Bug#444103: patch: enable ssh support if ssh-agent is disabled

Tue, 21 Feb 2012 04:39:26 -0800 

usertags 444103 + pca.it-authentication
thanks

Hi there!

On Sun, 18 Sep 2011 22:38:25 +0200, Luca Capello wrote:
> On Wed, 26 Sep 2007 07:54:20 +0200, Tim Riker wrote:
>> If /etc/X11/Xsession has "use-ssh-agent" disabled, and
>> $GNUPGHOME/gpg.conf has use-agent, we might as well enable ssh-agent
>> support in gpg-agent.
>
> Fully agree, but only if $GNUPGHOME/gpg-agent.conf has
> "enable-ssh-support", see below for a full explanation.
>
> On Fri, 02 Oct 2009 11:09:45 +0200, Kees Meijs wrote:
>> When someone does not want to run ssh-agent, I guess it's still not
>> safe to assume the person _does_ want --enable-ssh-support for
>> gpg-agent in all cases.
>
> This is why there is a way in gpg-agent to decide if it should act as an
> SSH agent as well, i.e. "enable-ssh-support".  The problem is that there
> is no way to decide if one wants ssh-agent or not and there is a bug in
> /etc/X11/Xsession.d/90gpg-agent that prevents ssh-agent to be correctly
> started:
>
>   <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642012#17>
>
> So, basically, to fix this bug: if "enable-ssh-support" is enabled in
> $GNUPGHOME/gpg-agent.conf gpg-agent will act as ssh-agent as well, no
> matter the value of "use-ssh-agent" in /etc/X11/Xsession.options.  Thus
> here an IMHO better patch for /etc/X11/Xsession.d/90gpg-agent:

Git patch attached.  Test packages fixing #444103, #642012 and #642021
are available at:

  
<http://people.debian.org/~gismo/tmp/gnupg2_2.0.18-3~gismo444103.642012.642021.1.dsc>

Thx, bye,
Gismo / Luca


From bc8555e936256261f7be123dd012e6ec5a93ee62 Mon Sep 17 00:00:00 2001
From: Luca Capello <l...@pca.it>
Date: Tue, 21 Feb 2012 12:53:22 +0100
Subject: [PATCH 1/3] debian/gnupg-agent.xsession: (#444103) enable the SSH
 support

---
 debian/changelog            |    9 +++++++++
 debian/gnupg-agent.xsession |    8 +++++++-
 2 files changed, 16 insertions(+), 1 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 8594851..37379b0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+gnupg2 (2.0.18-3) UNRELEASED; urgency=low
+
+  [ Luca Capello ]
+  * debian/gnupg-agent.xsession:
+    + enable the SSH support according to $GNUPGHOME/gpg-agent.conf
+      (Closes: #444103).
+
+ --
+
 gnupg2 (2.0.18-2) unstable; urgency=low
 
   * debian/control, debian/gpgsm.install, debian/scdaemon.install: Add a
diff --git a/debian/gnupg-agent.xsession b/debian/gnupg-agent.xsession
index eb8c584..d129884 100644
--- a/debian/gnupg-agent.xsession
+++ b/debian/gnupg-agent.xsession
@@ -14,6 +14,12 @@ if grep -qs '^[[:space:]]*use-agent' "$GNUPGHOME/gpg.conf" "$GNUPGHOME/options"
    # Invoking gpg-agent with no arguments exits successfully if the agent
    # is already running as pointed by $GPG_AGENT_INFO
    if ! $GPGAGENT 2>/dev/null; then
-       STARTUP="$GPGAGENT --daemon --sh --write-env-file=$PID_FILE $STARTUP"
+       ## <http://bugs.debian.org/444103>
+       # check if the SSH support should be enabled
+       if grep -qs '^[[:space:]]*enable-ssh-support' "$GNUPGHOME/gpg-agent.conf"; then
+          ENABLESSH='--enable-ssh-support'
+       fi
+
+       STARTUP="$GPGAGENT --daemon $ENABLESSH --sh --write-env-file=$PID_FILE $STARTUP"
    fi
 fi
-- 
1.7.8.3

Attachment: pgpaymgadiKDC.pgp
Description: PGP signature

Reply via email to