[pkg-gnupg-maint] Bug#787313: Bug#787313: Systemd user unit for gnupg-agent

NIIBE Yutaka gniibe at fsij.org
Wed Jun 3 06:05:44 UTC 2015


On 05/31/2015 06:25 PM, Moritz Muehlenhoff wrote:
> I've configured it on my notebooks for a while now:
> 
> If you install the attached unit file to /usr/lib/systemd/user
> the unit can be activated on a per-user basis with
> "systemctl --user enable gpg-agent.service"
> 
> (Of course, following that GPG_AGENT_INFO still needs to sourced in
> the user session)
> 
> Running gpg-agent through a user session has a number of benefits:
> - systemd ensures it only gets started once per user
> - it's agnostic of desktop environments and works even it you don't
>   use one (on my private notebook I only start X11 selectively when
>   I want to watch a movie), so running gpg-agent through ~/.xession
>   doesn't work for me
> - gpg-agent is managed consistently with other system services (e.g. it
>   shows up in "systemctl --user list-units", "systemctl status" etc.)

Thank you.  I think it makes sense.

Last week, I updated to Stretch.  Then, I found that xfce4-session now
has a feature invoking gpg-agent and ssh-agent by itself (not by XDG
startup process).  Now, I needed to configure:

	/startup/ssh-agent/enabled FALSE
	/startup/gpg-agent/enabled FALSE

to disable this feature (because default is TRUE).

While it would be easier for GnuPG-only users to invoke gpg-agent by
gpg (and its friends), there are users who use SSH under gpg-agent as
well.

For Debian, as a distribution, I think that it is much better for the
gnupg-agent package to "declare": it's systemd who invokes.  In this
way, we can ask xfce4-session, gnome-keyring-daemon, or any other
packages to stop (the questionable) feature of invoking gpg-agent.


Well, I have a comment for the description:

> [Unit]
> Description=GNU privacy guard password agent
                                ^^^^^^^^

This is not accurate description, today.  In modern GnuPG, gpg-agent
basically handles operations for secret keys.
-- 



More information about the pkg-gnupg-maint mailing list