commit: ea3f0cec88aed65d08d35e73d7856d48284ba622
Author: Florian Schmaus <flow <AT> gentoo <DOT> org>
AuthorDate: Mon Nov 3 20:14:56 2025 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Nov 4 09:38:18 2025 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=ea3f0cec
system-local-login: move pam_gnome_keyring after system-login if systemd
We previously moved pam_gnome_keyring before system-login to fix an
issue when using OpenRC (bug #964268). However, having
pam_gnome_keyring before system-login, and thereby before pam_systemd,
breaks automatic keyring unlock via pam_gnome_keyring on systemd
systems (bug #964306).
This adjusts the ninja template so that pam_gnome_keyring is only
before system-login if --openrc is provided. Otherwise,
pam_gnome_keyring is placed after system-login, just as it was before
a507d2e4bf70 ("system-local-login: move pam_gnome_keyring before
system-login").
Thanks to Christopher Head for reporting this.
Closes: https://bugs.gentoo.org/964306
Signed-off-by: Florian Schmaus <flow <AT> gentoo.org>
Part-of: https://github.com/gentoo/pambase/pull/28
Closes: https://github.com/gentoo/pambase/pull/28
Signed-off-by: Sam James <sam <AT> gentoo.org>
templates/system-local-login.tpl | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/templates/system-local-login.tpl b/templates/system-local-login.tpl
index 5e01090..b1bd7e7 100644
--- a/templates/system-local-login.tpl
+++ b/templates/system-local-login.tpl
@@ -7,7 +7,10 @@ password include system-login
{% if gnome_keyring %}
password optional pam_gnome_keyring.so use_authtok
{% endif %}
-{% if gnome_keyring %}
+{% if gnome_keyring and openrc %}
session optional pam_gnome_keyring.so auto_start
{% endif %}
session include system-login
+{% if gnome_keyring and not openrc %}
+session optional pam_gnome_keyring.so auto_start
+{% endif %}
