gpg-agent 2.1.x interop with gpg 1.4.x

Daniel Kahn Gillmor dkg at
Thu Oct 9 20:09:27 CEST 2014

The 1.4 stable branch of gpg supports --use-agent, which makes it want
to talk to gpg-agent.

It does this by inspecting the local environment for $GPG_AGENT_INFO, or
by using the --gpg-agent-info argument.

In gpg 2.1, we're using the "standard socket" (~/.gnupg/S.gpg-agent) and
not expecting to use $GPG_AGENT_INFO at all any more, so gpg-agent does
not bother exporting any environment variables.

for example, with gpg-agent 2.1, the --sh and --csh arguments produce no
output, and "gpg-agent --daemon bash" yields a shell process that does
not have $GPG_AGENT_INFO set.

This means that attempts to use gpg --use-agent version 1.4.x from this
shell will fail, because gpg 1.4.x doesn't know to try to find the agent
on the standard socket.

I see a few possible ways of fixing this:

 0) add the following line to gpg.conf for use by the 1.4.x branch:
    gpg-agent-info /home/username/.gnupg/S.gpg-agent:0:1

 1) have users export GPG_AGENT_INFO=/home/username/.gnupg/S.gpg-agent
themselves when they launch gpg-agent

 2) have gpg-agent 2.1 export
GPG_AGENT_INFO=/home/username/.gnupg/S.gpg-agent:0:1 even though gpg 2.1
doesn't care about that environment variable


(0) is problematic for several reasons:

 * when gpg2.1 reads the shared configfile,  complains that
gpg-agent-info is obsolete

 * the value will be different for each user, since it embeds the home

 * users are unlikely to know to do this

(1) is problematic because (again) it seems unlikely that users will
know to do this.

(2) is ugly, because it would be simpler to just get rid of
$GPG_AGENT_INFO altogether.

That said, if we aim to support mixed installations (apparently we do
for now), and people want to use gpg 1.4.x with the agent (they
certainly do), i think option (2) is the way to go.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20141009/0feb0c51/attachment.sig>

More information about the Gnupg-devel mailing list