severity 796931 normal thanks On Tue 2015-08-25 17:29:05 -0400, Thorsten Glaser wrote: > since one of the recent upgrades, gpg-agent no longer writes its > environment file. This is a rather bad regression for my setup, > which uses the env file for sharing a gpg-agent across all (both > SSH and local console or X11) sessions of one user (i.e. that > particular sharing now becomes impossible).
For GnuPG's modern suite (2.1.x), the gpg-agent will always be automatically launched, and will be shared by users on the system system. There is no need for $GNUPGHOME/gpg-agent-info-$(hostname), because they will all use $GNUPGHOME/S.gpg-agent as the standard socket. Trying to pair this with gpg from the "classic" suite (1.4.x) is slightly more awkward, because: a) gpg 1.4.x does not auto-launch the agent, and b) gpg 1.4.x relies on GPG_AGENT_INFO to be explicitly set I don't want to overengineer solutions for gpg 1.4.x because the plan for gpg 1.4.x is to make it gpg1, and have /usr/bin/gpg supplied directly by the modern gpg. That said, all that's needed for gpg 1.4.x to work (assuming "use-agent" has been set in gpg.conf) is to ensure the agent is running (e.g. "gpg-connect-agent /bye" or "gpgconf --launch gpg-agent"), and to ensure that GPG_AGENT_INFO is set explicitly to $GNUPGHOME/S.gpg-agent:0:1 For ssh, the situation is similar: a standard socket will be used ($GNUPGHOME/S.gpg-agent.ssh), and the OpenSSH tools need to be informed about it via the SSH_AUTH_SOCK environment variable. So I think all of this boils down to: gpgconf --launch gpg-agent export GPG_AGENT_INFO=$HOME/.gnupg/S.gpg-agent:0:1 if [ -n "$(gpgconf --list-options gpg-agent | awk -F: '/^enable-ssh-support:/{ print $10 }')" ]; then export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh fi I think this is a plausible workaround for the use cases described in this bug, and it should be pretty simple. Please let me know how this works for you. I don't think anyone should need any gpg-agent-info-$(hostname) file at all to support the use case you describe. --dkg
signature.asc
Description: PGP signature