Hi Simon-- On Fri 2016-10-14 14:38:34 -0400, Simon McVittie wrote: > If you like other people's patterns, have you considered borrowing the > "adverb" pattern from dbus-run-session, but with s/dbus-daemon/gpg-agent/ > applied? Whether it addresses Ian's desired properties for dgit's > credentials handling or not (probably not), it's certainly a viable > model for running unit tests with a transient GPGHOME. I've found myself > wishing for this facility when dealing with Flatpak and OSTree; both of > those optionally sign the content you publish with them, and hence both > of those need some special gpg-agent handling if you're going to run > their unit tests without leaving stray processes. > > dbus-run-session consists of: start a dbus-daemon --session; set the > environment for its other child to point to that dbus-daemon; run its > remaining argv as a child process; when the other child exits, terminate > the dbus-daemon and exit with the other child's exit status.
gpg-agent used to support this pattern explicitly: gpg-agent run-my-test-suite would have worked fine and behaved as you describe. fwiw, OpenSSH's ssh-agent can do the same thing. We used the same pattern for the monkeysphere validation agent in msva-perl. However, since gpg-agent's move to the standard socket location, this pattern isn't working any more. Any process which shares a GNUPGHOME with another process will also share an agent with it. If you see a way to restore that behavior, i'd certainly be interested. It might help, perhaps, if there were a standard way for gpg to know to use a different gpg-agent explicitly. This has also been discussed tangentially in an upstream bug report, fwiw: https://bugs.gnupg.org/gnupg/issue2749 --dkg
Description: PGP signature