUTH_SOCK

Here's a patch which does this....

However, it's not clear why SSH_AGENT_PID is no longer valid or should be touched in any way by gnome-keyring-daemon. The ssh-agent command sets this environment variable and anyone using it is expecting to be interacting with ssh-agent. The ssh-agent process is still running.

Has this caused problems?

Comment 2 Vincent Untz 2009-06-29 10:44:02 UTC

(In reply to comment #1)
> Created an attachment (id=137422) [edit]
> Clear SSH_AGENT_PID when setting SSH_AUTH_SOCK
> 
> Here's a patch which does this....
> 
> However, it's not clear why SSH_AGENT_PID is no longer valid or should be
> touched in any way by gnome-keyring-daemon. The ssh-agent command sets this
> environment variable and anyone using it is expecting to be interacting with
> ssh-agent. The ssh-agent process is still running.
> 
> Has this caused problems?

People are expecting SSH_AGENT_PID to match the process owning SSH_AUTH_SOCK. If you do "ssh-add -k" and an agent is killed but it's not the one you expect, it's kind of useless.

Comment 3 Stef Walter 2009-07-28 00:40:23 UTC

It's 'ssh-agent -k' that kills the agent, which is as expected. That is it's controlling an ssh-agent process with the ssh-agent command. 

It seems to me that any SSH_AGENT_* variables are set by and relevant to the 'ssh-agent' process, no?

Comment 4 Vincent Untz 2009-07-28 04:07:19 UTC

(In reply to comment #3)
> It's 'ssh-agent -k' that kills the agent, which is as expected. That is it's
> controlling an ssh-agent process with the ssh-agent command. 
> 
> It seems to me that any SSH_AGENT_* variables are set by and relevant to the
> 'ssh-agent' process, no?

I guess it depends on the point of view -- it could easily be argued that the SSH_AGENT_* variables are relevant to any program being a ssh agent.

cc'ing Lucas who was at the origin of my report: he might have a stronger rationale than I do.

Comment 5 Lucas Nussbaum 2009-08-07 10:08:34 UTC

Well, another nicer way to solve that problem would be for SSH_AGENT_PID to take the pid of gnome-keyring instead of keeping the one from the (killed) ssh-agent. That way it is clear that gnome-keyring is acting as the ssh agent.

Comment 6 Stef Walter 2012-03-15 09:18:14 UTC

The SSH_AGENT_XXX environment variables belong to the ssh-agent from openssh. In particular 'ssh-agent -k' uses SSH_AGENT_PID to determine which process to kill. I don't want 'ssh-agent -k' to kill gnome-keyring-daemon.