Bug#949761: [pkg-gnupg-maint] Bug#949761: gpgconf: make socketdir configurable to users
On Tue, 21 Dec 2021 15:17, NIIBE Yutaka said: >> gpg2 and gpg-agent (used by gnupg (1.x) as well) now uses >> GPG_AGENT_INFO=/run/user/2339/gnupg/S.gpg-agent:0:1 but >> the directory /run/user/2339 is removed on logout by elogind >> even if processes are still running. > > I happened to find a possible solution for this problem, if a user uses > systemd. Another solution is to run touch /var/lib/elogin/linger/$(id -un) once to more or less get standard Unix semantics back. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. signature.asc Description: PGP signature
Bug#949761: gpgconf: make socketdir configurable to users
On Fri, 24 Jan 2020 17:21:43 +0100 Thorsten Glaser wrote:
> Package: gpgconf
> Version: 2.2.19-1
> Severity: important
>
> gpg2 and gpg-agent (used by gnupg (1.x) as well) now uses
> GPG_AGENT_INFO=/run/user/2339/gnupg/S.gpg-agent:0:1 but
> the directory /run/user/2339 is removed on logout by elogind
> even if processes are still running.
I happened to find a possible solution for this problem, if a user uses
systemd.
It seems that your use case is with elogind, so, this solution may not
work directly, but it would help seeking the way to solve.
In my system, I identified that:
The initial command creating /run/user/$UID/gnupg is this one (for
systemd users) by running gpgconf command:
/lib/systemd/user-environment-generators/90gpg-agent
And then, this script also invokes gpgconf command:
/etc/X11/Xsession.d/90gpg-agent
To introduce keeping old behavior of sockdir, I needed something
which runs before 90gpg-agent.
So, I created the file:
/etc/systemd/user-environment-generators/89-gpg-keep-old-behavior-of-sockdir-under-home
with the content of:
==
#!/bin/sh
D=/run/user/$(id -u)/
CONFIG_FILE=$HOME/.keep-old-behavior-of-gpg-sockdir
# Make a file to prevent use socketdir under /run by gnupg, but keep
# old behavior using $HOME/.gnupg
if [ -e $CONFIG_FILE ]; then
touch ${D}/gnupg
fi
==
That is, when a user specified by the file of
$HOME/.keep-old-behavior-of-gpg-sockdir, it creates a file
'/run/user/$UID/gnupg' before the creation of directory
/run/user/$UID/gnupg, so that the directory cannot be created and used.
Then, by the fallback mechanism of GnuPG, $HOME/.gnupg will be used.
--
Bug#949761: gpgconf: make socketdir configurable to users
Package: gpgconf Version: 2.2.19-1 Severity: important gpg2 and gpg-agent (used by gnupg (1.x) as well) now uses GPG_AGENT_INFO=/run/user/2339/gnupg/S.gpg-agent:0:1 but the directory /run/user/2339 is removed on logout by elogind even if processes are still running. Unfortunately, this means gpg-agent kills itself when that happens, e.g. when X crashes (Debian #912325) while, at the same time, I’m logged in over ssh and working, e.g. in GNU screen. This causes gnupg to completely fail (it asks for the password, then tells me it cannot sign, breaking e.g. signed git commits). Furthermore, I’d prefer to move it to a location more easily accessible in chroots, such as /dev/shm/ (see Debian #949698 where I’m already keeping my SSH agent information etc). I’ve not found any elogind option to not remove that directory on logout (as opposed to reboot which given it appears to be a tmpfs is granted) and also suspect systemd behaves the same. -- System Information: Debian Release: bullseye/sid APT prefers unreleased APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, 'unstable'), (100, 'experimental') Architecture: x32 (x86_64) Foreign Architectures: i386, amd64 Kernel: Linux 5.4.0-3-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8) Shell: /bin/sh linked to /bin/lksh Init: sysvinit (via /sbin/init) Versions of packages gpgconf depends on: ii libassuan0 2.5.3-7 ii libc6 2.29-9 ii libgcrypt201.8.5-3 ii libgpg-error0 1.36-7 ii libreadline8 8.0-3 gpgconf recommends no packages. gpgconf suggests no packages. -- no debconf information
