[pkg-gnupg-maint] Bug#851462: Bug#851462: #851462 gpg-agent: a gpg-agent is already running - not starting a new one
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Apr 27 02:28:56 UTC 2017
Hi Thomas--
On Tue 2017-04-25 21:37:46 -0400, Thomas Dickey wrote:
> Referring to the manual page:
>
> gpg-agent --daemon --enable-ssh-support \
The above line doesn't appear in the gpg-agent manual page, afaict. In
a modern version of gpg-agent, ssh support is always enabled.
The OpenSSH Agent protocol is always enabled
whether you decide to use it for ssh-agent or whether you decide to use
a different ssh-agent implementation is up to you, and you can make that
decision explicit by deciding how you'll set the $SSH_AUTH_SOCK
environment variable.
> I tried using the ssh-support option, have never seen it work reliably.
> After some experimentation a few years ago, I came up with this working
> solution.
if it never worked reliably, and you found some complex workaround, it's
entirely possible that upstream fixed the unreliability and was unaware
of whatever workaround you've chosen to do. I'm still having a hard
time following it myself.
Perhaps using it as currently expected by upstream (and removing complex
workarounds) will be the most fruitful result for you.
> The updates for gpg-agent in January broke my solution (and the
> explanation of the "new" behavior sounds as though it's been "improved"
> to only work in a desktop session - if that is incorrect, you should
> provide that information clearly in the README.Debian file - as written
> it does not address this bug report:
you can use gpg-agent without needing a desktop session, but if you need
interactive prompting, a desktop session is recommended. desktops are
good at that kind of interactivity :)
> leaves a lot unsaid. In my case, there was no desktop session.
> (The package still depends upon either pinentry-curses or pinentry).
ok, so you're running from a network console? from a vt? some other
environment? the more you can help me understand your setup, the better
i'll be able to help.
> hmm - no: I overlooked that. It's been a couple of years since I put these
> together. The "killall" in "wrapssh" is redundant; I'm killing it in
> "presign" so that I can force it to use pinentry-curses
if your goal is to force the use of pinentry-curses, and you're on a
machine without a desktop environment, you should either ensure that
/usr/bin/pinentry points to pinentry-curses, or you should put
"pinentry-program /usr/bin/pinentry-curses" into ~/.gnupg/gpg-agent.conf
> #!/bin/sh
> # $Id: presign,v 1.2 2014/09/01 14:54:50 tom Exp $
> # vi:ts=4
> # Initialize a subshell which will run gpg-agent, sets a variable that we can
> # use in the initialization to force an gpg-sign prompt.
You should *not* expect to run multiple concurrent gpg-agents on the
same GnuPG home directory. That is explicitly not supported by
upstream.
> ... and Debian/testing isn't the only system that I use it on.
I'm sorry, but i can't support arbitrary scripts that run on arbitrary
operating systems. My hands are pretty full with supporting GnuPG on
debian :/
> Back to the bug report: what I'm reading is that gpg-agent can no longer
> be used as documented.
I still don't see this, sorry. Can you try to produce the simplest
possible example that reproduces the problem?
--dkg
More information about the pkg-gnupg-maint
mailing list