[pkg-gnupg-maint] Bug#787313: Bug#787313: Bug#787313: Systemd user unit for gnupg-agent

Werner Koch wk at gnupg.org
Wed Jun 3 08:03:42 UTC 2015


On Wed,  3 Jun 2015 08:05, gniibe at fsij.org said:

> Thank you.  I think it makes sense.

I don't think so.  GnuPG uses a locking mechanism to avoid that several
instances of gpg and friends start gpg-agent.  Thus watching the socket
file and starting gpg-agent on a connect attempt won't work too well.

> While it would be easier for GnuPG-only users to invoke gpg-agent by
> gpg (and its friends), there are users who use SSH under gpg-agent as
> well.

The preferred way to start gpg-agent in this case is 

  gpgconf --launch gpg-agent

for 2.1 or 

  gpg-connect-agent /bye

for 2.0 (works also with 2.1).  It would be even better if ssh or that
systemd stuff starts gpg-agent this way at the first attempt of ssh to
use an ssh-agent.  But that requires a change to ssh because ssh does
not use a fixed socket name.

>> Description=GNU privacy guard password agent
>                                 ^^^^^^^^
>
> This is not accurate description, today.  In modern GnuPG, gpg-agent
> basically handles operations for secret keys.

Actually since 1.9 (in 2003) where this has always been required by
GnuPG's CMS/X.509 (aka S/MIME) part.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



More information about the pkg-gnupg-maint mailing list