[pkg-gnupg-maint] Bug#855868: Bug#855868: GPG_AGENT_INFO and SSH_AUTH_SOCK not set in wayland sessions

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Sep 8 01:00:14 UTC 2017 

On Mon 2017-08-21 15:18:30 +0200, Raphael Hertzog wrote:
> On Sun, 30 Jul 2017, rufo wrote:
>> Perhaps the solution might involve using systemd's
>> environment-generators [1].  This seems to be the new preferred way to
>> set environmental variables like SSH_AUTH_SOCK and the replacement for
>> putting scripts in /etc/X11/Xsession.d/.
>> 
>> For example the gnupg-agent package could create the file
>> /usr/lib/systemd/user-environment-generators/90gpg-agent containing
>> something like this:
>> 
>> #!/bin/bash
>> 
>> if [ -n "$(gpgconf --list-options gpg-agent | \
>>       awk -F: '/^enable-ssh-support:/{ print $10 }')" ]; then
>>     echo SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
>> fi
>> 
>> This is what I'm using at the moment and it seems to work well.  What do
>> you think?
>
> I agree it looks like a good solution. Daniel, can you implement this
> please?

sure, i can do this.  It's a little bit weird that
~/.gnupg/gpg-agent.conf will affect the SSH_AUTH_SOCK env var, but it at
least gives parity with the Xsession.d stuff.

What's funny is that gpg-agent always has ssh-agent enabled these days,
so the option itself is a no-op except for its use in these two session
management scripts.

That said, i don't want to export SSH_AUTH_SOCK by default, because the
people who prefer OpenSSH's ssh-agent should have that used
preferentially.

Is there any plan to try to get OpenSSH's ssh-agent to export
SSH_AUTH_SOCK in its own generator?

> Debian Unstable now defaults to Wayland for GNOME users and it would be
> nice to have SSH agent working out of the box again.

You have a weird definition of "out of the box" if you think adding
"enable-ssh-support" to ~/.gnupg/gpg-agent.conf is "out of the box" but
i'm ok with it :)

I'll get this uploaded shortly.

    --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20170907/d5e6a808/attachment.sig>

More information about the pkg-gnupg-maint mailing list