So on & so forth

Ville Määttä vmaatta at gmail.com
Tue Aug 19 22:02:02 CEST 2014


I just went through the process of switching to brew provided gpg2. Anyone not interested in the particular Mac workflow can skip this one.

So, removing GPG Suite, installed gnupg2 via brew, re-installing GPG Suite without MacGPG2 (i.e. the Mail.app helpers etc.). There is a bit of work involved in making a launchd script for gpg-agent and getting a working pinentry-mac but if gpg-agent is not a requirement, one can just go with the brew version.

Here’s a quick-n-dirty walk-through:

1. Remove GPG Suite using the uninstalled provided with the installer.
2. brew install gnupg2 (installs gpg-agent as a dependency).
3. Install GPG Suite, choose Customize —> Leave out MacGPG2
4. Install pinentry-mac, either binary [1] or source [2]. The pinentry with brew didn’t work for me. I went for the binary seeing as the build started requiring a bit too much dependencies I didn’t want to install right now. Latest binary worked for me.
5. Add pinentry-mac location to gpg-agent.conf, e.g. /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac (I just copied the binary to where MacGPG2 installs it.)
6. Add a ~/Library/LaunchAgents/com.ruriat.gpgagent.plist [3] <— Note that the name is quite freeform. Customise as needed.
7. Add the usual agent environment variables to bash profile [4].


[1] https://github.com/GPGTools/pinentry-mac/downloads
[2] https://github.com/GPGTools/pinentry-mackk

[3] My example is based on http://spin.atomicobject.com/2014/02/09/gnupg-openpgp-smartcard/

** START [3] com.ruriat.gpgagent.plist **

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
    <key>Label</key>
    <string>com.ruriat.gpgagent</string>
    <key>ProgramArguments</key>
    <array>
	<string>/usr/local/bin/gpg-agent</string>
	<string>--daemon</string>
	<string>--scdaemon-program</string>
	<string>/usr/local/Cellar/gnupg2/2.0.26/libexec/scdaemon</string>
	<string>--write-env-file</string>
	<string>--use-standard-socket</string>
	<string>--default-cache-ttl</string>
	<string>43200</string>
	<string>--enable-ssh-support</string>
	<string>--default-cache-ttl-ssh</string>
	<string>43200</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
    <key>StandardErrorPath</key>
    <string>/dev/null</string>
    <key>StandardOutPath</key>
    <string>/dev/null</string>
    <key>ServiceDescription</key>
    <string>Run gpg-agent at login.</string>
    </dict>
</plist>

** END [3] com.ruriat.gpgagent.plist **

[4] START (file ~/.bash_profile)

GPG_TTY=$(tty)
export GPG_TTY
# GPG Agent for SSH support
if [ -f "${HOME}/.gpg-agent-info" ]; then
    . "${HOME}/.gpg-agent-info"
    export GPG_AGENT_INFO
    export SSH_AUTH_SOCK
    export SSH_AGENT_PID
fi

[4] END

-- 
Ville

On 19 Aug 2014, at 22:33, Doug Barton <dougb at dougbarton.us> wrote:

> On 8/19/14 11:17 AM, Ville Määttä wrote:
>> 1. The package and gnupg2 version used has not been updated since October 2013 (2013.10.22). If I’m not completely mistaken the version is still 2.0.22.
> 
> Yes, that was my biggest concern as well (and you're correct on the version).
> 
> Is there a better solution? I'm comfortable on the command line, and wouldn't mind compiling my own if there was a suitable step-by-step guide available. I've compiled lots of stuff for FreeBSD and Linux, but while I've used Macs in the past I'm new to being a Mac "owner."
> 
> If "compile your own" is the right answer, I'd also be appreciative of a guide for getting gpg-agent running on a Mac. I see the GPG Suite version running in the ps list, and I know how to get .app stuff started at login time, but I haven't gotten to the part of the manual where it talks about autostart for command line stuff yet. :)
> 
> Thanks,
> 
> Doug
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users




More information about the Gnupg-users mailing list