[PATCH] gpg-agent: Enable socket activation

Werner Koch wk at gnupg.org
Thu Nov 20 12:31:35 CET 2014


On Thu, 20 Nov 2014 01:19, shea at shealevy.com said:

> * With socket activation, external programs talking to the agent
> simply need to try to connect to the socket. With on-demand activation

That would a very different program than we have now.  The Hurd calls
this a translator and it is a nice technique.  However, neither systemd
nor translators are established and portable methods and thus should be
avoided by portable software.  But please save us a systemd discussion.

Actually, we do this for years on Windows and it works very reliable.

> socket (this can theoretically be bypassed with file locks, perhaps
> this is already done in which case this is a non-issue).

Sure that is done.  In addition gpg-agent checks that its socket has not
been reused by another aganet and termintes itself in this case.

> * User-level daemon managers like systemd --user and launchd know when
> the user has logged out, and thus can kill the running agent and

Valid point.  Hwoever I don't see a problem to not terminate the
gpg-agent on logout.  After all most mechines today are single user and
the agent is supposed to run on your own desktop and not on a remote
machine.  What one should put into the ~/.xession at exit is 

  gpgconf --reload gpg-agent

(or code to send a HUP) to flush the caches.  This should also be done
before the system hibernates.

> daemon on log out, and even if you add a custom service that runs
> gpg-connect-agent KILLAGENT on logout there is a race possible where
> another process tries to connect after the kill goes through. I've

Well that would be hard to avoid unless one accespts a stale lock file.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-devel mailing list