Moving the agent's socket to /var/run ?
Werner Koch
wk at gnupg.org
Wed Jun 8 15:29:13 CEST 2016
Hi,
I just pushed some changes to use sockets below /run/user:
If a [/var]/run/user/$(id -u)/ directory exists, a gnupg subdir is
created as needed and the permissions of the directories are checked.
If that all matches that directory name is returned instead of the
homedir.
To cope with non standard homedirs (via GNUPGHOME or --homedir) the
SHA-1 hash of the homedir is computed, left truncated to 120 bits,
zBase-32 encoded, prefixed with "d.", and appended to
"[/var]/run/user/$(id -u)/gnupg/". If that directory exists and has
proper permissions it is returned as socket dir - if not the homedir
is used. Due to cleanup issues, this directory will not be
auto-created but needs to be created by the user in advance.
The required permissions are: directory owned by the user, group and
others bits not set.
As long as no /run/user/$UID directory exists, you should not run into
problems. If that directory exists GnUPG will try to use it - in this
case you should restart the daemons (gpgconf --kill gpg-agent; gpgconf
--kill dirmngr).
If you are not using the default homedirectly, you may use
gpgconf --create-sockdir
to create a dedicated directory below /run/user/$UID/gnupg. gpgconf
--remove-socketdir can be used for cleanup; gpgconf now also
understands --homedir.
If you are using gpg-agent for ssh, remember to change the envvar to the
new place:
SSH_AUTH_SOCK="/run/user/${UID}/gnupg/S.gpg-agent.ssh"
export SSH_AUTH_SOCK
This envvar is actually a bit annoying and thus I would appreciate if
Debian could change ssh to try the above socket if for example
SSH_AUTH_SOCK is set to "gpg-agent" or some other magic.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. /* EFH in
Erkrath: https://alt-hochdahl.de/haus */
More information about the Gnupg-devel
mailing list