gpg-agent shell variable output

Justus Winter justus at g10code.com
Thu Oct 6 11:05:43 CEST 2016


Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:

> I'm aware of this, but to a person setting up GnuPG, it's bewildering to
> have --enable-ssh-socket but then --extra-socket FILENAME.  If we're
> deprecating things and tuning the interface, we should aim for as
> regular and predictable an interface as possible.

I have a pet bug for such things, feel free to add notes to it:

https://bugs.gnupg.org/gnupg/issue2700

>> Yes, an alias for the option would be possible but then we need to
>> restart the discussion on whether "restricted" is a good term :-(.  I
>> hoped we had found a compromise by keeping the option name but naming
>> the socket file "S.gpg-agent.rstrd"
>
> Upon reflection, I sort of think this is the worst of all possible
> worlds:
>
>   * "rstrd" is hard to read unless you already know that it's supposed
>     to be "restricted" -- could it be "restored" or "restrained" or
>     "rastered" or "roistered" or "reconstructed" or "restarted"…

That was me, thoug I'm not happy with it either.  For the record, I did
the unix thing, remove all vowels and then continue to remove letters
until it is short enough (whatever that means).

>   * "rstrd" is a another 5 full characters toward the already-tight
>     108-char sun_path limit.

About that, I believe there is a workaround: chdir(dirname(socket)),
then connect(basename(socket)).  Fiddling with the cwd is not the nicest
thing, but we only need to do this at initialization time and I believe
it can be done safely using fchdir to return to the original wd.

>   * neither "restricted" nor "rstrd" matches the actual command-line or
>     config file option "--extra-socket"
>
>   * "--extra-socket" still doesn't suggest to the user what they're
>     signing up for

Agreed :(


Justus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 454 bytes
Desc: not available
URL: </pipermail/attachments/20161006/7f1a80e6/attachment-0001.sig>


More information about the Gnupg-devel mailing list