gpg-agent 2.1.x interop with gpg 1.4.x
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Oct 9 22:17:21 CEST 2014
On 10/09/2014 03:28 PM, Werner Koch wrote:
> On Thu, 9 Oct 2014 20:09, dkg at fifthhorseman.net said:
>
>> not expecting to use $GPG_AGENT_INFO at all any more, so gpg-agent does
>> not bother exporting any environment variables.
>
> It still prints some for --enable-ssh-support.
>
>> 2) have gpg-agent 2.1 export
>> GPG_AGENT_INFO=/home/username/.gnupg/S.gpg-agent:0:1 even though gpg 2.1
>> doesn't care about that environment variable
>
>> That said, if we aim to support mixed installations (apparently we do
>> for now), and people want to use gpg 1.4.x with the agent (they
>> certainly do), i think option (2) is the way to go.
>
> So we need to take care of the user's login scripts but we can't change
> them. Changing gpg-1 to autostart the agent and use a fixed socket is a
> bit too much work. Seems you are right. Unless you want to install a
> wrapper for gpg-agent to do just this.
i don't think a wrapper for gpg-agent would be sufficient, would it?
gpg1 never invokes gpg-agent directly.
> So what shall we do about --write-env-file?
Hm, yeah, that's another one that doesn't seem to do anything right now.
Maybe we want a gpg1-compatibility mode?
Another alternative, if you don't want to change anything in gpg 2.1
itself, is that we can modify the Xsession startup script
(/etc/X11/Xsession.d/90gpg-agent) that debian ships that enbles the
agent conditionally on the presence of use-agent in ~/gnupg.conf, by
just having it set GPG_AGENT_INFO=$HOME/.gnupg/S.gpg-agent, write the
standard env-file (on debian, that's
~/.gnupg/gpg-agent-info-$(hostname), and then start up the agent
directly with:
gpgconf --launch gpg-agent
Maybe that's the simplest approach -- it leaves the distros that want to
maintain co-installability with the responsibility of maintaining it,
while leaving gpg 2.1 with less cruft that will eventually need pruning.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20141009/765e9796/attachment.sig>
More information about the Gnupg-devel
mailing list