Hi, > Well, x11-common is welcome to implement it that way if it chooses to > and if it actually works; note that the file > /etc/X11/Xsession.d/90x11-common_ssh-agent is not actually shipped by > the openssh packages themselves, but rather by x11-common ... > > See bug #573325, filed a while back for this. Note that there are > problems documented in that bug with making sure that ssh-agent has an > appropriate lifetime, so it's not just as simple as the approach you > suggest. Sure, that was just meant as an indication of the desired semantics. A proper solution has actually been suggested in the bug you linked: Add a (non-setgid) ssh-agent-launch wrapper, which fork()s to exec ssh-agent, applies the environment changes return by that one, then runs the program given as argument, and when that program quits, it kills ssh-agent. That way, no setgid process is in the parent-child path to the user session, and process lifetime is handled correctly.
> (The approach used in the current Ubuntu development release > where ssh-agent runs as an Upstart user job fixes this, but it may be > some time before we can persuade Debian to switch to this!) Yeah, upstart/systemd user sessions are the "real" solution, but well, we have to work with what's currently available ;-) > Fair enough; I've added something similar to the text in README.Debian > there for my next upload. Thanks. Kind regards Ralf -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
