Bug#444103: patch: enable ssh support if ssh-agent is disabled
usertags 444103 + pca.it-authentication thanks Hi there! On Sun, 18 Sep 2011 22:38:25 +0200, Luca Capello wrote: On Wed, 26 Sep 2007 07:54:20 +0200, Tim Riker wrote: If /etc/X11/Xsession has use-ssh-agent disabled, and $GNUPGHOME/gpg.conf has use-agent, we might as well enable ssh-agent support in gpg-agent. Fully agree, but only if $GNUPGHOME/gpg-agent.conf has enable-ssh-support, see below for a full explanation. On Fri, 02 Oct 2009 11:09:45 +0200, Kees Meijs wrote: When someone does not want to run ssh-agent, I guess it's still not safe to assume the person _does_ want --enable-ssh-support for gpg-agent in all cases. This is why there is a way in gpg-agent to decide if it should act as an SSH agent as well, i.e. enable-ssh-support. The problem is that there is no way to decide if one wants ssh-agent or not and there is a bug in /etc/X11/Xsession.d/90gpg-agent that prevents ssh-agent to be correctly started: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642012#17 So, basically, to fix this bug: if enable-ssh-support is enabled in $GNUPGHOME/gpg-agent.conf gpg-agent will act as ssh-agent as well, no matter the value of use-ssh-agent in /etc/X11/Xsession.options. Thus here an IMHO better patch for /etc/X11/Xsession.d/90gpg-agent: Git patch attached. Test packages fixing #444103, #642012 and #642021 are available at: http://people.debian.org/~gismo/tmp/gnupg2_2.0.18-3~gismo444103.642012.642021.1.dsc Thx, bye, Gismo / Luca From bc8555e936256261f7be123dd012e6ec5a93ee62 Mon Sep 17 00:00:00 2001 From: Luca Capello l...@pca.it Date: Tue, 21 Feb 2012 12:53:22 +0100 Subject: [PATCH 1/3] debian/gnupg-agent.xsession: (#444103) enable the SSH support --- debian/changelog|9 + debian/gnupg-agent.xsession |8 +++- 2 files changed, 16 insertions(+), 1 deletions(-) diff --git a/debian/changelog b/debian/changelog index 8594851..37379b0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +gnupg2 (2.0.18-3) UNRELEASED; urgency=low + + [ Luca Capello ] + * debian/gnupg-agent.xsession: ++ enable the SSH support according to $GNUPGHOME/gpg-agent.conf + (Closes: #444103). + + -- + gnupg2 (2.0.18-2) unstable; urgency=low * debian/control, debian/gpgsm.install, debian/scdaemon.install: Add a diff --git a/debian/gnupg-agent.xsession b/debian/gnupg-agent.xsession index eb8c584..d129884 100644 --- a/debian/gnupg-agent.xsession +++ b/debian/gnupg-agent.xsession @@ -14,6 +14,12 @@ if grep -qs '^[[:space:]]*use-agent' $GNUPGHOME/gpg.conf $GNUPGHOME/options # Invoking gpg-agent with no arguments exits successfully if the agent # is already running as pointed by $GPG_AGENT_INFO if ! $GPGAGENT 2/dev/null; then - STARTUP=$GPGAGENT --daemon --sh --write-env-file=$PID_FILE $STARTUP + ## http://bugs.debian.org/444103 + # check if the SSH support should be enabled + if grep -qs '^[[:space:]]*enable-ssh-support' $GNUPGHOME/gpg-agent.conf; then + ENABLESSH='--enable-ssh-support' + fi + + STARTUP=$GPGAGENT --daemon $ENABLESSH --sh --write-env-file=$PID_FILE $STARTUP fi fi -- 1.7.8.3 pgpaymgadiKDC.pgp Description: PGP signature
Bug#444103: patch: enable ssh support if ssh-agent is disabled
affects 444103 + openssh-client thanks Hi there! On Wed, 26 Sep 2007 07:54:20 +0200, Tim Riker wrote: If /etc/X11/Xsession has use-ssh-agent disabled, and $GNUPGHOME/gpg.conf has use-agent, we might as well enable ssh-agent support in gpg-agent. Fully agree, but only if $GNUPGHOME/gpg-agent.conf has enable-ssh-support, see below for a full explanation. On Fri, 02 Oct 2009 11:09:45 +0200, Kees Meijs wrote: + # user wants gpg-agent, but not ssh-agent, assume ssh support in gpg-agent + if ! grep -qs ^use-ssh-agent $OPTIONFILE; then + ENABLESSH='--enable-ssh-support' + fi + Should check for a new option (e.g. use-gpg-agent-ssh) as well. Please note that OPTIONFILE refers to /etc/X11/Xsession.options and that these options are system-wide. See #412993 for a global Xsession use-gpg-agent option, to which I disagree, both are IMHO user options: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642012#17 When someone does not want to run ssh-agent, I guess it's still not safe to assume the person _does_ want --enable-ssh-support for gpg-agent in all cases. This is why there is a way in gpg-agent to decide if it should act as an SSH agent as well, i.e. enable-ssh-support. The problem is that there is no way to decide if one wants ssh-agent or not and there is a bug in /etc/X11/Xsession.d/90gpg-agent that prevents ssh-agent to be correctly started: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642012#17 So, basically, to fix this bug: if enable-ssh-support is enabled in $GNUPGHOME/gpg-agent.conf gpg-agent will act as ssh-agent as well, no matter the value of use-ssh-agent in /etc/X11/Xsession.options. Thus here an IMHO better patch for /etc/X11/Xsession.d/90gpg-agent: --8---cut here---start-8--- --- 90gpg-agent.ORG +++ 90gpg-agent @@ -11,9 +11,14 @@ . $PID_FILE fi + # check if the SSH support should be enabled + if grep -qs '^[[:space:]]*enable-ssh-support' $GNUPGHOME/gpg-agent.conf; then + ENABLESSH='--enable-ssh-support' + fi + # Invoking gpg-agent with no arguments exits successfully if the agent # is already running as pointed by $GPG_AGENT_INFO if ! $GPGAGENT 2/dev/null; then - STARTUP=$GPGAGENT --daemon --sh --write-env-file=$PID_FILE $STARTUP + STARTUP=$GPGAGENT --daemon $ENABLESSH --sh --write-env-file=$PID_FILE $STARTUP fi fi --8---cut here---end---8--- Thx, bye, Gismo / Luca pgpEKcRey09p3.pgp Description: PGP signature
Bug#444103: patch: enable ssh support if ssh-agent is disabled
Package: gnupg-agent Version: 2.0.6-1 Severity: wishlist Tags: patch If /etc/X11/Xsession has use-ssh-agent disabled, and $GNUPGHOME/gpg.conf has use-agent, we might as well enable ssh-agent support in gpg-agent. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.22-2-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages gnupg-agent depends on: ii libc6 2.6.1-5GNU C Library: Shared libraries ii libgcrypt111.2.4-2LGPL Crypto library - runtime libr ii libgpg-error0 1.4-2 library for common error values an ii libpth20 2.0.7-8The GNU Portable Threads Versions of packages gnupg-agent recommends: ii gnupg 1.4.6-2GNU privacy guard - a free PGP rep ii gnupg2 2.0.6-1GNU privacy guard - a free PGP rep ii gpgsm 2.0.6-1GNU privacy guard - S/MIME version ii pinentry-qt [pinentry] 0.7.3-1Qt-based PIN or pass-phrase entry -- no debconf information -- Tim Riker - http://Rikers.org/ - [EMAIL PROTECTED] Embedded Linux Technologist - http://eLinux.org/ BZFlag maintainer - http://BZFlag.org/ - for fun! --- /etc/X11/Xsession.d/90gpg-agent.orig 2007-09-25 23:30:55.0 -0600 +++ /etc/X11/Xsession.d/90gpg-agent 2007-09-25 23:36:38.0 -0600 @@ -4,6 +4,12 @@ PID_FILE=$GNUPGHOME/gpg-agent-info-$(hostname) if grep -qs '^[[:space:]]*use-agent' $GNUPGHOME/gpg.conf $GNUPGHOME/options + + # user wants gpg-agent, but not ssh-agent, assume ssh support in gpg-agent + if ! grep -qs ^use-ssh-agent $OPTIONFILE; then + ENABLESSH='--enable-ssh-support' + fi + test -x $GPGAGENT { test -z $GPG_AGENT_INFO || ! $GPGAGENT 2/dev/null; }; then @@ -14,6 +20,6 @@ # Invoking gpg-agent with no arguments exits successfully if the agent # is already running as pointed by $GPG_AGENT_INFO if ! $GPGAGENT 2/dev/null; then - STARTUP=$GPGAGENT --daemon --sh --write-env-file='$PID_FILE' $STARTUP + STARTUP=$GPGAGENT --daemon $ENABLESSH --sh --write-env-file='$PID_FILE' $STARTUP fi fi