launching GnuPG daemons from the system session manager

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Jul 13 18:48:11 CEST 2016 

On Wed 2016-07-13 16:51:07 +0200, Werner Koch wrote:
> On Wed, 13 Jul 2016 14:10, dkg at fifthhorseman.net said:
>
>>  * systemd can start up a daemon at login time; if you use gpg-agent for
>>    ssh before you ever use gpg, gpg-agent will not be automatically
>>    launched for you by any GnuPG tool if you are only manually invoking
>
> You don't need to have systemd for this.  A simple "gpgconf --lauch
> gpg-agent" in your login script does the same.

agreed.

>>  * systemd can also safely shut down the daemons when the user finally
>>    logs out.  GnuPG has no explicit support for cleanup/destruction of
>>    running daemons, since it doesn't know when the user is logging out.
>
> You can do the same in .xesssion or another logout script.  It is a bit
> more complicated but Unix has all the tools to do that.  And you have
> full control on how to do that.

Also agreed, including that it's a bit more complicated, especially when
there are multiple concurrent sessions for the same user.

The reason i care here is i'm hoping to provide a simple and automatic
default experience for users who don't even know that they have login or
logout scripts, let alone how to edit them or what to put in them.

Users on such a system are still in full control -- they don't have to
enable (and can explicitly disable or mask) the systemd services, and
they can handle their login and logout scripts exactly as before as
well.

If these session scripts were already in place and were automatically
run by users without them having to do anything they didn't understand,
i'd happily integrate them into debian.  However, the scripts we've had
available thus far didn't do both setup and teardown cleanly; systemd
does.

I welcome patches for integrating these daemons automatically on
machines that don't run systemd.  We've had ongoing problems with either
setup or teardown in the fragile scripts we've shipped for years in
/etc/X11/Xsession.d/ -- so if someone wants to propose another solution
i'd be glad to see it.

Regards,

       --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: </pipermail/attachments/20160713/c4a7f6a3/attachment.sig>

More information about the Gnupg-devel mailing list