Package: keychain Version: 2.5.5-2 Severity: normal Tags: patch I have a button on my GNOME panel that simply runs keychain id_rsa, normally this runs ssh-add, which brings up a dialog to ask for my password. Since the recent upgrade, I see the following error in my .xsession-errors when I run keychain from my GNOME panel.
KeyChain 2.5.5; http://www.gentoo.org/proj/en/keychain/ Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL * Inheriting ssh-agent (6314) * Initializing /home/pabs/.keychain/chianamo-sh file... * Initializing /home/pabs/.keychain/chianamo-csh file... * Inheriting gpg-agent (6297) * Initializing /home/pabs/.keychain/chianamo-sh-gpg file... * Initializing /home/pabs/.keychain/chianamo-csh-gpg file... * Adding 1 ssh key(s)... Enter passphrase for /home/pabs/.ssh/id_rsa: * Error: Problem adding; giving up The strange thing is that just running ssh-add from the panel works fine, it brings up a dialog for my password just fine. Also running keychain id_rsa and just ssh-add from a terminal works fine too. The SSH_ASKPASS variable is not set. Looking at the code, it seems that the $noguiopt section is being entered in the following code: if $noguiopt || [ -z "$SSH_ASKPASS" -o -z "$DISPLAY" ]; then unset DISPLAY # DISPLAY="" can cause problems unset SSH_ASKPASS # make sure ssh-add doesn't try SSH_ASKPASS sshout=`ssh-add ${ssh_timeout} "$@"` else sshout=`ssh-add ${ssh_timeout} "$@" </dev/null` fi The solution on my system is to remove '-z "$SSH_ASKPASS" -o ' since on debian it is possible to use the alternatives system to set which SSH_ASKPASS program to use (this is what I use). I'm not sure if you want to use this for the general case, but it seems fine to me. I've attached a patch which fixes this more fully for multiple keys - DISPLAY is not reset after each key, resulting in the nogui option being used for the second and subsequent keys. -- System Information: Debian Release: unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-1-k7 Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Versions of packages keychain depends on: ii debconf 1.4.57 Debian configuration management sy ii grep 2.5.1.ds1-5 GNU grep, egrep and fgrep ii openssh-client [ssh-client] 1:4.1p1-6 Secure shell client, an rlogin/rsh keychain recommends no packages. -- debconf information: * keychain/upgrade: -- bye, pabs http://qa.debian.org/developer.php?login=Paul+Wise&comaint=yes
diff -u keychain-2.5.5/debian/changelog keychain-2.5.5/debian/changelog
--- keychain-2.5.5/debian/changelog
+++ keychain-2.5.5/debian/changelog
@@ -1,3 +1,9 @@
+keychain (2.5.5-3) unstable; urgency=low
+
+ * Fix bugs in handling of DISPLAY and SSH_ASKPASS. Closes: #
+
+ -- Cesar Mendoza <[EMAIL PROTECTED]> Thu, 25 Aug 2005 09:39:52 +0800
+
keychain (2.5.5-2) unstable; urgency=low
* Now depends on openssh-client | ssh-client. Closes: #281106
only in patch2:
unchanged:
--- keychain-2.5.5.orig/keychain
+++ keychain-2.5.5/keychain
@@ -1438,7 +1438,7 @@
IFS="$old_IFS" # restore IFS
set +f # re-enable globbing
- if $noguiopt || [ -z "$SSH_ASKPASS" -o -z "$DISPLAY" ]; then
+ if $noguiopt || [ -z "$DISPLAY" ]; then
unset DISPLAY # DISPLAY="" can cause problems
unset SSH_ASKPASS # make sure ssh-add doesn't try SSH_ASKPASS
sshout=`ssh-add ${ssh_timeout} "$@"`
@@ -1460,9 +1460,10 @@
# Decrement the countdown
sshattempts=`expr $sshattempts - 1`
- done
- [ -n "$savedisplay" ] && DISPLAY="$savedisplay"
+ # Reset DISPLAY
+ [ -n "$savedisplay" ] && DISPLAY="$savedisplay"
+ done
fi
# Load gpg keys
signature.asc
Description: This is a digitally signed message part
