[pkg-gnupg-maint] Bug#835394: gnupg-agent: gpg agent refusing ssh agent work

[Joerg Jaspert]

Package: gnupg-agent
Version: 2.1.14-5
Severity: minor

Dear Maintainer,

Since the upgrade to the newest gnupg-agent I had the problem that
gnupg-agent just refused any ssh agent work with a simple

sign_and_send_pubkey: signing failed: agent refused operation

which isn't all that helpful a message. I always had gnupg-agent
configured for the ssh-agent support and never run an ssh-agent
directly, which, until the upgrade, worked nicely.

Finally had time to look what broke in gnupg-agent - and it seems the
way its started now (or its now default way of working) is kinda stupid
compared to the past.

Past: An Xsession.d script that just had

$GPGAGENT --daemon --sh --enable-ssh-support --write-env-file=$PID_FILE $STARTUP

and whenever needed (my shell startup scripts) I fetched the agent vars
from that file. Works.

Now: "gpg agent started by systemd foo" for whatever reason. And the
script only exporting the SSH_AUTH_SOCK var.

The Now: is broken: It leaves people without a working ssh key agent. As
systemd starts it on whatever tty (maybe none). I finally found

$ gpg-connect-agent updatestartuptty /bye

somewhere in the manpage, and if I run that, ssh functionality is back.

I wonder if that shouldn't be run automagically at the time
SSH_AUTH_SOCK is exported. Its highly annoying and IMO a regression to
the past, if one has to manually do something to get ssh support running
in the agent.

-- 
bye, Joerg
"Hätten die Affen, von denen wir angeblich abstammen, geahnt, dass durch
die Evolution eines Tages aus Ihren Reihen Politiker entstehen würden,
wären sie auf Ihren Bäumen geblieben und hätten niemals versucht den
aufrechten Gang zu erlernen."
(J. Sheridan, Babylon5)