[pkg-gnupg-maint] Bug#882736: Bug#882736: gpg-agent: does not always use same socketdir
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Nov 27 15:02:18 UTC 2017
On Sun 2017-11-26 12:00:31 +0100, Ansgar Burchardt wrote:
> gpg(-agent) uses a different socketdir when a non-default homedir is
> specified depending on the environment:
>
> If /run/user/<id> exists, it will use /run/user/<id>/gnupg/d.<hash>;
> otherwise it will fall back to <homedir>. XDG_RUNTIME_DIR is
> intentionally ignored...
this is a deliberate choice by upstream.
> This does cause multiple instances of gpg-agent to be launched when
> first invoking `gpg` with no open login session (/run/user/<id> does
> not exist) and then again with an open login session open (which
> created /run/user/<id>).
how are you launching gpg without a login session? that's not a common
workflow from what i can tell.
> Only one gpg-agent will be able to access smartcards, the other will
> just give an error.
yes, smartcard access is limited to one running scdaemon per machine.
> If both `gpg` invocations happened outside a login session, usually
> XDG_RUNTIME_DIR wouldn't be set and gpg would always use the same
> socket location (unless also invoked from within a session with
> XDG_RUNTIME_DIR set). Or one could set XDG_RUNTIME_DIR to a fixed
> location before invoking gpg (or unset it), but gpg ignores that
> variable.
If you're concerned about XDG_RUNTIME_DIR, you should try to re-open
discussion with upstream about it:
https://dev.gnupg.org/T1330
If upstream can't be convinced, and you've got a patch that you think
debian should carry to be more distro-compatible, feel free to propose
it on this bug report.
> In addition it would be nice if there was an option to explicitly
> configure a socket directory to allow using supervision for
> gpg-agent's with a non-default homedir (and not having to rely on
> implementation details like d.${hash} which might change).
I don't understand what you're asking for here.
The socket path used by the clients of the agent should be stable if you
discover the agent's socket path like so:
gpgconf --homedir=/wherever --list-dirs agent-socket
So you should be able to supervise that location, right?
or are you looking for something else?
--dkg
More information about the pkg-gnupg-maint
mailing list