[pkg-gnupg-maint] Bug#784289: Bug#784289: gnupg 2.1 and gnome-keyring no longer interoperate
Werner Koch
wk at gnupg.org
Tue May 5 06:36:30 UTC 2015
On Tue, 5 May 2015 01:38, sandals at crustytoothpaste.net said:
> spawned to prompt the user. It appears the socket has moved, and
> symlinking the socket indicates that GnuPG has intentionally broken
It has not been broken but since 2.0.23 gpg detects that GKR hijacks the
connection and causes all kind of troubles including security
weaknesses.
Note that even 2.0 can be configured to use a fixed socket like 2.1
does:
--use-standard-socket
--no-use-standard-socket
By enabling this option gpg-agent will listen on the socket named
'S.gpg-agent', located in the home directory, and not create a
random socket below a temporary directory. Tools connecting to
gpg-agent should first try to connect to the socket given in
environment variable GPG_AGENT_INFO and then fall back to this
socket. This option may not be used if the home directory is
mounted on a remote file system which does not support special files
like fifos or sockets. Note, that --use-standard-socket is the
default on Windows systems. The default may be changed at build
time. It is possible to test at runtime whether the agent has been
configured for use with the standard socket by issuing the command
gpg-agent --use-standard-socket-p which returns success if the
standard socket option has been enabled.
> Please decide to which package this bug belongs, assign it accordingly,
> and fix it.
It has been told enough times that this is GKR bug. Given that the GNOME
folks are not willing to fix that we are preparing changes to the GnuPG
system which should allow them to remove that hijacking and instead
install a new kind of Pinentry which implements what GKR should have
done.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the pkg-gnupg-maint
mailing list