David Zeuthen wrote: > Hey Stef, > > On Wed, 2007-12-19 at 04:06 +0000, Stef Walter wrote: >> In fact this whole bit of the seahorse-agent (starting whenever we want >> to) needs to go away. It's incompatible with newer versions of GPG, and >> is an major hack. One of my initial contributions to GNOME that makes me >> want to bury my head in shame :( > > I just stumbled across searhorse in another context [1]. I see that > seahorse-agent rewrites my .gnupg/gpg.conf file with the socket address. > Frankly, that's a) a huge hack; and b) pretty scary; and c) just won't > work with shared home dirs, multiple sessions or anything else. This is > with seahorse 2.21.3. Was this what you meant with 'hack' above.. if > so.. what is the roadmap for fixing it?
I'm working towards removing the seahorse-agent process and implementing its functionality properly in gnome-keyring. This allows integration with the users login and certificates/key store. Already done for 2.22: a proper SSH agent. Next up is the GPG agent. > The modern approach to this problem is to use the session bus (e.g. > D-Bus) as the protocol since it solves all of these problems (including > nuking all daemons on the bus when the session ends). However, then you > need to get gnupg2 upstream to adopt this. Probably long shot. But the > session bus protocol approach is definitely the road ahead if you > control the protocol (e.g. new projects should do this). Yes that's definitely the ideal. In seahorse (and gnome-keyring) we're stuck with gnupg and openssh's environment variable use for now. > I think what we're doing in Fedora for -agent style programs is to > autostart them via /etc/X11/xinit/xinitrc.d/ - e.g. on Fedora the > seahorse RPM should probably drop a file there and it will get > autostarted by itself (and we'd pass the -v option so gpg.conf isn't > rewritten). Yes, that's how distributions are recommended to start seahorse-agent: http://live.gnome.org/Seahorse/SessionIntegration The gpg.conf code was from when seahorse didn't come bundled and installed in distributions, and could be started via autostart. > I honestly don't know if this is a Fedora-ism. But if it isn't, perhaps > it would be good for seahorse to just do this in the upstream tarball > and remove the evil code for rewriting the .gnupg/gpg.conf file. > Thoughts? I'll run this by the guys on the seahorse list. Sounds like a good interim approach. Cheers, Stef _______________________________________________ desktop-devel-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/desktop-devel-list
