README: NOTICE lacking references #63
Comments
|
Oh, yeah, no worries, lets see what I can write up. |
|
It seems like the following is a good replacement:
|
|
@blueyed it seems it doesn't work if the key is encrypted, even with the same passphrase as the logged user. The envoy's PAM module solves this problem, but I still don't see how to do this using only EDIT: Okay, I ended up with this ( /usr/local/lib/gpg-pam-preset: #!/usr/bin/env bash
# grab PAM-provided auth token
read token
# Execute as PAM_USER or logged user
su - ${PAM_USER:-$(id -un)} <<EOF
# Start agent if needed
if ! pgrep -U "\$USER" -x gpg-agent &> /dev/null; then
gpg-agent --enable-ssh-support --allow-preset-passphrase --disable-scdaemon --daemon
fi
# Get fingerprints managed by gpg
fingerprints=(\$(gpg-connect-agent "keyinfo --list" /bye | grep KEYINFO | cut -d' ' -f3))
# Preset each fingerprint
for fingerprint in "\${fingerprints[@]}"; do
/usr/lib/gnupg/gpg-preset-passphrase --preset "\$fingerprint" <<< "$token"
done
EOF
/etc/pam.d/login: Maybe it's worth to put it on the README (or point to this issue) so others can use it too. |
|
@dan-santana I do not like auto-unlocking on login, but in case you want that this looks fine. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Actually this is a personal request, no really an issue... but as it may be useful for others, I think it's worth opening it instead of sending a private e-mail.
You said that the recent changes in
gpg-agent"deprecated"envoyd, but I found nothing in the changelogs explicit enough for me to understand how envoy could be replaced solely bygpg-agent.There is any reference or documentation that could give this direction? Until now envoy has worked really well for me, but I personally prefer less dependencies for my system... so I'm really curious on how to achieve this setup.
The text was updated successfully, but these errors were encountered: