fix: prevent whitebox keyring from blocking xrdp remote login

fly602 · fly602 · commit 9ef372ee4af8 · 2026-03-12T17:39:24.000+08:00
The original script directly started both gnome-keyring-daemon and
deepin-keyring-whitebox during X session initialization, which caused
issues with xrdp remote login sessions. The deepin-keyring-whitebox
service was blocking xrdp connections.

This change replaces the direct script execution with a systemd user
service (dde-keyring.service) that includes conditional logic to skip
deepin-keyring-whitebox startup when XRDP_SESSION environment variable
is detected. The service properly handles both keyring components with
appropriate dependencies and timeouts.

Key changes:
1. Removed direct keyring startup from Xsession script
2. Added new systemd user service for keyring management
3. Added XRDP_SESSION environment check to skip whitebox in remote
sessions
4. Maintained gnome-keyring functionality for all session types
5. Set proper service dependencies and timeout handling

Log: Fixed xrdp remote login issue caused by deepin-keyring-whitebox
service

Influence:
1. Test local desktop login to ensure keyring services start normally
2. Test xrdp remote login to verify whitebox service is properly skipped
3. Verify gnome-keyring-daemon starts in both local and remote sessions
4. Check that password management and SSH key functionality work
correctly
5. Test session startup time and service dependencies

fix: 解决白盒密钥服务阻塞xrdp远程登录的问题

原脚本在X会话初始化时直接启动gnome-keyring-daemon和deepin-keyring-
whitebox，这导致xrdp远程登录会话出现问题。deepin-keyring-whitebox服务会
阻塞xrdp连接。

此次更改将直接脚本执行替换为systemd用户服务(dde-keyring.service)，该服务
包含条件逻辑，在检测到XRDP_SESSION环境变量时跳过deepin-keyring-whitebox
启动。该服务通过适当的依赖关系和超时设置来正确处理两个密钥环组件。

主要变更：
1. 从Xsession脚本中移除直接启动密钥环的代码
2. 新增systemd用户服务用于密钥环管理
3. 添加XRDP_SESSION环境检查以在远程会话中跳过白盒服务
4. 为所有会话类型保持gnome-keyring功能正常
5. 设置正确的服务依赖关系和超时处理

Log: 修复deepin-keyring-whitebox服务导致的xrdp远程登录问题

Influence:
1. 测试本地桌面登录，确保密钥环服务正常启动
2. 测试xrdp远程登录，验证白盒服务被正确跳过
3. 验证gnome-keyring-daemon在本地和远程会话中都能启动
4. 检查密码管理和SSH密钥功能正常工作
5. 测试会话启动时间和服务依赖关系
diff --git a/misc/Xsession.d/97deepin-keyring-wb b/misc/Xsession.d/97deepin-keyring-wb
@@ -1,11 +1,7 @@
 #!/bin/sh
-# Start deepin-keyring-whitebox and gnome-keyring-daemon for DDE session
-if [ -x /usr/bin/gnome-keyring-daemon ]; then
-    echo "start gnome-keyring-daemon with components secrets,pkcs11,ssh"
-    /usr/bin/gnome-keyring-daemon --start --components=secrets,pkcs11,ssh || true
-fi 
+# Trigger dde-keyring.service via systemd user instance.
+# This service handles gnome-keyring-daemon and deepin-keyring-whitebox.
 
-if [ -x /usr/bin/deepin-keyring-whitebox ]; then
-    echo "start deepin-keyring-whitebox client"
-    /usr/bin/deepin-keyring-whitebox --opt-client=waitfifonotify || true
-fi
+if [ -f /usr/lib/systemd/user/dde-keyring.service ]; then
+    systemctl --user start dde-keyring.service
+fi
diff --git a/systemd/CMakeLists.txt b/systemd/CMakeLists.txt
@@ -7,6 +7,10 @@ configure_file(dde-session-exit-task.service.in
 configure_file(dde-session-shutdown.service.in
                dde-session-shutdown.service
                @ONLY)
+configure_file(dde-keyring.service.in
+               dde-keyring.service
+               @ONLY)
+
 
 set(SERVICES
     dde-session-initialized.target
@@ -15,6 +19,7 @@ set(SERVICES
     dde-session-core.target
     ${CMAKE_CURRENT_BINARY_DIR}/dde-session-exit-task.service
     ${CMAKE_CURRENT_BINARY_DIR}/dde-session-shutdown.service
+    ${CMAKE_CURRENT_BINARY_DIR}/dde-keyring.service
     dde-session-shutdown.target
     dde-session.target
 )
@@ -26,6 +31,8 @@ set(DDE_SESSION_PRE_WANTS
     dde-session-pre.target.wants/dde-quick-login@x11.service
 )
 
+
+
 # dde-session-core.target.wants - core desktop components
 install(DIRECTORY DESTINATION lib/systemd/user/dde-session-core.target.wants/)
 set(DDE_SESSION_CORE_WANTS
diff --git a/systemd/dde-keyring.service.in b/systemd/dde-keyring.service.in
@@ -0,0 +1,21 @@
+[Unit]
+Description=Deepin Keyring Service (GNOME Keyring + Whitebox Client)
+Documentation=man:gnome-keyring-daemon(1)
+# Start after D-Bus session socket is available (set up by pam_systemd.so)
+After=dbus.socket
+PartOf=graphical-session.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/bin/sh -c '\
+    if [ -x /usr/bin/gnome-keyring-daemon ]; then \
+        echo "start gnome-keyring-daemon with components secrets,pkcs11,ssh"; \
+        /usr/bin/gnome-keyring-daemon --start --components=secrets,pkcs11,ssh; \
+    fi; \
+    if [ -x /usr/bin/deepin-keyring-whitebox ] && [ -z "$XRDP_SESSION" ]; then \
+        echo "start deepin-keyring-whitebox client"; \
+        /usr/bin/deepin-keyring-whitebox --opt-client=waitfifonotify & \
+    fi'
+Restart=no
+TimeoutStartSec=180
