Moving the agent's socket to /var/run ?

Werner Koch wk at gnupg.org
Thu Jun 9 08:50:42 CEST 2016 

On Wed,  8 Jun 2016 19:33, dkg at fifthhorseman.net said:

> I think i understand the variation with non-standard homedirs, but i
> wonder what happens if GNUPGHOME (or --homedir) is set, but it happens
> to be exactly the same as the default homedir.  At that point, what

I hope I have made sure that specifify GNUPGHOME or --homedir as the
default home directory (~/.gnupg) is simply ignored:

  gpg --homedir ~/.gnupg 

will thus connect the agent at /run/user/$UID/gnupg/S.gpg-agent . Bind
mounts are a different story, though.  As a side-effect of these changes

  GNUPGHOME=. gpg .....

now works as expected and there is no more need for GNUPGHOME=$(pwd)

> Also, is there an easy/automated way to query gpg for the hashed
> directory?  it'd be nice for external tools to be able to do something
> like:
>
>   gpgconf --homedir $foo --print-socket-dir

  gpgconf --list-dirs | grep ^agent-socket: | cut -d: -f2

it gives the socket name, though.  I can add a socket directory line
though. To see the socket directory which would be used if it exists and
all permissions are fine, you can use

  $ gpgconf --dry-run --create-socketdir
  gpgconf: socketdir is '/run/user/1000/gnupg'

  $ gpgconf --homedir /foo/tmp --dry-run --create-socketdir
  gpgconf: socketdir is '/run/user/1000/gnupg/d.xhmoxiusfxtwuy8s69hkyxtc'
  gpgconf:        non-default homedir
  gpgconf:        no such subdir

I would add it to the --list-dirs output but I simply have not come up
with a good name for that.  Something like candidate-socketdir: maybe?

> Is the ssh-agent socket also placed inside the socket dir, or always in
> the non-custom location?

Yes.  Only gpg-agent's --extra-socket and --browser-socket options have
no defaults and use whatever you specify

>> This envvar is actually a bit annoying and thus I would appreciate if
>> Debian could change ssh to try the above socket if for example
>> SSH_AUTH_SOCK is set to "gpg-agent" or some other magic.
>
> That's an interesting proposal, though i'm not sure that debian is the
> right place to do it.  Why not propose such a change to upstream

I fear that they will hesitate to add support for a GPL tool ;-).  I can
try, though.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
    /* EFH in Erkrath: https://alt-hochdahl.de/haus */

More information about the Gnupg-devel mailing list