Forward gpg-agent to container
Aleksandar Lazic
al-gnupg_users at none.at
Tue Jun 5 22:53:19 CEST 2018
Hi.
On 05/06/2018 18:02, Benjamin Kircher wrote:
>
>
>> On 5. Jun 2018, at 10:54, Benjamin Kircher <benjamin.kircher at gmail.com> wrote:
>>
>>
>>
>>> On 5. Jun 2018, at 08:56, Andrew Gallagher <andrewg at andrewg.com> wrote:
>>>
>>>>
>>>> On 4 Jun 2018, at 19:44, Benjamin Kircher <benjamin.kircher at gmail.com> wrote:
>>>>
>>>> Now inside the container I can see my socket
>>>>
>>>> # ls -l /gpg-agent
>>>> srwx------ 1 root root 0 Jun 4 17:45 /gpg-agent
>>>>
>>>> From here on, I am kind of stuck. I fail to somehow make gpg-agent
>>>> inside the container “use” the extra-socket. Here is what I am
>>>> doing:
>>>
>>> This sounds overly complicated. Once you have the extra socket
>>> visible inside the container, it should be sufficient to set the
>>> environment variable GPG_AGENT_SOCK. You don’t need to start an
>>> extra agent inside the container.
>>
>> Andrew, thanks for looking into this.
>>
>> Is this documented somewhere? I can’t find this environment variable
>> in the man-pages and a quick code search over gnupg, libassuan,
>> gpgme, and friends shows no such environment variable.
>
>Sorry, but GPG_AGENT_SOCK doesn’t work at all.
>
> $ docker run --volume $(gpgconf --list-dirs agent-extra-socket):/gpg-agent --env GPG_AGENT_SOCK=/gpg-agent --entrypoint=sh -ti fedora:latest
>
> # env
> HOSTNAME=26e366f60fc8
> PWD=/
> HOME=/root
> FBR=f28
> DISTTAG=f28container
> FGC=f28
> GPG_AGENT_SOCK=/gpg-agent
> TERM=xterm
> SHLVL=1
> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
> _=/usr/bin/env
>
># gpg2 --keyserver pgp.uni-mainz.de --recv 325F3B76
># gpg2 --list-secret-keys
Please can you try to run this from none /root dir.
For example use the /tmp/gpg-dir and put all files there, just for
testing.
In the past I had some troubles to mount files in /root from
`docker run ...`
Do you have selinux in place?
>BK
BR
Aleks
More information about the Gnupg-users
mailing list