GNOME Bugzilla – Bug 647766
Keyring created on Solaris 10 does not work on RHEL 5 and vice versa
Last modified: 2019-02-22 11:46:01 UTC
Created attachment 185946 [details] Session showing keyring creation, usage and failures I'm using 'keyring_tool' from CollabNet Subversion to create a keyring. The 'keyring_tool' binary is linked with libgnome-keyring. I then use the CollabNet 'svn' tool to make use of the keyring. If I create the keyring on Solaris 10 SPARC or Solaris 10 x64, the keyring can be used by the 'svn' tool on either of those two platforms. But the keyring does not work on RHEL 5. If I create the keyring on RHEL 5 x86_64, the keyring can be used by the 'svn' tool on any RHEL 5 host. But the keyring does not work on Solaris SPARC or Solaris x64. On Solaris I've tried both the version of GNOME Keyring shipped with the operating system, as well as the OpenCSW version of the keyring. On RHEL I've only tried the version of GNOME Keyring shipped with the OS (FC6). I've attached an example session demonstrating how the keyrings were created and what result was obtained with the 'svn' tool. I've also attached three test keyrings (all empty). The first was created on Solaris SPARC by the libgnome-keyring shipped with Solaris. The second was created on RHEL by the libgnome-keyring from RHEL. The third was created on Solaris SPARC by the libgnome-keyring from OpenCSW. On Solaris SPARC, libgnome-keyring is an ELF 32-bit MSB dynamic lib SPARC Version 1. On Solaris x64, it is an ELF 32-bit LSB dynamic lib 80386 Version 1. On RHEL, it is an ELF 64-bit LSB shared object, AMD x86-64, version 1 (SYSV). You'll see from the attached session which combinations worked, and which did not: Solaris standard libraries (4a, b, c): - Solaris standard keyring: OK - RHEL keyring: FAILED - Solaris CSW keyring: FAILED RHEL libraries (5a, b, c): - Solaris standard keyring: FAILED - RHEL keyring: OK - Solaris CSW keyring: FAILED (different symptoms) Solaris CSW libraries (6a, b, c): - Solaris standard keyring: FAILED - RHEL keyring: OK (this was a surprise!) - Solaris CSW keyring: OK
Created attachment 185947 [details] First test keyring
Created attachment 185948 [details] Second test keyring
Created attachment 185949 [details] Third test keyring
Did you post the password for these keyrings somewhere? I can parse the outer unencrypted data, but can't test parsing the inner stuff without the password. Thanks!
Whoops. Thanks. I see the passwords are 'test'. The problem doesn't seem to be endianness or anything like that. The encrypted data in the sparc keyring seems to be encrypted in a way that I can't decrypt on my linux box. I'll look more into it.
It looks like the encryption key (or encryption itself) is patched or being done differently in the Solaris gnome-keyring version. This is hard to verify without seeing the source. As a customer of Solaris could you please (as per LGPL) request the up to date source for the gnome-keyring Solaris 10 SPARC or Solaris 10 x64 package. If you see that it hasn't been patched in that version, then please reopen this bug. The versions I could find easily [1] packaged gnome-keyring 0.2.0, and heavily and incompatibly patched them to use other key generation functions. Hence I am closing this bug NOTGNOME. The OpenCSW packages keyring (test3.keyring) is completely parseable on linux, and should work just work. If you're experiencing failures on OpenCSW, then it's likely something unrelated to this bug. [1] http://dlc.sun.com/opensourcecode/solaris/Solaris10-9-10GPLSource.zip