Page MenuHomeSolus

kwalletcli
Open, NormalPublic

Description

Need the kwalletcli package to setup gpg-agent and ssh-agent through gpg-agent properly in plasma. Already have a package building on my system for it.

Name: kwalletcli
URL: http://www.mirbsd.org/kwalletcli.htm
Reason: It provides helpers for gpg-agent and ssh-agent (which isn't well integrated into plasma without this).
OSS: Yes
Source URL: http://www.mirbsd.org/MirOS/dist/hosted/kwalletcli/kwalletcli-3.01.tar.gz

stobbsm created this task.Apr 19 2018, 1:58 AM
sunnyflunk triaged this task as Unbreak Now! priority.Apr 19 2018, 2:18 AM
sunnyflunk moved this task from Backlog to Accepted For Inclusion on the Package Requests board.
sunnyflunk added a subscriber: sunnyflunk.

If it does what you say it does, it fixes one of my blocker bugs. Stick it up

Added 2 new packages, D2754 and D2755 which add kwalletcli and mksh packages.

To make things works as expected, there is some client side configuration that needs to happen. I'm not sure how to address that, but it's working great on my system using my configuration in bashrc.

Okay, lets have a look at what the issues are that this solves (and it will have to solve it out of the box to be worthwhile). Perhaps they can be solved without the package at all. My issues are (that seem relevant to this package):

  • Need to enter password every single time ssh is used (I definitely think it can be fixed without kwalletcli, but needs configuration)
  • Signing git commit without password cause it should be saved in kwallet

Both hurt Solus development productivity. Are there any others that this package solves?

Issues with kwalletcli:

  • Really shouldn't require mksh to function (i.e. test patching out defining mksh as the bash interpreter in the scripts)

What is the client side configuration you are using with kwalletcli?

Okay, lets have a look at what the issues are that this solves (and it will have to solve it out of the box to be worthwhile). Perhaps they can be solved without the package at all. My issues are (that seem relevant to this package):

  • Need to enter password every single time ssh is used (I definitely think it can be fixed without kwalletcli, but needs configuration)
  • Signing git commit without password cause it should be saved in kwallet

    Both hurt Solus development productivity. Are there any others that this package solves?

    Issues with kwalletcli:
  • Really shouldn't require mksh to function (i.e. test patching out defining mksh as the bash interpreter in the scripts)

    What is the client side configuration you are using with kwalletcli?

Need to export the SSH_AUTH_SOCK on login (can be done using plasma scripts on startup). Also need to set SSH_ASKPASS to /usr/bin/ksshaskpass.

Also need to set some config options in gpg-agent.conf
enable-ssh-support
pinentry-program /usr/bin/pinentry-kwallet

Really simple to implement, I'm just not sure of the best way to go about it. Maybe in /etc/profile?

stobbsm added a comment.EditedApr 22 2018, 2:16 AM

As for not using mksh, I never tried without it. Can give it a try in a vm in a bit.

EDIT: Just did some research, and mksh is based on ksh93, which is incompatible with modern sh and bash. Will take some work to convert it properly, but I'll see what I can do in the coming weeks.

Need to export the SSH_AUTH_SOCK on login (can be done using plasma scripts on startup). Also need to set SSH_ASKPASS to /usr/bin/ksshaskpass.

Also need to set some config options in gpg-agent.conf
enable-ssh-support
pinentry-program /usr/bin/pinentry-kwallet

Really simple to implement, I'm just not sure of the best way to go about it. Maybe in /etc/profile?

Aren't these two conflicting slightly? My look suggested that SSH_ASKPASS to /usr/bin/ksshaskpass and with an ssh-add somewhere can sort out password based ssh keys being saved in kwallet.

However isn't the gpg ssh stuff using the gpg key rather than a password to handle ssh security? I think most users would not be using gpg at all (I certainly wouldn't have gpg if not for signing github commits). That suggests that the valuable part from kwalletcli is the pinentry program. There's also kgpg, but no idea what that does.

The gpg agent still uses the ssh keys when adding ssh agent functionality. It needs ksshaskpass for ssh keys (in a Gui), and the pinentry program is used for gpg keys.

Started trying to port the mksh scripts to bash. This will take a while if I'm doing it alone, as I've never scripted mksh/ksh93 before. Lots of differences, some bigger then others.

Anybody have experience with ksh or mksh that can help guide me on the port?

If they aren't very compatible, then it's probably best to just use mksh so that it continues to work through updates, and won't need rebasing after any updates to kwalletcli.

I made an effort to implement the script in bash, but it's buggy as hell. Definitely not going to be a viable option.

I think it's as ready as it's going to be to add to the repo's, we just need to decide how to handle setting the required variables on login to make it work seamlessly. I'm not familiar with what's being used for the configuration less setup, and don't have much time to figure it out right now, unfortunately.

siru added a subscriber: siru.Aug 14 2018, 6:12 AM
sunnyflunk lowered the priority of this task from Unbreak Now! to Normal.Oct 22 2018, 12:51 AM