Moving the agent's socket to /var/run ?

Werner Koch wk at
Tue Feb 23 16:24:45 CET 2016


GnuPG 2.x makes extensive use of Unix domain sockets for interprocess
communication.  For example gpg-agent is listenening for requests from
gpg or gpgsm on the socket ~/.gnupg/S.gpg-agent .  We have received a
couple of reports from folks who have to install GnuPG in GnuPG home
directory with a long file name.  This does not work well with sockets
which usually have a limit on the length of their name.  The workaround
for this is to use the re-direction file kludge to tell the client that
the actual socket is at some other place.  That require manual
configuration, though.

I am also not sure whether there are really default GnuPG home
directories which suffer from the problem.  That is a $HOME which is
longer than about 75 bytes.

Another problem with having the socket in the home directory are
encrypted home partition.  gpg-agent, scdaemon, and dirmngr have by
default an open socket in ~/.gnupg and thus unmounting the partition is
not possible without killing those processes.

What about changing the _default_ name for the sockets from, say,
~/.gnupg/S.gpg-agent to /var/run/user/<uid>/S.gpg-agent ?  This is
similar to what system daemons use for their socket names and has the
further advantage that /var/run is always locally mounted and would thus
avoid the re-direction file hack used for NFS etc.  This would only be
done if GNUPGHOME/--homedir is not set so that it is still possible to
run a second instance of gnupg.

What do you think?



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: </pipermail/attachments/20160223/ad217c59/attachment.sig>

More information about the Gnupg-devel mailing list