Proposal with patch: Make socket directory host dependent

Rainer Perske rainer.perske at
Thu Nov 16 13:36:14 CET 2017


Usually you absolutely do not want to place any private data (keyrings, 
sockets) on a network drive. But there are exceptions when it comes to 
clustering for fail safety and the complete system (including network 
components) is under your full control.

I have this situation: The user home directory of my webmailer is 
located on a network file system so it can be accessed from all nodes 
in the cluster.

common/homedir.c places the socket for the agent communication into the 
same directory. But multiple nodes cannot share the same socket file; 
this causes curious problems.

So the socket files must be node-specific, either by placing them into 
a non-shared directory or by using node-specific files, so that each 
node can run its own gpg-agent for a user.

For this reason, I have patched common/homedir.c to use a 
nodename-specific subdirectory of the user directory for the sockets, 
see below. I am using this patch since long time in our production 

I'd like to propose to incorporate this patch into GnuPG. It will 
change the default location of the socket files into a subdirectory of 
the previous location but I cannot see any way how it could hurt, 
except that you may need to restart running agents when installing this 

Signed-off-by: Rainer Perske <perske at>

diff -ur gnupg-2.2.2/common/homedir.c gnupg-2.2.2rp/common/homedir.c
--- gnupg-2.2.2/common/homedir.c        2000-01-01 00:00:00.000000000 +0000
+++ gnupg-2.2.2rp/common/homedir.c      2000-01-01 00:00:00.000000000 +0000
@@ -57,7 +57,9 @@
 #include <sys/stat.h> /* for stat() */

+#ifndef HAVE_W32_SYSTEM
+#include <sys/utsname.h>

 #include "util.h"
 #include "sysutils.h"
@@ -547,6 +549,9 @@
   char prefix[13 + 1 + 20 + 6 + 1];
   const char *s;
   char *name = NULL;
+#ifndef HAVE_W32_SYSTEM
+  struct utsname utsbuf;

   *r_info = 0;

@@ -694,6 +699,21 @@
     name = xstrdup (prefix);

+#ifndef HAVE_W32_SYSTEM
+  /* try hostname specific subdirectory of gnupg_homedir */
+  if (!name && !uname (&utsbuf) && utsbuf.nodename && !strchr (utsbuf.nodename, '/'))
+    {
+      name = xmalloc (strlen (gnupg_homedir ()) + 7 + strlen(utsbuf.nodename) +1);
+      strcpy (name, gnupg_homedir ());
+      strcat (name, "/S.dir.");
+      strcat (name, utsbuf.nodename);
+      if (-1 == gnupg_mkdir (name, "-rwx") && errno != EEXIST)
+        {
+          xfree (name);
+          name = NULL;
+        }
+    }
   /* If nothing works fall back to the homedir.  */
   if (!name)

Thank you very much for thinking about it.

Best regards
Rainer Perske
System operations dept. and director of the certification authority (WWUCA)
Center for Information Processing (university computer center)

Westfälische Wilhelms-Universität
Zentrum für Informationsverarbeitung
Rainer Perske
Röntgenstraße 7-13
48149 Münster

phone: +49 251 83-31582
fax: +49 251 83-31555
e-mail: rainer.perske at
office: room 006, Röntgenstraße 11
site map:

Certification Authority of the University of Münster (WWUCA):
phone: +49 251 83-31590
fax: +49 251 83-31555
e-mail: ca at

Center for Information Processing:
phone: +49 251 83-31600 (Mon-Fri 7:30-17:30)
fax: +49 251 83-31555
e-mail: ziv at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6807 bytes
Desc: S/MIME cryptographic signature
URL: <>

More information about the Gnupg-devel mailing list