After a fresh install of Fedora 39 (Design Suite) on a brand new desktop computer, Gnome Keyring is broken. I’ll try and summarize the issues:
All keyrings will be gone after an update via Gnome Software
Keyrings will also disappear after some reboots (seems to be random)
Sometimes, it will remember a local network drive password, but forget an app’s password, ie: Proton VPN and Bridge
Apps will require a new default keyring be created, even though one already exists
Deleting a keyring via Passwords and Keys (aka Seahorse) doesn’t delete the files from ~/.local/share/keyrings
In Passwords and Keys, setting a keyring as default doesn’t appear to work
I don’t know much about journalctl, but this seems relevant:
Dec 27 11:32:42 rysen-box systemd[2209]: app-gnome-gnome\x2dkeyring\x2dpkcs11-2317.scope: Failed to add PIDs to scope's control group: No such process
Dec 27 11:32:42 rysen-box systemd[2209]: app-gnome-gnome\x2dkeyring\x2dpkcs11-2317.scope: Failed with result 'resources'.
Dec 27 11:32:42 rysen-box systemd[2209]: Failed to start app-gnome-gnome\x2dkeyring\x2dpkcs11-2317.scope - Application launched by gnome-session-binary.
A larger log excerpt from yesterday:
Dec 27 11:32:42 rysen-box gnome-keyring-daemon[2318]: discover_other_daemon: 1
Dec 27 11:32:42 rysen-box gnome-keyring-pkcs11.desktop[2318]: discover_other_daemon: 1
Dec 27 11:32:42 rysen-box gnome-keyring-daemon[2327]: discover_other_daemon: 1
Dec 27 11:32:42 rysen-box gnome-keyring-secrets.desktop[2327]: discover_other_daemon: 1
Dec 27 11:32:42 rysen-box gnome-keyring-daemon[2331]: discover_other_daemon: 1
Dec 27 11:32:42 rysen-box gnome-keyring-ssh.desktop[2331]: discover_other_daemon: 1SSH_AUTH_SOCK=/run/user/1000/keyring/ssh
Dec 27 11:32:42 rysen-box systemd[2209]: app-gnome-gnome\x2dkeyring\x2dpkcs11-2317.scope: Couldn't move process 2317 to requested cgroup '/user.slice/user-1000.slice/user@1000.service/app.slice/app-gnome-gnome\x2dkeyring\x2dpkcs11>
Dec 27 11:32:42 rysen-box systemd[2209]: app-gnome-gnome\x2dkeyring\x2dpkcs11-2317.scope: Failed to add PIDs to scope's control group: No such process
Dec 27 11:32:42 rysen-box systemd[2209]: app-gnome-gnome\x2dkeyring\x2dpkcs11-2317.scope: Failed with result 'resources'.
Dec 27 11:32:42 rysen-box systemd[2209]: Failed to start app-gnome-gnome\x2dkeyring\x2dpkcs11-2317.scope - Application launched by gnome-session-binary.
Dec 27 11:32:42 rysen-box systemd[2209]: app-gnome-gnome\x2dkeyring\x2dsecrets-2321.scope: Couldn't move process 2321 to requested cgroup '/user.slice/user-1000.slice/user@1000.service/app.slice/app-gnome-gnome\x2dkeyring\x2dsecre>
Dec 27 11:32:42 rysen-box systemd[2209]: app-gnome-gnome\x2dkeyring\x2dsecrets-2321.scope: Failed to add PIDs to scope's control group: No such process
Dec 27 11:32:42 rysen-box systemd[2209]: app-gnome-gnome\x2dkeyring\x2dsecrets-2321.scope: Failed with result 'resources'.
Dec 27 11:32:42 rysen-box systemd[2209]: Failed to start app-gnome-gnome\x2dkeyring\x2dsecrets-2321.scope - Application launched by gnome-session-binary.
Dec 27 11:32:42 rysen-box systemd[2209]: app-gnome-gnome\x2dkeyring\x2dssh-2323.scope: Couldn't move process 2323 to requested cgroup '/user.slice/user-1000.slice/user@1000.serviceDec 27 11:32:42 rysen-box gnome-keyring-daemon[2318]: discover_other_daemon: 1
Dec 27 11:32:42 rysen-box gnome-keyring-pkcs11.desktop[2318]: discover_other_daemon: 1
Dec 27 11:32:42 rysen-box gnome-keyring-daemon[2327]: discover_other_daemon: 1
Dec 27 11:32:42 rysen-box gnome-keyring-secrets.desktop[2327]: discover_other_daemon: 1
Dec 27 11:32:42 rysen-box gnome-keyring-daemon[2331]: discover_other_daemon: 1
Dec 27 11:32:42 rysen-box gnome-keyring-ssh.desktop[2331]: discover_other_daemon: 1SSH_AUTH_SOCK=/run/user/1000/keyring/ssh
Dec 27 11:32:42 rysen-box systemd[2209]: app-gnome-gnome\x2dkeyring\x2dpkcs11-2317.scope: Couldn't move process 2317 to requested cgroup '/user.slice/user-1000.slice/user@1000.service/app.slice/app-gnome-gnome\x2dkeyring\x2dpkcs11>
Dec 27 11:32:42 rysen-box systemd[2209]: app-gnome-gnome\x2dkeyring\x2dpkcs11-2317.scope: Failed to add PIDs to scope's control group: No such process
Dec 27 11:32:42 rysen-box systemd[2209]: app-gnome-gnome\x2dkeyring\x2dpkcs11-2317.scope: Failed with result 'resources'.
Dec 27 11:32:42 rysen-box systemd[2209]: Failed to start app-gnome-gnome\x2dkeyring\x2dpkcs11-2317.scope - Application launched by gnome-session-binary.
Dec 27 11:32:42 rysen-box systemd[2209]: app-gnome-gnome\x2dkeyring\x2dsecrets-2321.scope: Couldn't move process 2321 to requested cgroup '/user.slice/user-1000.slice/user@1000.service/app.slice/app-gnome-gnome\x2dkeyring\x2dsecre>
Dec 27 11:32:42 rysen-box systemd[2209]: app-gnome-gnome\x2dkeyring\x2dsecrets-2321.scope: Failed to add PIDs to scope's control group: No such process
Dec 27 11:32:42 rysen-box systemd[2209]: app-gnome-gnome\x2dkeyring\x2dsecrets-2321.scope: Failed with result 'resources'.
Dec 27 11:32:42 rysen-box systemd[2209]: Failed to start app-gnome-gnome\x2dkeyring\x2dsecrets-2321.scope - Application launched by gnome-session-binary.
Dec 27 11:32:42 rysen-box systemd[2209]: app-gnome-gnome\x2dkeyring\x2dssh-2323.scope: Couldn't move process 2323 to requested cgroup '/user.slice/user-1000.slice/user@1000.service/app.slice/app-gnome-gnome\x2dkeyring\x2dssh-2323.>
Dec 27 11:32:42 rysen-box systemd[2209]: app-gnome-gnome\x2dkeyring\x2dssh-2323.scope: Failed to add PIDs to scope's control group: No such process
Dec 27 11:32:42 rysen-box systemd[2209]: app-gnome-gnome\x2dkeyring\x2dssh-2323.scope: Failed with result 'resources'.
Dec 27 11:32:42 rysen-box systemd[2209]: Failed to start app-gnome-gnome\x2dkeyring\x2dssh-2323.scope - Application launched by gnome-session-binary.
Dec 27 11:32:42 rysen-box systemd[2209]: Started gnome-session-manager@gnome.service - GNOME Session Manager (session: gnome).
/app.slice/app-gnome-gnome\x2dkeyring\x2dssh-2323.>
Dec 27 11:32:42 rysen-box systemd[2209]: app-gnome-gnome\x2dkeyring\x2dssh-2323.scope: Failed to add PIDs to scope's control group: No such process
Dec 27 11:32:42 rysen-box systemd[2209]: app-gnome-gnome\x2dkeyring\x2dssh-2323.scope: Failed with result 'resources'.
Dec 27 11:32:42 rysen-box systemd[2209]: Failed to start app-gnome-gnome\x2dkeyring\x2dssh-2323.scope - Application launched by gnome-session-binary.
Dec 27 11:32:42 rysen-box systemd[2209]: Started gnome-session-manager@gnome.service - GNOME Session Manager (session: gnome).
My hard drive is encrypted and I am the only one who uses this computer. So, I enable auto login and set the keyring password blank. I’ve also tried disabling auto login, as well as setting a keyring password, but the issues persist.
I don’t know anything about PAM, but in case this helps, my /etc/pam.d/login:
#%PAM-1.0
auth substack system-auth
auth include postlogin
account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include system-auth
session include postlogin
-session optional pam_ck_connector.so
I really don’t want to have to start from scratch with another fresh install. I’ve spent so much time setting up this new computer. I’m really hoping someone can help.
I don’t see gnome-keyring-daemon in systemctl status --user.
systemctl --user --failed just returns:
UNIT LOAD ACTIVE SUB DESCRIPTION
0 loaded units listed.
Yes, it appears the service is failing to start. But, I have no idea why, or how to fix it. The Arch Wiki entry about Gnome Keyring mentions adding two lines to /etc/pam.d/login:
The Arch PAM files might not use the same system that Fedora Linux does. I’d hold off on making changes to the PAM files unless you’ve made changes to them previously and suspect that your customizations might be the source of the problem.
It looks like the config file that is responsible for starting gnome-keyring-daemon is /etc/xdg/autostart/gnome-keyring-secrets.desktop. In that file is the following line:
And is it running now? Does it show up in the output of ps -ef | grep gnome-keyring?
Edit: Sorry, I pasted the wrong thing at first. Also, I’m a little confused about how this service is configured in Fedora Linux. My system also has a gnome-keyring-daemon.service.
You might be able to enable that socket as a workaround if the normal startup isn’t working. I don’t know. It seems like that would be a simpler thing to try than messing with the PAM configuration though (especially since you can lock yourself out of your system by editing those PAM files).
I’d try systemctl --user enable --now gnome-keyring-daemon.socket and see if that helps. If not, it is easy to undo (just disable the service).
I appreciate you taking the time to try and figure this out. I’ll have to add a few passwords to the keyring, then reboot/update to see if there are any changes.
Yeah, socket activation is a little different. It won’t actually run the service until something tries to access the keyring. I’ve never used that service to start the keyring. I’m just thinking it might work as a workaround. Also, I see that it passes --foreground when starting the daemon.
That option might provide more debugging information in the logs. (Or you could try re-running the full command from the command line with that --foreground parameter and see if you get any more info about what is going wrong.
Encryption is still a very new/beta feature for Fedora Linux and that sort of thing could easily be the source of the problem you are seeing. You might also want to check the SELinux permissons on your files. If they are wrong, that could prevent the gnome keyring from starting (though I would expect that to fail consistently if that were the problem).
Well, actually, you only need to enable the socket once. To just (re)start the service, you would run systemctl --user start gnome-keyring-daemon.socket.
But to see that output from running the command directly in the foreground, you would use /usr/bin/gnome-keyring-daemon --foreground --components="pkcs11,secrets".
You might want to stop the socket activation temporarily (systemctl --user stop gnome-keyring-daemon.socket) before you try to run the command directly from the terminal for debugging purposes.
Edit: And kill any processes from that service that might still be running in the background:
However, after I killed the process and restarted it, gnome-keyring-daemon didn’t show up in ps -ef | grep gnome-keyring (it was there before I killed it)
I’m going to try a reboot and see what happens. Thanks so much!
Wait, I might have an idea about what the problem is. Are you using password-less login with your drive encryption? E.g. something like what is described in this article:
When using biometrics, a U2F key, or any other method that does not require a passphrase to sign in to GNOME, the Login keyring cannot be unlocked automatically.
I encrypted my hard drive during the install process, same as I’ve done for years. So, yes I use auto-login or a password-less login. It would fall under this category from the article:
If you use LUKS encryption for your home partition and operate a single-user system, you could remove the passphrase from your keyring. This will leave your gnome keyring unencrypted at the file level. But it will still be encrypted at the block level by LUKS.
I have the same setup on my old desktop running F39 without any issues. The only difference that I can think of is the old desktop formated with EXT4 and upgraded to F39. The new desktop with a fresh F39 using BTFS (I think??)
I’ve tried switching to a password login. But, the same issues persisted, except that new keyrings named “Login” kept being created.
After trying the commands and rebooting, my keyring was gone -from Passwords and Keys app (still on the file system ~/.local/share/keyrings).
I added a network drive password, and the Proton VPN app’s secret/password. Reboot. The network drive’s password was still there, but Proton App’s was gone. Same as before.
EDIT: jourctl was the same:
Dec 28 10:17:55 rysen-box systemd[2529]: Failed to start app-gnome-gnome\x2dkeyring\x2dpkcs11-2638.scope - Application launched by gnome-session-binary.
Dec 28 10:17:55 rysen-box systemd[2529]: Started app-gnome-gnome\x2dkeyring\x2dsecrets-2642.scope - Application launched by gnome-session-binary.
Dec 28 10:17:55 rysen-box systemd[2529]: Started app-gnome-gnome\x2dkeyring\x2dssh-2644.scope - Application launched by gnome-session-binary.
I think I am going to have to nuke this install and start from scratch I might to with F38 to be safe.