[pkg-gnupg-maint] Bug#1078787: gpg-agent-ssh.socket ignores enable-ssh-support, stomps on SSH_AUTH_SOCK from ssh-agent.service
Andreas Metzler
ametzler at bebt.de
Fri Aug 16 10:55:40 BST 2024
On 2024-08-16 Richard Hansen <rhansen at rhansen.org> wrote:
> Package: gpg-agent
> Version: 2.4.5-2
> Severity: normal
> Tags: patch
> The /usr/lib/systemd/user/gpg-agent-ssh.socket systemd unit file
> unconditionally sets the SSH_AUTH_SOCK environment variable, even when
> enable-ssh-support is not present in ~/.gnupg/gpg-agent.conf. This causes
> it to override the value set by openssh-client's
> /usr/lib/systemd/user/ssh-agent.service, breaking users that need to use the
> OpenSSH agent for its security key support (ecdsa-sk or ed25519-sk).
> Patch available at:
> https://salsa.debian.org/debian/gnupg2/-/merge_requests/17
[...]
Hello Richard,
thank you.
-ExecStartPost=systemctl --user set-environment SSH_AUTH_SOCK="%t/gnupg/S.gpg-agent.ssh"
+ExecStartPost=sh -c '[ -z "$$(gpgconf --list-options gpg-agent | awk -F: \'/^enable-ssh-support:/{print$$10}\')" ] || systemctl --user set-environment "$$@"' - "SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh"
I think I will revert
https://salsa.debian.org/debian/gnupg2/-/commit/2ed898c22475d25dbc874b9cdc82063c31c4e603
the original way
https://salsa.debian.org/debian/gnupg2/-/blob/debian/unstable/debian/systemd-environment-generator/90gpg-agent?ref_type=heads
is a lot more readable and compared to that the rationale given in
https://salsa.debian.org/debian/gnupg2/-/merge_requests/8 seems a little
bit weak.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the pkg-gnupg-maint
mailing list