Change agent-socket path

Wolf wolf at
Mon Jul 4 21:43:10 CEST 2016

On , Werner Koch wrote:
> On Fri,  1 Jul 2016 01:58, wolf at said:
> > the building/signing is done in fakeroot environment. Therefore the
> > socket path default to ~/.gnupg/S.gnu-agent. Because (at least it seems
> > to me) in fakeroot I am root (0) and therefore don't own /run/user/1000
> That is a very special case I would like to avoid an exception for this
> (ie. relaxing the ownwed-by-user check).

I did some thinking about this and I must admit that I don't see why the
check is needing at all. In what situation relaxing the check would case
security issues?

> > What would be a good way to solve this issue?
> You can set the envvar GNUPGHOME to a different directory and this will
> then be used for the socket and all other files - assuming that you did
> not create a dedicated directory below /var/user/1000/gnupg for example
> with "gpgconf --create-socketdir".

So basically the "correct" solution are these two lines:

	cp -r ~/.gnupg /run/user/1000/gnupg
	gpg --homedir /run/user/1000/gnupg

? Since there is no way to provide the socket manually? That seems..


PS: Apparently GPA is not working with 2.1.13 either ( ), but dunno if it's the same root

There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: </pipermail/attachments/20160704/5aa56a50/attachment.sig>

More information about the Gnupg-users mailing list