On Thu, 2 May 2024 16:58, Matěj Cepl said: > rather dubious: systemd can certainly manage a dependence on > shared resource, and concurrent running of two processes at
Right. However, systemd does not use the same locking scheme as gnupg uses to avoid duplicate daemon startup. The gnupg internal startup of required daemons has been there before systemd was invented and it needs to work on all platforms - not just on Linux. Having different schemes here is major problem but the former Debian maintainer (dkg) promised to take care of all problems due to his patches which added that systemd startup (--supervised) feature. Given that history I consider it unlikely that Debian will ever provide an enhanced ssh version which can be configured to start its ssh-agent on connection failure. Thus we need to keep on using the updatestartuptty thing when using a curses pinentry or a remote X session. The updatestartup thing does actually two things: Make sure that gpg-agent is launched (most other commands will do this also) and, more important, to tell gpg-agent something about the current environment (GPG_TTY, DISPLAY, etc). I have a patch somewhere to extend the ssh-agent-protocol to convey envvars but more or less forgot about it. it would be a useful things also for other ssh-agent's > I still haven’t investigated this piece of Werner’s advice: > >> Using no-autostart in the common.conf might be useful. We use it always >> when running a remote gpg. That is easy: On a remote box you don't want to run gpg-agent because this shall instead be handled by ssh socket forwarding. Without such an option running gpg might start gpg-agent on the remote box and thus take over the forwarded socket. Instead of adding "no-autostart" to all config files of gnupg, adding this to common.conf will be sufficient. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein
openpgp-digital-signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users