Bug#444103: patch: enable ssh support if ssh-agent is disabled

Sun, 18 Sep 2011 14:27:36 -0700 

affects 444103 + openssh-client
thanks

Hi there!

On Wed, 26 Sep 2007 07:54:20 +0200, Tim Riker wrote:
> If /etc/X11/Xsession has "use-ssh-agent" disabled, and
> $GNUPGHOME/gpg.conf has use-agent, we might as well enable ssh-agent
> support in gpg-agent.

Fully agree, but only if $GNUPGHOME/gpg-agent.conf has
"enable-ssh-support", see below for a full explanation.

On Fri, 02 Oct 2009 11:09:45 +0200, Kees Meijs wrote:
> +   # user wants gpg-agent, but not ssh-agent, assume ssh support in
> gpg-agent
> +   if ! grep -qs ^use-ssh-agent "$OPTIONFILE"; then
> +       ENABLESSH='--enable-ssh-support'
> +   fi
> +
>
> Should check for a new option (e.g. use-gpg-agent-ssh) as well.

Please note that OPTIONFILE refers to /etc/X11/Xsession.options and that
these options are system-wide.  See #412993 for a global Xsession
"use-gpg-agent" option, to which I disagree, both are IMHO user options:

  <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642012#17>

> When someone does not want to run ssh-agent, I guess it's still not
> safe to assume the person _does_ want --enable-ssh-support for
> gpg-agent in all cases.

This is why there is a way in gpg-agent to decide if it should act as an
SSH agent as well, i.e. "enable-ssh-support".  The problem is that there
is no way to decide if one wants ssh-agent or not and there is a bug in
/etc/X11/Xsession.d/90gpg-agent that prevents ssh-agent to be correctly
started:

  <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642012#17>

So, basically, to fix this bug: if "enable-ssh-support" is enabled in
$GNUPGHOME/gpg-agent.conf gpg-agent will act as ssh-agent as well, no
matter the value of "use-ssh-agent" in /etc/X11/Xsession.options.  Thus
here an IMHO better patch for /etc/X11/Xsession.d/90gpg-agent:

--8<---------------cut here---------------start------------->8---
--- 90gpg-agent.ORG
+++ 90gpg-agent
@@ -11,9 +11,14 @@
        . "$PID_FILE"
    fi
 
+   # check if the SSH support should be enabled
+   if grep -qs '^[[:space:]]*enable-ssh-support' "$GNUPGHOME/gpg-agent.conf"; 
then
+       ENABLESSH='--enable-ssh-support'
+   fi
+
    # Invoking gpg-agent with no arguments exits successfully if the agent
    # is already running as pointed by $GPG_AGENT_INFO
    if ! $GPGAGENT 2>/dev/null; then
-       STARTUP="$GPGAGENT --daemon --sh --write-env-file=$PID_FILE $STARTUP"
+       STARTUP="$GPGAGENT --daemon $ENABLESSH --sh --write-env-file=$PID_FILE 
$STARTUP"
    fi
 fi
--8<---------------cut here---------------end--------------->8---

Thx, bye,
Gismo / Luca

Attachment: pgpEKcRey09p3.pgp
Description: PGP signature

Reply via email to