gpg-agent and launchd

Stéphane Corthésy stephane at sente.ch
Wed Apr 2 09:32:23 CEST 2008


Hello,

On Apr 1, 2008, at 2:23 PM, Werner Koch wrote:

> On Fri, 21 Mar 2008 18:32, stephane at sente.ch said:
>
>> - as gpg-agent runs as a daemon, we cannot watchdog it, and relaunch
>> it automatically, without an external watch dog process
>
> Simply run gpg-agent to see whether the agent is still alive.


Not very user friendly. User expects agent to start at login, then  
stops at logout, without having to relaunch it n case of doubt. User  
should have the possibility to start/stop it manually too, but  
shouldn't have to ckeck that it is running. Using the system's  
watchdog mechanism (launchd) would be much better. Anyway, that's not  
a critical point.


>> - as we cannot make all user processes inherit from the environment
>> variables of gpg-agent (user processes don't read the ~/.login or
>> whatever), we need to stick with standard socket path, which works
>> only if the home directory is mounted as a local file system
>
> It would be straightforward to add a configure or runtime option to  
> set
> a different standard socket name.  Let me know if you really need  
> this.
> However all tools need to have a way to figure out the standard  
> socket.
> /etc/gnupg/foo might be usable to describe a system wide standard
> socket.


That's the critical point.
Having a configure option could work only if standard socket name  
would include a dynamic part (e.g. the uid), else it could mean that  
2 users couldn't run the agent at the same time on the same machine,  
if they both use the same socket name.
Having a new option would work, though we'd need also new gpg and  
gpg2 executables that would support that new option too, as you wrote  
it; the new agent would not work with old versions of gpg/gpg2.  
Using /etc/gnupg/foo would not be a good idea, because that could  
prevent two users running the agent at the same time; the two agents  
can't use the same socket.
Note that if in the future you use the PID part in the GPG_AGENT_INFO  
environment variable, we will have a problem again: we can't make all  
user processes inherit from that dynamic GPG_AGENT_INFO environment  
variable, without launchd-specific code.


>> - when user logs out, gpg-agent is not terminated automatically
>
> Depends on how you install it.


What do you mean? How am I supposed to install it? Agent is launched  
on user's login; there is no logout hook to kill it, on OSX. Is it  
what the 'no-detach' option could be used for?


Thanks for your comments,

Stéphane


> Salam-Shalom,
>
>    Werner
>
> -- 
> Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.
>
>
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel




More information about the Gnupg-devel mailing list