[pkg-gnupg-maint] Bug#784289: Bug#784289: gnupg 2.1 and gnome-keyring no longer interoperate
Josselin Mouette
joss at debian.org
Tue May 5 10:24:53 UTC 2015
Werner Koch <wk at gnupg.org> wrote:
On Tue, 5 May 2015 01:38, sandals at crustytoothpaste.net said:
> spawned to prompt the user. It appears the socket has moved, and
> symlinking the socket indicates that GnuPG has intentionally broken
It has not been broken but since 2.0.23 gpg detects that GKR hijacks the
connection and causes all kind of troubles including security
weaknesses.
This intentional regression is not acceptable and must be fixed in the
Debian GnuPG package.
Note that even 2.0 can be configured to use a fixed socket like 2.1
does:
--use-standard-socket
--no-use-standard-socket
By enabling this option gpg-agent will listen on the socket named
'S.gpg-agent', located in the home directory, and not create a
random socket below a temporary directory. Tools connecting to
gpg-agent should first try to connect to the socket given in
environment variable GPG_AGENT_INFO and then fall back to this
socket. This option may not be used if the home directory is
mounted on a remote file system which does not support special files
like fifos or sockets.
Thanks, you just broke remote $HOME configurations, just to piss off
GNOME keyring developers. This is antisocial behavior.
It has been told enough times that this is GKR bug. Given that the GNOME
folks are not willing to fix that we are preparing changes to the GnuPG
system which should allow them to remove that hijacking and instead
install a new kind of Pinentry which implements what GKR should have
done.
This should have been done first.
--
Joss
More information about the pkg-gnupg-maint
mailing list