LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 12-04-2015, 04:24 PM   #1
Didier Spaier
LQ Addict
 
Registered: Nov 2008
Location: Paris, France
Distribution: Slint64-14.2.1 on Lenovo Thinkpad W520
Posts: 8,617

Rep: Reputation: Disabled
How-to properly set gpg-agent in Slackware-14.1?


I am using Fluxbox on Slackware-14.1n, started through gdm, and would like to avoid typing my passphrase too often. I use gnupg2.

I tried to configure gpg-agent but didn't succeed so far. I didn't find anything on SlackDocs.

I have written:
  • in ~/.gnupg/gpg.conf: use-agent
  • in ~/.gnupg/gpg-agent.conf:
    Code:
    pinentry-program /usr/bin/pinentry
    no-grab
    default-cache-ttl 3600
  • in .xinitrc: eval "$(gpg-agent --daemon)"
  • in .bashrc:
    Code:
    GPG_TTY=$(tty)
    export GPG_TTY
  • in .xsession
    Code:
    if [ -f "${HOME}/.gpg-agent-info" ]; then
       . "${HOME}/.gpg-agent-info"
    fi
The daemon doesn't seem to start when I begin a session. What am I doing wrong?

Last edited by Didier Spaier; 12-04-2015 at 04:58 PM.
 
Old 12-04-2015, 04:34 PM   #2
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 7,303

Rep: Reputation: 5461Reputation: 5461Reputation: 5461Reputation: 5461Reputation: 5461Reputation: 5461Reputation: 5461Reputation: 5461Reputation: 5461Reputation: 5461Reputation: 5461
I just used what's basically told in "man gpg-agent".
I have this in my ~/.profile :
Code:
# GPG helper functions:
if test -f $HOME/.gpg-agent-info && kill -0 $(cut -d: -f 2 $HOME/.gpg-agent-info) 2>/dev/null; then
  GPG_AGENT_INFO=$(cat $HOME/.gpg-agent-info)
  export GPG_AGENT_INFO
else
  eval $(gpg-agent --daemon)
  echo $GPG_AGENT_INFO >$HOME/.gpg-agent-info
fi
GPG_TTY=$(tty)
export GPG_TTY
# END GPG helper functions:
 
2 members found this post helpful.
Old 12-04-2015, 04:57 PM   #3
Didier Spaier
LQ Addict
 
Registered: Nov 2008
Location: Paris, France
Distribution: Slint64-14.2.1 on Lenovo Thinkpad W520
Posts: 8,617

Original Poster
Rep: Reputation: Disabled
This works. Your solution have the advantage of keeping all the settings in the same file, valid on the console as under X.

So, thanks Eric!
 
Old 12-05-2015, 04:27 AM   #4
imitheos
Member
 
Registered: May 2005
Location: Greece
Posts: 432

Rep: Reputation: 114Reputation: 114
gnupg2 always uses the agent (so the use-agent directive is not needed) and starts it automatically. You only need to manually start it if you also use it for ssh authentication because ssh doesn't know about it.

The most known way to start it is what Eric mentioned but there is a "newer" one too (it was mentioned in the mailing list some time ago but it was put in the manpage of gpg-agent too).

Code:
 cat .gnupg/gpg-agent.conf 
use-standard-socket
enable-ssh-support
If you do not use ssh keys then you do not need the enable-ssh-support directive (and if you use 2.1 version of gnupg2 then you don't even need the use-standard-socket directive because it is always used).

.zshrc or .bashrc or equivalent interactive shell startup file
Code:
unset GPG_AGENT_INFO
unset SSH_AGENT_PID
if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
  export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"
fi
The above code unsets the "old-way" variables and then tells ssh to use the S.gpg-agent.ssh socket in order to talk to the agent's ssh emulation (again only needed if you use ssh keys)

Code:
GPG_TTY=$(tty)
export GPG_TTY
I think this is only needed for curses and tty pinentry so that the password prompt is printed in the right terminal and is not needed for gtk/qt pinentry but i always set it anyway.

Code:
if [ -x "$(which gpg-connect-agent)" ]; then
     gpg-connect-agent updatestartuptty /bye >& /dev/null
fi
The above code is again only needed for ssh support. As we said in the beginning, when you use gpg-agent for ssh, then you must start the agent manually because ssh doesn't know how to start it. The gpg-agent manpage tells us to run "gpg-connect-agent /bye" to start the agent. The code above does that and also tells the agent to update the tty that is uses to point to the current one (again i think it is not needed for gtk/qt pinentry but i have it anyway).

If you do not use ssh emulation then only put "use-standard-socket" and everything will work.

Edit: This way works only with gnugp2 and not with gnupg.

Last edited by imitheos; 12-05-2015 at 04:36 AM.
 
3 members found this post helpful.
Old 12-06-2015, 08:59 PM   #5
rworkman
Slackware Contributor
 
Registered: Oct 2004
Location: Tuscaloosa, Alabama (USA)
Distribution: Slackware
Posts: 2,329

Rep: Reputation: 847Reputation: 847Reputation: 847Reputation: 847Reputation: 847Reputation: 847Reputation: 847
Interesting... here's mine, in $HOME/.xprofile since I use a gui login manager:
Code:
if test -f $HOME/.cache/gpg-agent-info && ps $(cut -d: -f 2 $HOME/.cache/gpg-agent-info) 1>/dev/null 2>/dev/null ; then
  . $HOME/.cache/gpg-agent-info
  export GPG_AGENT_INFO SSH_AUTH_SOCK SSH_AGENT_PID
else
  rm -f $HOME/.cache/gpg-agent-info
  eval $(gpg-agent --sh --daemon)
fi
ssh-add 1>/dev/null 2>/dev/null
My $HOME/.gnupg/gpg-agent.conf has this
Code:
use-standard-socket
enable-ssh-support
default-cache-ttl 3600
write-env-file $HOME/.cache/gpg-agent-info
and then in $HOME/.bashrc, I have the GPG_TTY stuff set so that each vterm will bring up the curses pinentry if needed.

That --use-standard-socket option seems to just make it use $HOME/somewhere instead of /tmp - I like it.

On a related note, I seem to have some sort of race condition between ssh-agent (shipped with openssh) and gpg's agent -- sometimes gpg wins and sometimes ssh-agent wins. I can't figure out what's starting ssh-agent :/ EDIT: quite possibly that was a bug in my code before after making the edits for using standard socket - can't repro now, it seems.

Last edited by rworkman; 12-06-2015 at 09:40 PM. Reason: Made a few edits to add standard socket, fixes and such, and added some comments re ssh-agent... Looks like alien's now. :)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
gpg / gpg-agent -- Can't connect to /root/.gnupg/S.gpg-agent jrtayloriv Linux - Security 8 05-11-2017 10:34 AM
more xfce 4.10 startup/shutdown scripts or run properly {gpg|ssh}-agent rpetrov Slackware - Installation 1 12-03-2012 03:16 AM
many instances of gpg-agent edgjerp Linux - Software 0 11-16-2006 04:11 AM
gpg-agent on Slackware(-current?) - does it work? Yalla-One Slackware 2 05-15-2006 03:57 PM
gpg-agent cbonar Linux - Security 0 12-13-2004 07:56 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 08:56 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration