Change agent-socket path
Wolf
wolf at wolfsden.cz
Mon Jul 4 21:43:10 CEST 2016
On , Werner Koch wrote:
> On Fri, 1 Jul 2016 01:58, wolf at wolfsden.cz said:
>
> > the building/signing is done in fakeroot environment. Therefore the
> > socket path default to ~/.gnupg/S.gnu-agent. Because (at least it seems
> > to me) in fakeroot I am root (0) and therefore don't own /run/user/1000
>
> That is a very special case I would like to avoid an exception for this
> (ie. relaxing the ownwed-by-user check).
I did some thinking about this and I must admit that I don't see why the
check is needing at all. In what situation relaxing the check would case
security issues?
> > What would be a good way to solve this issue?
>
> You can set the envvar GNUPGHOME to a different directory and this will
> then be used for the socket and all other files - assuming that you did
> not create a dedicated directory below /var/user/1000/gnupg for example
> with "gpgconf --create-socketdir".
So basically the "correct" solution are these two lines:
cp -r ~/.gnupg /run/user/1000/gnupg
gpg --homedir /run/user/1000/gnupg
? Since there is no way to provide the socket manually? That seems..
weird.
W.
PS: Apparently GPA is not working with 2.1.13 either (
https://bugs.archlinux.org/task/49930 ), but dunno if it's the same root
cause.
--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: </pipermail/attachments/20160704/5aa56a50/attachment.sig>
More information about the Gnupg-users
mailing list