Using gpg-agent --supervised with systemd
evan at eklitzke.org
Wed Mar 21 22:48:26 CET 2018
I am using gpg 2.2.5 and stumbled across the --supervised option while
reading the man page. I was able to get the ssh-agent functionality
working perfectly, but I'm having problems with the gpg-agent
I created systemd user units for ssh-agent.socket, gpg-agent.socket, and
gpg-agent.service. I was able to get this all set up correctly so the
gpg-agent service knows where its sockets are:
$ sysu status gpg-agent.service
Mar 21 14:34:12 t460s systemd: Started GPG agent.
Mar 21 14:34:12 t460s gpg-agent: gpg-agent (GnuPG) 2.2.5 starting
in supervised mode.
Mar 21 14:34:12 t460s gpg-agent: using fd 3 for std socket
Mar 21 14:34:12 t460s gpg-agent: using fd 4 for ssh socket
Mar 21 14:34:12 t460s gpg-agent: listening on: std=3 extra=-1
That's exactly where I put the sockets, so all good on that front. I was
also able to figure out how to get pinentry working correctly. I set
SSH_AUTH_SOCK and indeed, ssh uses the right socket and talks to my
However, gpg2 is still getting confused and not finding the agent. The
README file for gpg 2.2 has some hints on why this may be the case:
> Note that gpg-agent now uses a fixed socket. All tools will start
> the gpg-agent as needed. The formerly used environment variable
> GPG_AGENT_INFO is ignored by 2.2. The SSH_AUTH_SOCK environment
> variable should be set to a fixed value.
This is indeed what I see: when I try to use gpg2, it starts its own
gpg-agent, ignoring my systemd service. I tried different permutations
of options but can't figure out why this isn't working. Whenever I try
to decrypt a file, gpg2 thinks there isn't an agent process running, and
tries to start its own in ~/.gnupg.
What is the trick to making this work correctly?
Evan Klitzke San Francisco, CA, USA
evan at eklitzke.org https://eklitzke.org
pgp: AF91 7318 B8C4 2D11 2721 625D 157E FCAC BC64 8422
More information about the Gnupg-users