Moving the agent's socket to /var/run ?
Werner Koch
wk at gnupg.org
Tue Feb 23 16:24:45 CET 2016
Hi!
GnuPG 2.x makes extensive use of Unix domain sockets for interprocess
communication. For example gpg-agent is listenening for requests from
gpg or gpgsm on the socket ~/.gnupg/S.gpg-agent . We have received a
couple of reports from folks who have to install GnuPG in GnuPG home
directory with a long file name. This does not work well with sockets
which usually have a limit on the length of their name. The workaround
for this is to use the re-direction file kludge to tell the client that
the actual socket is at some other place. That require manual
configuration, though.
I am also not sure whether there are really default GnuPG home
directories which suffer from the problem. That is a $HOME which is
longer than about 75 bytes.
Another problem with having the socket in the home directory are
encrypted home partition. gpg-agent, scdaemon, and dirmngr have by
default an open socket in ~/.gnupg and thus unmounting the partition is
not possible without killing those processes.
What about changing the _default_ name for the sockets from, say,
~/.gnupg/S.gpg-agent to /var/run/user/<uid>/S.gpg-agent ? This is
similar to what system daemons use for their socket names and has the
further advantage that /var/run is always locally mounted and would thus
avoid the re-direction file hack used for NFS etc. This would only be
done if GNUPGHOME/--homedir is not set so that it is still possible to
run a second instance of gnupg.
What do you think?
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: </pipermail/attachments/20160223/ad217c59/attachment.sig>
More information about the Gnupg-devel
mailing list