Hi Simon--

On Fri 2016-10-14 14:38:34 -0400, Simon McVittie wrote:
> If you like other people's patterns, have you considered borrowing the
> "adverb" pattern from dbus-run-session, but with s/dbus-daemon/gpg-agent/
> applied? Whether it addresses Ian's desired properties for dgit's
> credentials handling or not (probably not), it's certainly a viable
> model for running unit tests with a transient GPGHOME. I've found myself
> wishing for this facility when dealing with Flatpak and OSTree; both of
> those optionally sign the content you publish with them, and hence both
> of those need some special gpg-agent handling if you're going to run
> their unit tests without leaving stray processes.
> dbus-run-session consists of: start a dbus-daemon --session; set the
> environment for its other child to point to that dbus-daemon; run its
> remaining argv as a child process; when the other child exits, terminate
> the dbus-daemon and exit with the other child's exit status.

gpg-agent used to support this pattern explicitly:

    gpg-agent run-my-test-suite

would have worked fine and behaved as you describe.  fwiw, OpenSSH's
ssh-agent can do the same thing.  We used the same pattern for the
monkeysphere validation agent in msva-perl.

However, since gpg-agent's move to the standard socket location, this
pattern isn't working any more.  Any process which shares a GNUPGHOME
with another process will also share an agent with it.

If you see a way to restore that behavior, i'd certainly be interested.
It might help, perhaps, if there were a standard way for gpg to know to
use a different gpg-agent explicitly.

This has also been discussed tangentially in an upstream bug report,
fwiw: https://bugs.gnupg.org/gnupg/issue2749


Attachment: signature.asc
Description: PGP signature

Reply via email to