From 80dbf8f40db82eb1e85befbab3d414e99d22abc1 Mon Sep 17 00:00:00 2001
From: Thijs Putman <thijs@sgraastra.net>
Date: Wed, 29 Nov 2023 12:49:44 +0100
Subject: [PATCH] Prevent GPG-agent autostart on RPi-s

---
 .bashrc.d/41-gpg-rpi         |  8 ++++++++
 install/parts.d/23-gnupg-rpi | 13 +++++++++++++
 2 files changed, 21 insertions(+)
 create mode 100644 .bashrc.d/41-gpg-rpi
 create mode 100644 install/parts.d/23-gnupg-rpi

diff --git a/.bashrc.d/41-gpg-rpi b/.bashrc.d/41-gpg-rpi
new file mode 100644
index 0000000..9fb042f
--- /dev/null
+++ b/.bashrc.d/41-gpg-rpi
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+# Don't autostart the GPG agent on RPi-devices – the agent is forwarded from the
+# local machine
+
+gpg() {
+  command gpg --no-autostart "$@"
+}
diff --git a/install/parts.d/23-gnupg-rpi b/install/parts.d/23-gnupg-rpi
new file mode 100644
index 0000000..3246696
--- /dev/null
+++ b/install/parts.d/23-gnupg-rpi
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+# Mask all GPG agent related units – the RPi-devices use a socket forwarded from
+# the local machine. Unintentionally starting gpg-agent messes with this setup;
+# there's a script in "📂 .bashrc.d" which aims to prevent regular gpg
+# invocations from starting an agent too.
+
+systemctl --user mask \
+  gpg-agent.service \
+  gpg-agent.socket \
+  gpg-agent-ssh.socket \
+  gpg-agent-extra.socket \
+  gpg-agent-browser.socket