[pkg-gnupg-maint] Bug#853905: Bug#853905: Ships incorrect /usr/lib/systemd/user/sockets.target.wants files, makes disabling impossible

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Feb 4 00:40:41 UTC 2017 

On Fri 2017-02-03 09:02:47 -0500, Yuri D'Elia wrote:
> On Fri, Feb 03 2017, Michael Biebl wrote:
>>> When gpg is used via command line, the agent is started automatically
>>> and then it's left sitting there. But for a system without seats, the
>>> agent doesn't make sense. It shouldn't be running.
>>
>> That doesn't make sense. Even if you stop the sockets, once you use gpg,
>> gpg-agent will be auto-started as well, just using a different mechanism.
>
> It this also true also when --no-autostart is in use?

In this case, gpg-agent will not be automatically started, but if it
needs any information from the secret keyring (which is the only reason
it ever tries to auto-launch gpg-agent in the first place), it will
fail.

What are you doing with gpg?  if whatever you're doing needs the secret
keyring, the agent will be launched.  if it doesn't need the secret
keyring, the agent will not be launched.

With gpg-agent as a systemd user service, when the user completely logs
out of the system, any services launched (socket-activated or otherwise)
will be stopped automatically.

OTOH, if gpg-agent is auto-launched by gpg (not managed as a systemd
user service), there is no robust standard way to ensure that the agent
gets terminated at logout.

Yuri, it sounds like you've got a particular scenario that you don't
like, and you're trying lots of things to change it, but i don't
understand what the scenario is.

Can you try to distill the problem you're seeing into a repeatable
pattern?  I have a minimal server running debian testing.  when i log
into it with ssh, and use gpg with secret key material, the gpg-agent is
spawned by systemd's socket activation, and remains supervised by
systemd.

When i log out, the gpg-agent process gets terminated cleanly by
systemd.

What's the problem?

   --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20170203/94ab65cc/attachment-0001.sig>

More information about the pkg-gnupg-maint mailing list