gpg-agent 2.1.x interop with gpg 1.4.x

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Oct 9 22:17:21 CEST 2014


On 10/09/2014 03:28 PM, Werner Koch wrote:
> On Thu,  9 Oct 2014 20:09, dkg at fifthhorseman.net said:
> 
>> not expecting to use $GPG_AGENT_INFO at all any more, so gpg-agent does
>> not bother exporting any environment variables.
> 
> It still prints some for --enable-ssh-support.
> 
>>  2) have gpg-agent 2.1 export
>> GPG_AGENT_INFO=/home/username/.gnupg/S.gpg-agent:0:1 even though gpg 2.1
>> doesn't care about that environment variable
> 
>> That said, if we aim to support mixed installations (apparently we do
>> for now), and people want to use gpg 1.4.x with the agent (they
>> certainly do), i think option (2) is the way to go.
> 
> So we need to take care of the user's login scripts but we can't change
> them.  Changing gpg-1 to autostart the agent and use a fixed socket is a
> bit too much work.  Seems you are right.  Unless you want to install a
> wrapper for gpg-agent to do just this. 

i don't think a wrapper for gpg-agent would be sufficient, would it?
gpg1 never invokes gpg-agent directly.

> So what shall we do about --write-env-file?

Hm, yeah, that's another one that doesn't seem to do anything right now.

Maybe we want a gpg1-compatibility mode?


Another alternative, if you don't want to change anything in gpg 2.1
itself, is that we can modify the Xsession startup script
(/etc/X11/Xsession.d/90gpg-agent) that debian ships that enbles the
agent conditionally on the presence of use-agent in ~/gnupg.conf, by
just having it set GPG_AGENT_INFO=$HOME/.gnupg/S.gpg-agent, write the
standard env-file (on debian, that's
~/.gnupg/gpg-agent-info-$(hostname), and then start up the agent
directly with:

 gpgconf --launch gpg-agent

Maybe that's the simplest approach -- it leaves the distros that want to
maintain co-installability with the responsibility of maintaining it,
while leaving gpg 2.1 with less cruft that will eventually need pruning.


	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20141009/765e9796/attachment.sig>


More information about the Gnupg-devel mailing list