gpg-agent shell variable output

Werner Koch wk at gnupg.org
Wed Oct 19 12:41:02 CEST 2016 

On Wed,  5 Oct 2016 20:23, dkg at fifthhorseman.net said:

>>   $ gpg-connect-agent '/datafile -' 'getinfo socket_name' /echo /bye
>>   /run/user/1000/gnupg/S.gpg-agent
>>
>> (In a script I would suggest to replace "/bye" by "</dev/null".)
>
> in this example, you appear to be asking users to change their scripts
> and stop expecting the old behavior and keep working, by explicitly
> removing functionality that people had been relying on without any

I do not see what I change here.  The above suggestion is to cope for
systemd being able to tell gpg-agent an arbitrary socket.  I do not
think that this woul be a good idea at all but at least we have a way to
_partly_ cope with that.

In case you meant my suggestion to replace the /bye with a redirection
to stdin - that is a general precaution programs should do if they are
not prepared to send input on stdin.  It does not change anything.

> I'm aware of this, but to a person setting up GnuPG, it's bewildering to
> have --enable-ssh-socket but then --extra-socket FILENAME.  If we're
> deprecating things and tuning the interface, we should aim for as
> regular and predictable an interface as possible.

The whole discussions is based on Justus' idea to listen on
--extra-socket by default.  This changed the original idea and is the
cause for that whole bike shedding on socket names.

>   * "--extra-socket" still doesn't suggest to the user what they're
>     signing up for

They need to read the manual to see for what --extra-socket or its
semi-alias --browser-socket is useful.

Even with the now changed defaults the socket names are short enough;
the longest on Debian would be:

  /run/user/1000/gnupg/d.8jec5q33fzegs887crd7wgh8/S.gpg-agent.browser

or character more for higher UIDs.  On other platforms we need to prefix
the above with "/var" and the entire thing will still work as a socket
name.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 162 bytes
Desc: not available
URL: </pipermail/attachments/20161019/91f87e6e/attachment.sig>

More information about the Gnupg-devel mailing list