gpg-agent and launchd
stephane at sente.ch
Wed Apr 2 09:32:23 CEST 2008
On Apr 1, 2008, at 2:23 PM, Werner Koch wrote:
> On Fri, 21 Mar 2008 18:32, stephane at sente.ch said:
>> - as gpg-agent runs as a daemon, we cannot watchdog it, and relaunch
>> it automatically, without an external watch dog process
> Simply run gpg-agent to see whether the agent is still alive.
Not very user friendly. User expects agent to start at login, then
stops at logout, without having to relaunch it n case of doubt. User
should have the possibility to start/stop it manually too, but
shouldn't have to ckeck that it is running. Using the system's
watchdog mechanism (launchd) would be much better. Anyway, that's not
a critical point.
>> - as we cannot make all user processes inherit from the environment
>> variables of gpg-agent (user processes don't read the ~/.login or
>> whatever), we need to stick with standard socket path, which works
>> only if the home directory is mounted as a local file system
> It would be straightforward to add a configure or runtime option to
> a different standard socket name. Let me know if you really need
> However all tools need to have a way to figure out the standard
> /etc/gnupg/foo might be usable to describe a system wide standard
That's the critical point.
Having a configure option could work only if standard socket name
would include a dynamic part (e.g. the uid), else it could mean that
2 users couldn't run the agent at the same time on the same machine,
if they both use the same socket name.
Having a new option would work, though we'd need also new gpg and
gpg2 executables that would support that new option too, as you wrote
it; the new agent would not work with old versions of gpg/gpg2.
Using /etc/gnupg/foo would not be a good idea, because that could
prevent two users running the agent at the same time; the two agents
can't use the same socket.
Note that if in the future you use the PID part in the GPG_AGENT_INFO
environment variable, we will have a problem again: we can't make all
user processes inherit from that dynamic GPG_AGENT_INFO environment
variable, without launchd-specific code.
>> - when user logs out, gpg-agent is not terminated automatically
> Depends on how you install it.
What do you mean? How am I supposed to install it? Agent is launched
on user's login; there is no logout hook to kill it, on OSX. Is it
what the 'no-detach' option could be used for?
Thanks for your comments,
> Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
More information about the Gnupg-devel