On Sun, Sep 18, 2011 at 21:51:21 +0200, Luca Capello wrote: > Hi there! > > On Sun, 18 Sep 2011 17:05:37 +0200, Julien Cristau wrote: > > On Sun, Sep 18, 2011 at 16:53:13 +0200, Luca Capello wrote: > > > >> --8<---------------cut here---------------start------------->8--- > [patch] > >> --8<---------------cut here---------------end--------------->8--- > >> > > NAK, as far as I'm concerned this script has no business looking around > > in gpg.conf. > > This leaves the bug opened: I would be glad to explore other solutions, > but AFAIK without checking gpg.conf and gpg-agent.conf there is no way > to know *beforehand* 1) if gpg-agent will run and 2) if the latter will > provide SSH support. > > Please note that until now ssh-agent is *never* started if gpg-agent has > been started at least once with SSH support, for the following reasons > (and this is another bug, no matter what): > > 1) 90gpg-agent is sourced before 90x11-common_ssh-agent > 2) gpg-agent does not remove its "PID" file when exiting, see #642021
Sounds like that should be fixed. > 3) 90gpg-agent sources the "PID" file above, which means that > SSH_AUTH_SOCK is defined *before* any gpg-agent is started at all Shouldn't the "if ! $GPGAGENT 2>/dev/null; then" line in 90gpg-agent be followed by unsetting the variables (and maybe removing the file) it just read since it found out they don't work? > 4) 90x11-common_ssh-agent starts ssh-agent only if SSH_AUTH_SOCK is > empty, which is not the case as per point 3 > > Here is the patch to test the behavior above: > > --8<---------------cut here---------------start------------->8--- > --- 90x11-common_ssh-agent.ORG > +++ 90x11-common_ssh-agent > @@ -14,6 +14,11 @@ > # use ssh-agent2's ssh-agent1 compatibility mode > SSHAGENTARGS=-1 > fi > + else > + cat <<EOF >>"$HOME"/.xsession-errors > +/etc/X11/Xsession.d/90x11-common_ssh-agent: SSH_AUTH_SOCK='$SSH_AUTH_SOCK' > +/etc/X11/Xsession.d/90x11-common_ssh-agent: not starting ssh-agent > +EOF > fi > fi > > --8<---------------cut here---------------end--------------->8--- > > IMHO the real bug is to try to start ssh-agent in a system-wide fashion > via /etc/X11/Xsession.options, while this is (clearly) a user option. > This is also why I fear the new Xsession "use-gpg-agent" option at > <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=412993#20>. The fact > that ssh_config does not have any way to define that we want the agent > is probably the original cause of this bug. > Can we switch the order so that 1) doesn't apply? And turn ssh-agent into a no-op when it's started by gpg-agent with ssh support (assuming it's not already)? > Finally, may I ask why this file is not provided by openssh-client? I > could not find any reference in the x11-common changelog.Debian nor > x11-common Recommends:/Suggests:/Enhances: openssh-client. > The changelog suggests this was already in xfree86-common with the initial xfree86 4.0 upload 11 years ago. I could go look for earlier changelogs, but I guess "hysterical raisins" pretty much covers it? Cheers, Julien -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
