[PATCH] Remove the environment file when quitting.

Luca Capello luca at pca.it
Tue Sep 27 10:50:00 CEST 2011

Hi there!

Cc:ing the Debian bug, please keep it in the loop.

On Mon, 26 Sep 2011 14:32:28 +0200, Werner Koch wrote:
> instead of using the environment file it is suggested to make use of a
> feature introduced with 2.0.16:
>  * If the agent's --use-standard-socket option is active, all tools
>    try to start and daemonize the agent on the fly.  In the past this
>    was only supported on W32; on non-W32 systems the new configure
>    option --enable-standard-socket may now be used to use this feature
>    by default.
> Except for some kins of remotely mounted home directories this is a far
> better system than what we did in the past.

I see three problems with this approach.

1) remotely-mounted home directories could be a problem if their
   filesystems do not support fifos or sockets.  And Debian cares about
   NFS-mounted home directories:


   I am not speaking for the Debian maintainer, but if the easiest
   (only?) solution is to use the environment variables, then we should
   use that.

2) gpg-agent's manpage still thinks that using GPG_AGENT_INFO is the
   first choice and *then* falling back to the standard socket:


     By enabling this option @command{gpg-agent} will listen on the socket
     named @file{S.gpg-agent}, located in the home directory, and not create
     a random socket below a temporary directory.  Tools connecting to
     @command{gpg-agent} should first try to connect to the socket given in
     environment variable @var{GPG_AGENT_INFO} and then fall back to this
     socket.  This option may not be used if the home directory is mounted on
     a remote file system which does not support special files like fifos or

3) Debian gpg-agent_2.0.18 is compiled without --enable-standard-socket,
   but this is easily fixable ;-)

> What's left to do is
> if [ "$PS1" ]; then

I would say that we should also check if the agent is running:

  if [ "$PS1" ] && gpg-agent 2>/dev/null; then

>     unset GPG_AGENT_INFO
>     unset SSH_AGENT_PID
>     export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"
> fi
> in .bashrc.  The first unset is to get rid of any setting of that envvar
> and the ssh stuff is required because ssh does not know about the
> on-demand agent starting.

Unfortunately, I had already discovered the latter:


Going back to the subject: what is the reason for the environment file
not being deleted when quitting?  As I wrote in my first email, I have
very few experience in programming and thus I can be wrong, but I still
fail to see why ATM only the sockets are deleted.  If there is no socket
gpg-agent is not running, thus keeping the now-useless environment
variables somewhere does not seem right to me.

Thx, bye,
Gismo / Luca
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: </pipermail/attachments/20110927/d802a008/attachment.pgp>

More information about the Gnupg-devel mailing list