Upgrading from gpg1 to gpg2: lots of trouble, need help

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Jan 11 14:26:04 CET 2018

On Sun 2018-01-07 23:23:16 +1100, gnupg at raf.org wrote:
> For the actual decryption, I'm using sudo. From the original
> post, the command to set things up contains something like:
>   /usr/bin/screen -- \
>   /usr/bin/sudo -u thing --set-home -- \
>   /usr/bin/gpg-agent --homedir /etc/thing/.gnupg \
>     --allow-preset-passphrase \
> 	--default-cache-ttl 3600 \
> 	--max-cache-ttl 3600 \
> 	--daemon $gpg_agent_info -- \
>   /bin/bash --login

this is deliberately launching a second agent, outside of the basic
supervision that should already be in place.

If you want to use the standard system agent, please do not launch a
separate agent.

This should be as simple as:

  screen -- sudo -u thing --login

or, if you're doing this as root already, then you don't need sudo at
all, and it could just be:

  screen -- su - testuser

If this is run from cron, it will spawn a new session, and that session
will have a systemd session manager capable of spawning gpg-agent as

unfortunately, it will not spawn a new session if run from an existing
session, see the discussion at
https://github.com/systemd/systemd/issues/7451 .

if you want to manually start a new session for a new user from within
an existing session on a machine managed by systemd, apparently
machinectl may be the way to go, but i haven't explored that in full.

hope this helps,


More information about the Gnupg-users mailing list