Several GnuPG instances, with their corresponding agents
Konstantin Boyandin (lists)
lists at boyandin.info
Tue Mar 12 05:57:36 CET 2019
On 2019-03-11 19:56, Phil Pennock wrote:
> On 2019-03-10 at 01:25 -0500, Konstantin Boyandin via Gnupg-users
> wrote:
>> I would like to use, whenever I like, manually builds (such as current
>> 2.2.13).
>>
>> Question: how do I keep several GnuPG versions installed, every
>> version
>> with its own gpg-agent?
>
> After running ./configure [--args], take a look at the generated
> `config.h` file. Some of these can't be easily overridden at configure
> time, but you can patch between configure and build.
>
> As to whether you break at the "directory" or "socket location" level
> ... remember that GnuPG regards the contents of the directory as its
> fiefdom and is free to move things around, often with auto-upgrade
> logic
> which might get in the way if you want to try to downgrade.
>
> Specifically, the defines which matter here are:
> GNUPG_DEFAULT_HOMEDIR
> anything ending _SOCK_NAME
>
> I recommend, if doing this, that you just change GNUPG_DEFAULT_HOMEDIR
> and do not try to share one config directory between multiple
> concurrently-installed versions of GnuPG.
>
> Myself, I install to /opt/gnupg/ and leave the homedir to the default.
> If a user account needs to use the newer GnuPG instead of the system
> one, it's the responsibility of that account to manage the directory.
> If one account is trying to use both system and current GnuPG, that's a
> logic error elsewhere which should be cleaned up.
Thanks for the pieces of advice. I conclude that the only safe way to
share same keys is to re-import all the keys manually into every
corresponding GnuPG version's key ring.
To me, there's nothing wrong in using different versions of GnuPG under
the same account: system-wide applications using the OS-provided
version, and in separated environment I can run newer version, if I need
its specific features. As soon as they have everything separated, agents
sockets included, I see no possible problems.
Sincerely,
Konstantin
More information about the Gnupg-users
mailing list