The Gnome keyring (at the time of writing, version 40.0) running on Ubuntu version 22.04 has a fairly egregious UI flaw – when unlocking keyrings, it pre-selects the less secure option of "Automatically unlock this keyring whenever I'm logged in", and if you accidentally do leave that option selected, it's quite difficult to undo.
If you encounter the bug and try to work out what Gnome component is causing the
problem, you might do a process listing and discover that the program displaying
the "unlock" prompt seems to be /usr/libexec/gcr-prompter, part of the Gnome
gcr package,1 and you might guess that the responsible code is
somewhere in that package (maybe in the gcr or ui directories).
However, that's not where the bug lies. The gcr-prompter seems to be a fairly
"dumb" UI widget, and the flawed logic is in the Gnome keyring component, which
creates the gcr widget (and presumably the gcr-prompter process?) in some
mysterious way (probably via dbus, but I can't be bothered to wade through the
source to find out exactly).
Below are some historical details about the bug, then instructions on how to rebuild the Ubuntu .deb packages for the Gnome keyring (plus related packages) incorporating a patch by Atul Anand which fixes the issue. And if you happen to be running Ubuntu 22.04 (or a distro using the 22.04 repos, like Linux Mint 21.2) on an x86-64 machine, you can use the .deb files on the "Releases" page of this repo.
This bug was reported on Gnome's Bugzilla instance in Bug 725641
in 2014, and a fix created by Atul Anand in 2016, but the fix has never
been incorporated by the Gnome keyring maintainer, Niels De Graef
(@nielsdg).
Gnome's bugzilla closed down, and the bug got transferred by Niels to the Gnome GitLab instance as issue #46 in the "gcr" package (not actually where the bug lies, so far as I can tell) in March 2014.
Gnome keyring issue #7, filed in 2018, points out that the issue still hasn't been fixed, and mentions some related bugs:
- 2014 "Automatically unlock this keyring whenever I'm logged in" should be unchecked by default
- 2009 "Automatically unlock when I log in" considered harmful
In Merge request #38 (from May 2021), a fix is again supplied, this time by Ryan Hendrickson, but it still hasn't been merged, and in a March 2023 post to Gnome's Discourse instance, Ryan wonders why, but doesn't get any terribly good answers. (Other than "contact the maintainer" – but if filing issues and proposing merge requests isn't a good way of contacting a maintainer, then why on earth have them at all?)
Anyway. Below are steps to re-build the .deb packages with Atul's fix incorporated.
If you install these, you'll have to "hold" the Gnome keyring packages at their current version, and forego any new versions arriving from upstream -- but if the last nine years are any guide, you won't be missing anything much.
These steps verified for Ubuntu 22.04 (Jammy) – probably they can be adapted for other Ubuntu versions.
-
Make a fresh directory somewhere, in which the Ubuntu source and .deb files will end up. It'll be cleaner to do this inside a Docker container, so that you don't clutter your system with the build dependencies of gnome-keyring.
Anyhow,
cdinto your directory, and$ sudo apt-get update $ apt-get source gnome-keyring $ sudo apt-get build-dep gnome-keyring $ sudo apt-get install fakeroot build-essential devscripts quilt -
Running
apt-get sourcewill create a directorygnome-keyring_40.0, as well files with extensions.dsc,.orig.tar.xz, and.debian.tar.xz. The.orig.tar.xzfile gets extracted into the directory, and the patches in the.debian.tar.xzfile get automatically applied. -
We first want to un-apply the debian patches, so we can insert our own patch into them, and then apply the whole lot at once. So cd into
gnome-keyring_40.0runquilt pop -a, and you should see a bunch of messages about removing patches and restoring files, ending with "No patches applied". -
Apply the patches from this repo --
git apply /path/to/repo/ui_fixes.patch, which adds a new patch indebian/patches, and then apply all the patches withquilt push -a.(Is all this necessary? idk. Probably. Could it be made simpler? Also probably.)
-
Run
DEB_BUILD_OPTIONS=nocheck dpkg-buildpackage -us -uc, and your .deb (and .ddeb) packages will be built.
Footnotes
-
What the abbreviation "gcr" stands for is unclear, but probably "Gnome cryptography services". ↩