Moving the agent's socket to /var/run ?

Daniel Kahn Gillmor dkg at
Fri Jun 17 22:49:50 CEST 2016

One more wrinkle that i'm finding related to this setup -- what to do
about overlong socket paths?

This is a problem inherent in using the --standard-socket when GNUPGHOME
is large on systems that have an upper-bound on socket names.  But /run
might offer a fix.  I'm wondering whether it would make sense to use
/run automatically on systems where /run/$UID/ is available and the
standard-socket is prohibited by length (not just by filesystem type).

On many systems, the name of unix-domain sockets has a formal limit,
which is 108 bytes on linux:

/* unix-domain-socket-length.c */
#include <stdio.h>
#include <sys/socket.h>
#include <sys/un.h>

int main()
  struct sockaddr_un unix_addr;
  return printf ("maximum length of unix-domain socket: %zu bytes\n",

0 dkg at alice:~/src/test$ gcc -o unix-domain-socket-length unix-domain-socket-length.c --pedantic -Wall
0 dkg at alice:~/src/test$ ./unix-domain-socket-length 
maximum length of unix-domain socket: 108 bytes
48 dkg at alice:~/src/test$

This means that it's not possible to open the standard socket in
directories that are too long.

fwiw, this isn't idle speculation.  I work on monkeysphere in
/home/dkg/src/monkeysphere/monkeysphere, which is 39 characters in
length.  the standard test suite operates in a tmpdir templated from the
cwd as tmp/monkeyspheretest.XXXXXX (another 32 characters), and in the
test suite tmpdir, there is a GNUPGHOME dir named authentication/sphere
(another 21 characters).  that's 92 characters already, and the 13 more
of S.gnupg-agent itself alongside the trailing NUL and a few /
characters pushes it over the limit.

I'm avoiding this in monkeysphere right now by shortening the length of
the tmpdir path and making sure i don't personally build it any deeper
in the fs hierarchy than i have to.

But it seems like it would be nice to get this to happen automatically,

If it's possible to detect that a given path is too long for the
underlying operating system to create a socket, why not automatically
cut over to the shorter path in /run ?  gpg-agent could auto-create the
directory upon launch if it finds it can't auto-create the typical
standard socket.  it could auto-remove the directory when it terminates
cleanly as well.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: </pipermail/attachments/20160617/07e806ee/attachment.sig>

More information about the Gnupg-devel mailing list