ubuntu gnome-keyring-daemon in WSL2

[tsteven4]

What is the best way to get gnome-keyring-daemon started with systemd under WSL2?

This seems to mostly work at the end of ~/.bashrc. The login keyring, ssh keys, and gpg keys all are available, although the login keyring is locked on the first access attempt but prompts for the password.

if [ ! -e /run/user/$(id -u)/keyring ]; then
  gnome-keyring-daemon
  echo startup complete
fi
export SSH_AUTH_SOCK=/run/user/$(id -u)/keyring/ssh

[Alexander-Shukaev]

The proper way (as close as it gets at the moment, since graphical-session.target is not really implemented in WSL(2) and DBUS environment is not exported to the process tree of the underlying graphical session) using systemd (see /usr/lib/systemd/user/gnome-keyring-ssh.service for comparison) is a combination of:

gnome-keyring-ssh.service

[Unit]
Description=Start gnome-keyring as SSH agent
Before=graphical-session-pre.target default.target ssh-agent.service
PartOf=graphical-session-pre.target

After=dbus.service
After=dbus.socket
Wants=dbus.socket

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/sh -ec 'if [ -z "${SSH_AUTH_SOCK}" ] && \
    ! grep -s -q X-GNOME-Autostart-enabled=false ~/.config/autostart/gnome-keyring-ssh.desktop /etc/xdg/autostart/gnome-keyring-ssh.desktop; then \
        eval $$(/usr/bin/gnome-keyring-daemon --start --components ssh); \
        dbus-update-activation-environment --verbose --systemd SSH_AUTH_SOCK=$$SSH_AUTH_SOCK SSH_AGENT_LAUNCHER=gnome-keyring; \
        initctl set-env --global SSH_AUTH_SOCK=$$SSH_AUTH_SOCK || true; \
    fi'
ExecStopPost=/bin/sh -ec 'if [ "${SSH_AGENT_LAUNCHER}" = gnome-keyring ]; then \
        dbus-update-activation-environment --systemd  SSH_AUTH_SOCK=; \
        initctl unset-env --global SSH_AUTH_SOCK || true; \
    fi'

[Install]
WantedBy=default.target

systemctl --user enable gnome-keyring-ssh.service 

~/.profile

if [ -n "${XDG_RUNTIME_DIR-}" ]; then
  XDG_RUNTIME_DIR="${XDG_RUNTIME_DIR%/}"
fi
export XDG_RUNTIME_DIR

systemctl is-system-running --quiet --wait

if [ -z "${SSH_AUTH_SOCK-}" ]; then
  eval "$(systemctl --user show-environment | grep -e '^SSH_AUTH_SOCK=')"
fi
if [ -z "${SSH_AUTH_SOCK-}" ] || [ ! -S "${SSH_AUTH_SOCK-}" ]; then
  SSH_AUTH_SOCK="${XDG_RUNTIME_DIR:-/run/user/$(id -u)}/keyring/ssh"
fi
export SSH_AUTH_SOCK

[tsteven4]

@Alexander-Shukaev thanks for your help.
I edited gnome-keyring-ssh.service to match your listing above with
EDITOR=vi systemctl edit --full --user gnome-keyring-ssh.service
and enabled it as you indicated.
On a fresh start of WSL I see

systemctl status --user gnome-keyring-ssh
● gnome-keyring-ssh.service - Start gnome-keyring as SSH agent
     Loaded: loaded (/home/tsteven4/.config/systemd/user/gnome-keyring-ssh.service; enabled; vendor preset: enabled)
     Active: active (exited) since Mon 2024-04-01 08:08:45 MDT; 12s ago
    Process: 786 ExecStart=/bin/sh -ec if [ -z "${SSH_AUTH_SOCK}" ] &&      ! grep -s -q X-GNOME-Autostart-enabled=fals>
   Main PID: 786 (code=exited, status=0/SUCCESS)
     CGroup: /user.slice/user-1000.slice/[email protected]/app.slice/gnome-keyring-ssh.service
             └─793 /usr/bin/gnome-keyring-daemon --start --components ssh

Apr 01 08:08:45 PEDALDAMNIT systemd[779]: Starting Start gnome-keyring as SSH agent...
Apr 01 08:08:45 PEDALDAMNIT gnome-keyring-daemon[793]: couldn't access control socket: /run/user/1000/keyring/control: >
Apr 01 08:08:45 PEDALDAMNIT gnome-keyring-d[793]: couldn't access control socket: /run/user/1000/keyring/control: No su>
Apr 01 08:08:45 PEDALDAMNIT sh[807]: dbus-update-activation-environment: setting SSH_AUTH_SOCK=/run/user/1000/keyring/s>
Apr 01 08:08:45 PEDALDAMNIT sh[807]: dbus-update-activation-environment: setting SSH_AGENT_LAUNCHER=gnome-keyring
Apr 01 08:08:45 PEDALDAMNIT sh[786]: /bin/sh: 1: initctl: not found
Apr 01 08:08:45 PEDALDAMNIT systemd[779]: Finished Start gnome-keyring as SSH agent.

1. Did you intend for gnome-keyring-ssh.service to be located in the users .config directory?
2. Are the errors accessing the control socked expected?
3. How can the error with initctl be rectified?

Thanks

[tsteven4]

Despite my questions above, eventually this seems to work. On my system it seems I have to wait for systemd-networkd-wait-online to timeout (2 minutes). I think systemd-networkd-wait-online is waiting for docker0, which is perhaps brought up by docker.service, which contains "After=network-online.target".

$ networkctl list
IDX LINK    TYPE     OPERATIONAL SETUP
  1 lo      loopback carrier     unmanaged
  2 eth0    ether    routable    unmanaged
  3 docker0 bridge   no-carrier  unmanaged

3 links listed.
tsteven4@PEDALDAMNIT:~$ networkctl status
●        State: routable
  Online state: unknown
       Address: 172.24.215.198 on eth0
                172.17.0.1 on docker0
                fe80::215:5dff:fe93:77c9 on eth0
       Gateway: 172.24.208.1 on eth0

Apr 01 09:31:46 PEDALDAMNIT systemd-networkd[193]: lo: Link UP
Apr 01 09:31:46 PEDALDAMNIT systemd-networkd[193]: lo: Gained carrier
Apr 01 09:31:46 PEDALDAMNIT systemd-networkd[193]: Enumeration completed
Apr 01 09:31:46 PEDALDAMNIT systemd[1]: Started Network Configuration.
Apr 01 09:31:46 PEDALDAMNIT systemd[1]: Starting Wait for Network to be Configured...
Apr 01 09:31:47 PEDALDAMNIT systemd-networkd[193]: eth0: Gained IPv6LL
Apr 01 09:33:46 PEDALDAMNIT systemd[1]: systemd-networkd-wait-online.service: Main process exited, code=exited, status=1/FAILURE
Apr 01 09:33:46 PEDALDAMNIT systemd[1]: systemd-networkd-wait-online.service: Failed with result 'exit-code'.
Apr 01 09:33:46 PEDALDAMNIT systemd[1]: Failed to start Wait for Network to be Configured.
Apr 01 09:33:47 PEDALDAMNIT systemd-networkd[193]: docker0: Link UP

[tsteven4]

I fixed the degraded state caused by the systemd-networkd-wait-online timeout by creating an override.conf:

$ cat /etc/systemd/system/systemd-networkd-wait-online.service.d/override.conf
[Service]
ExecStart=
ExecStart=/lib/systemd/systemd-networkd-wait-online -i eth0 --timeout=10

This results in a message to the terminal

Failed to connect to bus: No such file or directory

which is apparently caused by "systemctl --user show-environment" in ~/.profile executing too early.

However, the final "SSH_AUTH_SOCK="${XDG_RUNTIME_DIR:-/run/user/$(id -u)}/keyring/ssh" in ~/.profile seems to get the job done.