gnome keyring & gpg agent

Dimitri John Ledkov dimitri.j.ledkov at
Fri May 15 11:03:49 CEST 2015

On 14 May 2015 at 19:34, Neal H. Walfield <neal at> wrote:
> Hi Daniel,
> At Thu, 14 May 2015 09:36:17 -0400,
> Daniel Kahn Gillmor wrote:
>> But having a clearer/cleaner relationship between the released tarballs
>> and the upstream repo makes it easier for debian developers to
>> contribute back to upstream, and to pull narrowly-targeted changesets
>> from the upstream revision control if they're needed to fix identified
>> bugs before a new release comes out.
> The pieces are now basically in place to fix the GPG Agent / Gnome
> Keyring issue.  There are three minor issues:
>   - There are a couple of small deficiencies in the gnome3 pinentry
>     (e.g., no one button confirmation messages, but this is easily
>     worked around).  These deficiencies have more to do with
>     limitations in Gcr than with the Pinentry implementation.
>   - Gnome Keyring's maintainer hasn't yet ripped out the GPG Agent
>     support, but fully agrees with the changes so far.  (Of course,
>     the GPG Agent proxy can be trivially disabled since it is a
>     separate component.)
>   - To fully replace Gnome Keyring's GPG Agent Proxy, a couple of
>     minor changes had to be made to GPG.  These are so far only in
>     2.1, but I will backport them to 2.0 soon.
> Is it possible to fix this issue in Debian Stable (e.g., in the next
> point release)?
> So far, I've identified these requirements:
>   - Adding a new pinentry-gnome3 package with the yet-to-be-released
>     pinentry with Gnome3 support.
>   - An update to GPG with the relatively small change.
>   - An update to Gnome-Keyring that disables it GPG Agent proxy.
>   - Make Gnome Keyring depend on pinentry-gnome3.

Currently in Ubuntu we use gnupg 1.x as the default one, however I
would like to make a push to transition to 2.x by default.
I'll be switching gnupg2 package to 2.1 series soon in the development
release (Wily Werewolf 15.10).
Having a Gtk 3 compatible pin-entry was a blocker to switch from 1.x
to 2.x series by default.
I have already re-factored Gnome-Keyring GPG Agent to be as
stand-alone as possible in Ubuntu both current stable releases and
14.04 LTS, because many people already disable gnome-keyring's agents
(gpg, ssh, or both). I do it, cause I'm using gpg smartcard for both
gpg subkeys and ssh authentication and thus gnome-keyring is useless
for me.
If there are patches needed for 2.0.x i'm happy to cherry-pick them
for 14.04 LTS stable release update.

Getting the lot done in Ubuntu/Debian development releases will be
quick, and like provide ubuntu ppa with these changes. Stable updates
probably will take some more time.


Pura Vida!
Open Source Technology Center
Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3 1RJ.

More information about the Gnupg-devel mailing list