Feature: Start passing through SSH_AUTH_SOCK to the systemd user units #17
Conversation
An SSH agent like gnome-keyring-daemon may started before Sway starts and export SSH_AUTH_SOCK to Sway to pass through to child processes so that both graphical and console apps can access the agent. Now, connecting to the SSH agent could break when using foot's systemd socket activation. This happens because systemd services are run in a "clean" environment that only contains environment variables that are explicitly set there. It doesn't automatically inherit environment variables set in the login environment. https://codeberg.org/dnkl/foot/pulls/890 Note that while setting SSH_AUTH_SOCK solves a common problem with a systemd-activated console service, there may be other varibles set in the Sway environment that users expect to appear within a systemd socket-activated terminal service. Those will still need to be passed through using existing `--add-env` flag to session.sh
|
@markstos, your branch seems to be way behind the main. Can you rebase the PR? I'm fine with merging this, but I find the increasing list of variables concerning and would like to consider another solutions for future. Generators could be another option, and I've seen an advice to wrap |
|
I'm now on the fence about adding this. While it does the pass the variable through, it turns out I still was not able to connect to Until SSH is tested be fully working within a a systemd container that's running |
|
I'm closing this, but here's how I got Gnome keyring working with Fish and Sway and systemd... I launch Sway from the terminal, and have a # If running from tty1 and a graphical session has not already been started, start Sway
set TTY1 (tty)
if status --is-login && test "$TTY1" = "/dev/tty1" && test -z "$WAYLAND_DISPLAY"
# gnome-keyring prints bash-style env vars when starting, namely SSH_AUTH_SOCK
gnome-keyring-daemon --start | read --line gnome_keyring_control ssh_auth_sock
set -Ux GNOME_KEYRING_CONTROL (string split -m 1 = $gnome_keyring_control)[2]
set -Ux SSH_AUTH_SOCK (string split -m 1 = $ssh_auth_sock)[2]
set --global --export DESKTOP_SESSION "sway"
set --global --export TERMINAL "foot"
# XDG_CURRENT_DESKTOP is used by flameshot and maybe others
set --global --export XDG_CURRENT_DESKTOP "sway"
# DON'T use exec so that environment variable inheritance works correctly.
# We name this script with the 999 prefix because the sway execution blocks and no other scripts
# will run until after it exits.
/sbin/sway
endThen, in `~/.config/sway/config.d/10-systemd-session.conf, I have this: |
An SSH agent like gnome-keyring-daemon may started before Sway starts
and export SSH_AUTH_SOCK to Sway to pass through to child processes so
that both graphical and console apps can access the agent.
Now, connecting to the SSH agent could break when using foot's systemd
socket activation. This happens because systemd services are run
in a "clean" environment that only contains environment variables that
are explicitly set there. It doesn't automatically inherit environment variables set
in the login environment.
https://codeberg.org/dnkl/foot/pulls/890
Note that while setting SSH_AUTH_SOCK solves a common problem with a
systemd-activated console service, there may be other varibles set in the Sway environment that
users expect to appear within a systemd socket-activated terminal
service.
Those will still need to be passed through using existing
--add-envflag to session.sh