[pkg-gnupg-maint] Bug#791364: No gpg-agent is started unless 'use-agent' is explicitly configured

[Iain Lane]

Hi,

On Fri, Jul 03, 2015 at 10:43:34PM +0200, Michael Biebl wrote:
> […]
> a/ without a running gpg-agent, gpg v2 doesn't cache any passwords. It
> spawns a gpg-agent process on demand, so we at least get a
> pinentry-gnome3 based prompt.
> 
> b/ without "use-agent", gpg v1 will also not use gpg-agent/pinentry-gnome3
> at all, but fall back to prompt directly on the console.
> 
> Regarding gpg v2 I'm surprised that "use-agent" is still necessary.
> At least "man gpg2" says that --use-agent is a dummy, since gnupg agent
> is mandatory
> 
> Any clever idea how we can address this? Should we start gpg-agent
> unconditionally in /etc/X11/Xsession.d/90gpg-agent? This would at least
> address a/.

The suggestion I came up with during our discussion on IRC the other day
is to install another Xsession.d snippet in gnupg2 which does something
like

  # source PID_FILE?

  if [ -z ${GPG_AGENT_INFO} ]; then
    # start the agent
  fi

and is ordered after gnupg-agent's one. That is: if we've got gpg2
installed then always start the agent, otherwise if we've only got gpg1
installed then start it only if we have 'use-agent' in the config file.

Would that work?

Cheers,

-- 
Iain Lane                                  [ iain at orangesquash.org.uk ]
Debian Developer                                   [ laney at debian.org ]
Ubuntu Developer                                   [ laney at ubuntu.com ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20150706/a67f7985/attachment.sig>