I don’t think you will find any simple way to do what you want on GNOME, if it’s even possible at all. The answer linked below is from an Ubuntu community but most of what is said there applies on any distro. (Ignore the rest of the answers there, they are many years old).
My guess is that the easiest solution is to use KDE or Xfce instead of GNOME…
Okay, I tried it again. Turns out it’s almost impossible to enter the grub menu on Manjaro without a degree is you have LUKS enabled. I had to enter my LUKS password and then had to wait a few seconds until the volume was decrypted, then I had to immediately press Esc. One second earlier and it would have cancelled the decryption, one second later and it would have been too late.
I’d much rather have a shortcut other than Esc that wouldn’t throw me into rescue mode if pressed too early. I guess I’ll have to set GRUB_TIMEOUT_STYLE from hidden to menu in the grub config.
Anyway, after entering grub I was able to select a timeshift snapshot, but not the one I created right before making the pam.d changes because timeshift failed to run update-grub or whatever to add those snapshots to the menu. Very unfortunate that this doesn’t happen automatically. So I had to boot my live USB again to fix things.
I got stuck at [ OK ] Started Modem Manager. btw.
Then after removing plymouth, I got stuck at [ OK ] Started Thunderbolt system service.
Seeing as I don’t use Gnome (don’t like playing in heaps of sh…erm yeah) I don’t know about Gnome keyring actually. But from what I’ve read is that it’s very close to, if not completely impossible. But these looks promising:
This feature bothers a lot of people and is generally considered really annoying because it keeps nagging you for a password even though you have never set it up or asked it to store passwords for you.
On Arch Linux it is apparently possible to disable the GNOME keyring with the following instructions.
You will need to make the boot process more verbose, check the other Kernel command line options you are using. Or boot up your system and check the journal messages for the last boot, this will not work if you restore form timeshift. You will need to fix your system via a live environment and the the journal form there (Hint: --directory= will be needed) or boot your normal system and use -b-1 for the last boot.
The problem the OK lines are that these are the last successful started services, it does not show which service failed. Also depending at which state it stops, you can still switch to a tty.
I just needed to do three things, disable the systemd user service for the keyring, comented out the pam entries for pam_gnome_keyring.so and removed /etc/xdg/autostart/gnome-keyring-secrets.desktop . I had no problem booting and no keyring service was running after login.
Did not seems to be that complicated.
Turns out you are right, I was indeed able to switch into a tty. From there I was able to find the errors:
$ journalctl -b -p 3
Aug 26 18:04:29 tvk-xps159575 gdm-autologin]: PAM bad jump in stack
Aug 26 18:05:38 tvk-xps159575 systemd: gnome-keyring-daemon.socket: Socket service gnome-keyring-daemon.service not loaded, refusing.
Aug 26 18:05:38 tvk-xps159575 systemd: Failed to listen on GNOME Keyring daemon.
I was not able to restore my pam.d backup from tty though because after deleting the current pam.d directory, sudo stopped working so that I couldn’t cp the backup into /etc. So I had to boot into the live USB again to fix it.
I really wonder how our systems differ. Maybe gnome keyring is somehow integrated into the whole LUKS thing?
Well that is an explanation. I would not use autologin.
The problem is the line in /etc/pam.d/gdm-autologin above the first with pam_gnome_keyring.so
The default action is to skip one line, which means to skip system-local-login. (Or something similar, I not that similar with the pam actions, or the error is because this is now the last one starting with auth)
Either way, remove the # from this line, since it is not the auto_start, or use the optional shorthand action just for a test.
Check the status command, it will now be in a different spot. You fixed two, but there are tree things you need to do. The suggestion to copy the desktop file to the Home autostart folder and edit it did not worked for me. I simply removed the desktop file in /etc/xdg/autostart/ .
The thing with KeypassXC is that you can only enable the secret service integration, if gnome keyring is not running. When I kill Gnome keyring forcefully, I can enable the KeepassXC secret service integration, but on the next reboot Gnome keyring will overrule it again.
Now it is started by dbus. This means you startet a program that needs the keyring running. Is that immediately after your system reached the GUI or after you start programs. Do use Wifi with NM and saved the password only for your user? Which program do you use that needs the gnome-keyring? A browser for example? You can try to use dbus-monitor (without any parameter) but there is usually a lot, and you need to start it before the gnome-keyring process is started.
If you are not able to find the program that sends the dbus request, there are 3 files in /usr/share/dbus-1/services/ that will start the gnome-keyring process .