-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GNUPGHOME is ignored #7
Comments
K, settinging |
Setting $GNUPGHOME in the service file now properly propogates to the running agent. Tested. Closes issues #7.
I ran into this. I'm running envoy as root ( |
drop it into /etc/systemd/system/envoy@gpg-agent.service.d/home.conf [Service] Then it will use everything from the regular service file in /usr/lib/systemd, but add this environment variable. |
Hm, I guess I can do that, but I was thinking in something more portable or totally independent from root. It's a good workaround though, I'll give it a try. |
You can't really seperate it for a systemd unit, because you have to have it be in the environment where the unit runs. If you use systemd-user sessions, you could use the user version of the envoy unit https://wiki.archlinux.org/index.php/Systemd/User I modify mine in ~/.config/systemd/user/envoy@gpg-agent.service.d/home.conf ┌─ daniel at hailey in ~ But if you want it enabled for all users, that would be system wide, so you have to set it up using the system administrator... root. You actually might be able to set /etc/systemd/user/envoy@gpg-agent.service.d/home.conf, but that would still require it to be set by the root user, but would apply to each users systemd user session |
@pablox-cl there is no reason it couldn't be passed from envoy to envoyd. I'll give this a go when I got some free time over the holidays. |
@pablox-cl Actually, now that I've looked into this more closely, its a lot more complicated and there is no other way to do this robustly. The problem when using envoy you really shouldn't assume that any particualar invocation of the command will actually be the one that forks off the gpg-agent process. The pam module or some other script run earlier may have already started the agent. What do we do then? And what do we do in the case where gpg-agent was initially started with one GNUPGHOME but now we're asking for a different one? The only robust way is to define it envoyd's environment and let it propegate to gpg-agent.
As its implemented, GNUPGHOME will only propegate if we run everything as a user (hence the user session support, please file a bug if it doesn't work for you). If we run envoyd root it will ignore that variable (and log a message saying its doing so). And I do a security check so one user can't ask for another user's agent. |
No, it's okay. I undestand. I just think using |
@pablox-cl I've just ported envoy to use the new sd-bus API, user sessions should be supported now, if you still care:
|
Okay, still some issues, follow #47 for this. |
For some reason GNUPGHOME is ignored when using envoy. If I just use source <(gpg-agent --daemon --enable-ssh-support) it works fine.
The text was updated successfully, but these errors were encountered: