New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
README: NOTICE lacking references #63
Comments
Oh, yeah, no worries, lets see what I can write up. |
It seems like the following is a good replacement:
|
@blueyed it seems it doesn't work if the key is encrypted, even with the same passphrase as the logged user. The envoy's PAM module solves this problem, but I still don't see how to do this using only EDIT: Okay, I ended up with this ( /usr/local/lib/gpg-pam-preset: #!/usr/bin/env bash
# grab PAM-provided auth token
read token
# Execute as PAM_USER or logged user
su - ${PAM_USER:-$(id -un)} <<EOF
# Start agent if needed
if ! pgrep -U "\$USER" -x gpg-agent &> /dev/null; then
gpg-agent --enable-ssh-support --allow-preset-passphrase --disable-scdaemon --daemon
fi
# Get fingerprints managed by gpg
fingerprints=(\$(gpg-connect-agent "keyinfo --list" /bye | grep KEYINFO | cut -d' ' -f3))
# Preset each fingerprint
for fingerprint in "\${fingerprints[@]}"; do
/usr/lib/gnupg/gpg-preset-passphrase --preset "\$fingerprint" <<< "$token"
done
EOF
/etc/pam.d/login:
Maybe it's worth to put it on the README (or point to this issue) so others can use it too. |
@dan-santana I do not like auto-unlocking on login, but in case you want that this looks fine. |
Actually this is a personal request, no really an issue... but as it may be useful for others, I think it's worth opening it instead of sending a private e-mail.
You said that the recent changes in
gpg-agent
"deprecated"envoyd
, but I found nothing in the changelogs explicit enough for me to understand how envoy could be replaced solely bygpg-agent
.There is any reference or documentation that could give this direction? Until now envoy has worked really well for me, but I personally prefer less dependencies for my system... so I'm really curious on how to achieve this setup.
The text was updated successfully, but these errors were encountered: