how to improve tools that test for $GPG_AGENT_INFO

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Mar 18 18:16:13 CET 2015


Hi GnuPG folks--

as i'm thinking about moving debian toward GnuPG 2.1, i find there are
several packages in debian that decide whether to use the agent or not
based on the presence (or absence) of the $GPG_AGENT_INFO environment
variable.

In 2.1, that environment variable isn't set, and programs that use this
test (e.g. mutt, aiui) are likely to think that they shouldn't use the
agent.

there are a lot of packages that look at this variable:

  http://codesearch.debian.net/perpackage-results/GPG_AGENT_INFO

I'd like to suggest fixes for those tools to be compatible with gpg2.1
without breaking compatibility for them with 2.0 or 1.4.  At a baseline,
if they see GPG_AGENT_INFO in the environment, i think they should try
to use the agent (and not deal with passphrase caching themselves).
What else should they test?

Some ideas of what they should do if they don't see GPG_AGENT_INFO in
the environment:

 * run "gpg-agent -q" -- if the return code is 0, then you should use
   the agent.

 * run "gpg --version" look at the output.  If you see 2.1.x or later,
   then you should use the agent.

Is there some cheaper, simpler test that i could recommend to gpg
dependencies that wouldn't involve spawning a subprocess?

Any preferences or suggestions?

             --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: </pipermail/attachments/20150318/c66d861f/attachment.sig>


More information about the Gnupg-devel mailing list