Using gpg-agent --supervised with systemd
Evan Klitzke
evan at eklitzke.org
Wed Mar 21 22:48:26 CET 2018
Hi all,
I am using gpg 2.2.5 and stumbled across the --supervised option while
reading the man page. I was able to get the ssh-agent functionality
working perfectly, but I'm having problems with the gpg-agent
functionality.
I created systemd user units for ssh-agent.socket, gpg-agent.socket, and
gpg-agent.service. I was able to get this all set up correctly so the
gpg-agent service knows where its sockets are:
$ sysu status gpg-agent.service
...
Mar 21 14:34:12 t460s systemd[1075]: Started GPG agent.
Mar 21 14:34:12 t460s gpg-agent[2835]: gpg-agent (GnuPG) 2.2.5 starting
in supervised mode.
Mar 21 14:34:12 t460s gpg-agent[2835]: using fd 3 for std socket
(/run/user/1000/gpg-agent.sock)
Mar 21 14:34:12 t460s gpg-agent[2835]: using fd 4 for ssh socket
(/run/user/1000/ssh-agent.sock)
Mar 21 14:34:12 t460s gpg-agent[2835]: listening on: std=3 extra=-1
browser=-1 ssh=4
That's exactly where I put the sockets, so all good on that front. I was
also able to figure out how to get pinentry working correctly. I set
SSH_AUTH_SOCK and indeed, ssh uses the right socket and talks to my
gpg-agent service.
However, gpg2 is still getting confused and not finding the agent. The
README file for gpg 2.2 has some hints on why this may be the case:
> Note that gpg-agent now uses a fixed socket. All tools will start
> the gpg-agent as needed. The formerly used environment variable
> GPG_AGENT_INFO is ignored by 2.2. The SSH_AUTH_SOCK environment
> variable should be set to a fixed value.
This is indeed what I see: when I try to use gpg2, it starts its own
gpg-agent, ignoring my systemd service. I tried different permutations
of options but can't figure out why this isn't working. Whenever I try
to decrypt a file, gpg2 thinks there isn't an agent process running, and
tries to start its own in ~/.gnupg.
What is the trick to making this work correctly?
--
Evan Klitzke San Francisco, CA, USA
evan at eklitzke.org https://eklitzke.org
pgp: AF91 7318 B8C4 2D11 2721 625D 157E FCAC BC64 8422
More information about the Gnupg-users
mailing list