PR #6469 appears to have broken gpg-agent plugin checks

[whi-tw]

#6469 appears to have broken the check on my machine:

OS: macOS 10.13.4
GPG Version: MacGPG2 2.2.3

My gpg agent seems to create S.gpg-agent.ssh without being configured to do so. The ssh-agent plugin then does not create the SSH_AUTH_SOCK environment variable, breaking the agent.

Rolling back to 2c87f85 has resolved the issue locally for me.

It could be worth testing more thoroughly the behaviour when on MacOS with GPG Suite - it could be that the default behaviour is non-standard.

Starting the agent:

gpg-agent --daemon --use-standard-socket
gpg-agent[54927]: WARNING: "--use-standard-socket" is an obsolete option - it has no effect
gpg-agent[54928]: gpg-agent (GnuPG/MacGPG2) 2.2.3 started

~/.gnupg  find . -type s
./S.gpg-agent.extra
./S.gpg-agent.ssh
./S.dirmngr
./S.gpg-agent
./S.gpg-agent.browser

~/.gnupg  cat gpg-agent.conf
default-cache-ttl 600
max-cache-ttl 7200

[chrisfleming]

Thanks for the info; I changed from checking the config to see if enable-ssh-support was set to just checking for the socket but on reading it looks like:

The OpenSSH Agent protocol is always enabled, but gpg-agent will only set the SSH_AUTH_SOCK variable if this flag is given.

On my mac (and other machines) I've moved over to using gpg-agent for ssh, so didn't notice this.

I think going back to the previous behaviour of checking for enable-ssh-support so that folks explicitly need to enable this would fix this.

[whi-tw]

You could use a zstyle config flag to turn it on - if the ssh agent is always enabled, some may not have it explicitly turned on - it may be better to configure the plugin's behaviour from within zsh rather than possibly irrelevant config variables in external files.

However I would suggest a rollback immediately for now - to avoid it confusing / annoying more people.

[chrisfleming]

@tnwhitwell I've just created a pull request with a fix, #6775 - any chance you could try this out. I decided that a check to see if the ssh-agent plugin was enabled would work well to decided if to set the socket or not. (Although I also have a zstyle config version ready to roll if not)

I've tested against gpg 2.2.3 but on a linux box as I don't have my mac nearby at the moment.

[whi-tw]

For sure. I’ll check when I get home!

[whi-tw]

Have checked - seems to be working well.

However: this assumes that people will be using the ssh-agent plugin if they're using the ssh agent, which isn't guaranteed - they may be using the OS' native behaviour / some other solution (eg. https://krypt.co/)

Just using this kind of naïve check of the oh-my-zsh config could again cause weird behaviour / break things further down the line.

Maybe a check to see if $SSH_AUTH_SOCK is already set / valid would be sensible?