Upgrading from gpg1 to gpg2: lots of trouble, need help
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Jan 11 14:26:04 CET 2018
On Sun 2018-01-07 23:23:16 +1100, gnupg at raf.org wrote:
> For the actual decryption, I'm using sudo. From the original
> post, the command to set things up contains something like:
>
> /usr/bin/screen -- \
> /usr/bin/sudo -u thing --set-home -- \
> /usr/bin/gpg-agent --homedir /etc/thing/.gnupg \
> --allow-preset-passphrase \
> --default-cache-ttl 3600 \
> --max-cache-ttl 3600 \
> --daemon $gpg_agent_info -- \
> /bin/bash --login
this is deliberately launching a second agent, outside of the basic
supervision that should already be in place.
If you want to use the standard system agent, please do not launch a
separate agent.
This should be as simple as:
screen -- sudo -u thing --login
or, if you're doing this as root already, then you don't need sudo at
all, and it could just be:
screen -- su - testuser
If this is run from cron, it will spawn a new session, and that session
will have a systemd session manager capable of spawning gpg-agent as
needed.
unfortunately, it will not spawn a new session if run from an existing
session, see the discussion at
https://github.com/systemd/systemd/issues/7451 .
if you want to manually start a new session for a new user from within
an existing session on a machine managed by systemd, apparently
machinectl may be the way to go, but i haven't explored that in full.
hope this helps,
--dkg
More information about the Gnupg-users
mailing list