Feature request: load gpg.conf from the same directory as GPG

[John Clizbe]

Andrew Berg wrote:
> Peter S. May wrote:
>> Andrew Berg wrote:
>>> In instances where GPG is used on a portable drive and used on
>>> different machines, it is much better to have gpg.conf read from the
>>> same directory as GPG rather than read from %appdata%\gnupg or
>>> ~/.gnupg. Just to have it check the same directory, then
>>> %appdata%\gnupg or ~/.gnupg would be a big help.

I can easily think of two ways of overriding the default HomeDir location,
$GNUPGHOME (%GNUPGHOME% on windows) and --homedir. FWIW, the "look for gpg.conf
in same directory as executable" idea, falls apart if you ever need to have
additional copies of GnuPG in the case of different OS or CPUs. Storing user
data together with programs is generally considered a "BAD Idea™".

Just for reference, here's a relevant chunk of docs\README.W32 (README-W32.txt)
which the installer includes with the binaries:
  Home directory:
  ===============
  GnuPG makes use of a per user home directory to store its keys as well
  as configuration files.  The default home directory is a directory
  named "gnupg" below the application data directory of the user.  This
  directory will be created if it does not exist.  Being only a default,
  it may be changed by setting the name of the home directory into the
  Registry under the key HKEY_CURRENT_USER\Software\GNU\GnuPG using the
  name "HomeDir".  If an environment variable "GNUPGHOME" exists, this
  even overrides the registry setting.  The command line option
  "--homedir" may be used to override all other settings of the home
  directory.

and the file NEWS (docs\NEWS.txt) in the section for 1.4.1 gives the search
algorithm:
    * [W32] The algorithm for the default home directory changed:
      First we look at the environment variable GNUPGHOME, if this one
      is not set, we check whether the registry entry
      {HKCU,HKLM}\Software\GNU\GnuPG:HomeDir has been set. If this
      fails we use a GnuPG directory below the standard application
      data directory (APPDATA) of the current user. Only in the case
      that this directory cannot be determined, the old default of
      c:\gnupg will be used.  The option --homedir still overrides all
      of them.

>> There's been plenty of discussion on this channel concerning whether or
>> not you even should use this stuff on computers that aren't your own.
> It's a shared home machine, and I'd rather not even use the
> user-specific directory on my own machine.

It would be just as valid to leave gpg.conf in its default location and redirect
GnuPG to the keyring files. There's really nothing 'security sensitive' in
gpg.conf. I do things that way so I can move my keys to machines running
different operating systems without worrying about file access semantics in
gpg.conf.

>> Assuming it's an okay idea, set either --options or --homedir, or set
>> $GNUPGHOME in your env.

> I'm not entirely sure how to do that.

For illustration, I'll use the location I use for my keyrings.

If only using GnuPG in a command window...

   SET GNUPGHOME=O:\GnuPG

If you only need to use GnuPG with Enigmail within Thunderbird, you can do this
using Enigmail's preferences. From Thunderbird's menu bar, OpenPGP -->
Preferences. If the 'Display expert settings' box is unchecked, check it now.
Now click on the Advanced tab. In the box labeled 'Additional parameters for
GnuPG', add '--homedir O:\GnuPG' (without the quotes and changing to whatever
path you are using).

To set it for all your applications, you can define an environment variable
using Control Panel.

Control Panel --> System --> Advanced --> 'Environment Variables' button. Under
'User variables' at the top of the panel, click the 'New' button.
   For Variable Name, enter GNUPGHOME
   For Variable Value, enter the location you are using, eg O:\GnuPG

Click OK three times to close the applet. BTW, right-clicking the desktop's My
Computer icon and selecting Properties is equivalent to Control Panel-->System.
(Start --> Run --> sysdm.cpl [OK] also will work.)

If you have not already done so, you should make sure that the PATH entry in the
same set of user variables contains the location of the gpg binary you are
using. In this example, I'd add O:\GnuPG; to the beginning of the string (don't
forget the semicolon).

Changes to user environment variables show up for any newly created process, so
you may need to restart Thunderbird - I don't recall if Enigmail's exec of gpg
creates a new process environment or inherits its environment from Thunderbird.

-- 
John P. Clizbe                      Inet:   John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A
"what's the key to success?"        / "two words: good decisions."
"what's the key to good decisions?" /  "one word: experience."
"how do i get experience?"          / "two words: bad decisions."

"Just how do the residents of Haiku, Hawai'i hold conversations?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 662 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070522/c446ec01/attachment-0001.pgp