rpms/gnome-keyring/devel gnome-keyring-2.31.5-ssh-agent-unlock.patch, NONE, 1.1 gnome-keyring.spec, 1.146, 1.147
Tomas Bzatek
tbzatek at fedoraproject.org
Tue Jul 20 16:38:46 UTC 2010
Author: tbzatek
Update of /cvs/extras/rpms/gnome-keyring/devel
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv22426
Modified Files:
gnome-keyring.spec
Added Files:
gnome-keyring-2.31.5-ssh-agent-unlock.patch
Log Message:
* Tue Jul 20 2010 Tomas Bzatek <tbzatek at redhat.com> - 2.31.4-2
- ssh-agent: fix key unlocking (#611642)
gnome-keyring-2.31.5-ssh-agent-unlock.patch:
gkd-ssh-agent-ops.c | 40 +++++++++++++++++++++++++++++++++++++---
1 file changed, 37 insertions(+), 3 deletions(-)
--- NEW FILE gnome-keyring-2.31.5-ssh-agent-unlock.patch ---
>From 629fecbd61c8585a2bc95e2fcb059de260c34fb8 Mon Sep 17 00:00:00 2001
From: Stef Walter <stef at memberwebs.com>
Date: Sun, 11 Jul 2010 23:18:23 +0000
Subject: [ssh-agent] Try to unlock key before use.
* This allows us to keep the unlocking for the rest of the session.
* Restores behavior from gnome-keyring 2.30 and before.
---
diff --git a/daemon/ssh-agent/gkd-ssh-agent-ops.c b/daemon/ssh-agent/gkd-ssh-agent-ops.c
index 759a06a..dc02245 100644
--- a/daemon/ssh-agent/gkd-ssh-agent-ops.c
+++ b/daemon/ssh-agent/gkd-ssh-agent-ops.c
@@ -892,6 +892,42 @@ make_raw_sign_hash (GChecksumType algo, const guchar *data, gsize n_data,
return hash;
}
+static guchar*
+unlock_and_sign (GP11Session *session, GP11Object *key, gulong mech_type, const guchar *input,
+ gsize n_input, gsize *n_result, GError **err)
+{
+ GP11Attributes *attrs;
+ GP11Object *cred;
+ gboolean always;
+
+ /* First check if we should authenticate the key */
+ attrs = gp11_object_get (key, err, CKA_ALWAYS_AUTHENTICATE, GP11_INVALID);
+ if (!attrs)
+ return NULL;
+
+ /* Authenticate the key if necessary, this allows long term */
+ if (!gp11_attributes_find_boolean (attrs, CKA_ALWAYS_AUTHENTICATE, &always))
+ g_return_val_if_reached (NULL);
+
+ gp11_attributes_unref (attrs);
+
+ if (always == TRUE) {
+ cred = gp11_session_create_object (session, err,
+ CKA_TOKEN, GP11_BOOLEAN, FALSE,
+ CKA_CLASS, GP11_ULONG, CKO_G_CREDENTIAL,
+ CKA_VALUE, 0, NULL,
+ CKA_G_OBJECT, GP11_ULONG, gp11_object_get_handle (key),
+ GP11_INVALID);
+ if (cred == NULL)
+ return NULL;
+
+ g_object_unref (cred);
+ }
+
+ /* Do the magic */
+ return gp11_session_sign (session, key, mech_type, input, n_input, n_result, err);
+}
+
static gboolean
op_sign_request (GkdSshAgentCall *call)
{
@@ -961,8 +997,7 @@ op_sign_request (GkdSshAgentCall *call)
session = gp11_object_get_session (key);
g_return_val_if_fail (session, FALSE);
- /* Do the magic */
- result = gp11_session_sign (session, key, mech, hash, n_hash, &n_result, &error);
+ result = unlock_and_sign (session, key, mech, hash, n_hash, &n_result, &error);
g_object_unref (session);
g_object_unref (key);
--
cgit v0.8.3.1
Index: gnome-keyring.spec
===================================================================
RCS file: /cvs/extras/rpms/gnome-keyring/devel/gnome-keyring.spec,v
retrieving revision 1.146
retrieving revision 1.147
diff -u -p -r1.146 -r1.147
--- gnome-keyring.spec 29 Jun 2010 09:21:23 -0000 1.146
+++ gnome-keyring.spec 20 Jul 2010 16:38:46 -0000 1.147
@@ -8,7 +8,7 @@
Summary: Framework for managing passwords and other secrets
Name: gnome-keyring
Version: 2.31.4
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+ and LGPLv2+
Group: System Environment/Libraries
#VCS: git:git://git.gnome.org/gnome-keyring
@@ -22,6 +22,11 @@ BuildRoot: %{_tmppath}/%{name}-%{version
Patch3: gnome-keyring-2.28.1-nopass.patch
+# Bug 611642 - gnome-keyring isn't staying unlocked
+# https://bugzilla.redhat.com/show_bug.cgi?id=611642
+Patch4: gnome-keyring-2.31.5-ssh-agent-unlock.patch
+
+
BuildRequires: glib2-devel >= %{glib2_version}
BuildRequires: gtk2-devel >= %{gtk2_version}
BuildRequires: GConf2-devel
@@ -77,6 +82,7 @@ automatically unlock the "login" keyring
%prep
%setup -q -n gnome-keyring-%{version}
%patch3 -p1 -b .no-pass
+%patch4 -p1 -b .ssh-unlock
# Enable daemon autostart in XFCE
for i in daemon/*.desktop.in.in; do
@@ -166,6 +172,9 @@ fi
%changelog
+* Tue Jul 20 2010 Tomas Bzatek <tbzatek at redhat.com> - 2.31.4-2
+- ssh-agent: fix key unlocking (#611642)
+
* Tue Jun 29 2010 Tomas Bzatek <tbzatek at redhat.com> - 2.31.4-1
- Update to 2.31.4
More information about the scm-commits
mailing list