subject:"Bug#850982\: Exact command to globally disable gpg\-agent user service\?"

Bug#850982: [pkg-gnupg-maint] Bug#850982: Exact command to globally disable gpg-agent user service?

2017-02-28 Thread Michael[tm] Smith

Daniel Kahn Gillmor , 2017-02-28 16:12 -0800:
> ...
> Sure, i'd be happy to accept reasonable logcheck filters to the
> gpg-agent and dirmngr binary packages.  Please submit a separate bug
> report with the suggested filters, and i'll review them and roll them
> into the next release.

Thanks—raised at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856438

-- 
Michael[tm] Smith https://sideshowbarker.net/


signature.asc
Description: PGP signature

Bug#850982: [pkg-gnupg-maint] Bug#850982: Exact command to globally disable gpg-agent user service?

2017-02-28 Thread Daniel Kahn Gillmor

On Tue 2017-02-28 13:04:15 -0800, Michael[tm] Smith wrote:
> OK one small very concrete thing I think would help would be if the package
> added logcheck filters for messages the change has caused to now start
> getting logged to syslog in the following form:
>
> Feb 17 01:24:15 sideshowbarker systemd[1246]: Listening on GnuPG 
> cryptographic agent and passphrase cache.
> Feb 17 01:24:15 sideshowbarker systemd[1246]: Listening on GnuPG network 
> certificate management daemon.
> Feb 17 01:24:15 sideshowbarker systemd[1246]: Listening on GnuPG 
> cryptographic agent and passphrase cache (restricted).
> Feb 17 01:24:15 sideshowbarker systemd[1246]: Listening on GnuPG 
> cryptographic agent (access for web browsers).
> Feb 17 01:24:15 sideshowbarker systemd[1246]: Listening on GnuPG 
> cryptographic agent (ssh-agent emulation).
> Feb 17 01:24:16 sideshowbarker systemd[1246]: Closed GnuPG network 
> certificate management daemon.
> Feb 17 01:24:16 sideshowbarker systemd[1246]: Closed GnuPG cryptographic 
> agent and passphrase cache.
> Feb 17 01:24:16 sideshowbarker systemd[1246]: Closed GnuPG cryptographic 
> agent and passphrase cache (restricted).
> Feb 17 01:24:16 sideshowbarker systemd[1246]: Closed GnuPG cryptographic 
> agent (ssh-agent emulation).
> Feb 17 01:24:16 sideshowbarker systemd[1246]: Closed GnuPG cryptographic 
> agent (access for web browsers).
>
> Would it be possible for the package maintainers to add logcheck filters
> for those? Should I file a separate bug to request that?

Sure, i'd be happy to accept reasonable logcheck filters to the
gpg-agent and dirmngr binary packages.  Please submit a separate bug
report with the suggested filters, and i'll review them and roll them
into the next release.

All the best,

--dkg

Bug#850982: [pkg-gnupg-maint] Bug#850982: Exact command to globally disable gpg-agent user service?

2017-02-28 Thread Michael[tm] Smith

Daniel Kahn Gillmor , 2017-02-21 10:18 -0500:
> On Mon 2017-02-20 23:11:56 -0500, Michael[tm] Smith wrote:
...
> if there's nothing concretely wrong with current defaults, please stick
> with them, rather than changing them gratuitously (or encouraging others
> to do so).  It'll improve the lives of the people who try to support you
> and the software you use, i promise :)

OK, understood

> (that said, if there *is* something wrong with the current defaults,
> please do report it -- the pkg-gnupg-maint team, like all debian
> developers, want to fix problems and very much appreciate those
> reports!)

OK one small very concrete thing I think would help would be if the package
added logcheck filters for messages the change has caused to now start
getting logged to syslog in the following form:

Feb 17 01:24:15 sideshowbarker systemd[1246]: Listening on GnuPG cryptographic 
agent and passphrase cache.
Feb 17 01:24:15 sideshowbarker systemd[1246]: Listening on GnuPG network 
certificate management daemon.
Feb 17 01:24:15 sideshowbarker systemd[1246]: Listening on GnuPG cryptographic 
agent and passphrase cache (restricted).
Feb 17 01:24:15 sideshowbarker systemd[1246]: Listening on GnuPG cryptographic 
agent (access for web browsers).
Feb 17 01:24:15 sideshowbarker systemd[1246]: Listening on GnuPG cryptographic 
agent (ssh-agent emulation).
Feb 17 01:24:16 sideshowbarker systemd[1246]: Closed GnuPG network certificate 
management daemon.
Feb 17 01:24:16 sideshowbarker systemd[1246]: Closed GnuPG cryptographic agent 
and passphrase cache.
Feb 17 01:24:16 sideshowbarker systemd[1246]: Closed GnuPG cryptographic agent 
and passphrase cache (restricted).
Feb 17 01:24:16 sideshowbarker systemd[1246]: Closed GnuPG cryptographic agent 
(ssh-agent emulation).
Feb 17 01:24:16 sideshowbarker systemd[1246]: Closed GnuPG cryptographic agent 
(access for web browsers).

Would it be possible for the package maintainers to add logcheck filters
for those? Should I file a separate bug to request that?

  —Mike

-- 
Michael[tm] Smith https://sideshowbarker.net/

signature.asc
Description: PGP signature

Bug#850982: [pkg-gnupg-maint] Bug#850982: Exact command to globally disable gpg-agent user service?

2017-02-21 Thread Daniel Kahn Gillmor

On Mon 2017-02-20 23:11:56 -0500, Michael[tm] Smith wrote:
> Yes, but how is that any different from the state my system was in
> before the change was made in 2.1.17 to have systemd automatically
> launch gpg-agent?
>
> I mean, the way it worked previously caused no observable problems for
> me.

The way it worked previously meant that you likely had instances of
gpg-agent that were left running long after you logged out.  It's
possible that some of those instances still had cached passwords or
active keys even.

when gpg-agent is supervised by systemd, and the user logs out, the
agent gets shut down properly at the right time.

> As far I understand it, the way it works without systemd getting
> involved is that calling gpg2 launches gpg-agent the first time it’s
> needed, and then it just stays running and everything works fine for
> me from a user point of view.  

It depends on whether you care about either:

 a) session cleanup, or

 b) needlessly diverging from the default configuration

> I observe nothing broken or undesirable in that behavior.

Sure, but i was asking about whether you observed anything broken or
undesirable in the *current* default behavior.

if there's nothing concretely wrong with current defaults, please stick
with them, rather than changing them gratuitously (or encouraging others
to do so).  It'll improve the lives of the people who try to support you
and the software you use, i promise :)

(that said, if there *is* something wrong with the current defaults,
please do report it -- the pkg-gnupg-maint team, like all debian
developers, want to fix problems and very much appreciate those
reports!)

regards,

--dkg

Bug#850982: [pkg-gnupg-maint] Bug#850982: Exact command to globally disable gpg-agent user service?

2017-02-20 Thread Michael[tm] Smith

Daniel Kahn Gillmor , 2017-02-20 15:27 -0500:
> On Sun 2017-02-19 21:20:52 -0500, Michael[tm] Smith wrote:
> > "Michael[tm] Smith" , 2017-02-20 11:11 +0900:
> >
> > Can you confirm what the exact command is for globally disabling the 
> > gpg-agent
> > user service? Is it the following?
> >...
> > systemctl --global mask --now gpg-agent.service gpg-agent.socket 
> > gpg-agent-ssh.socket gpg-agent-extra.socket gpg-agent-browser.socket
> 
> Yes, look at the per-user command in
> /usr/share/doc/gnupg-agent/README.Debian and replace --user with
> --global.

OK, thanks

> If you're using systemd, i don't think doing this is a good idea, and if
> you find problems with managing gpg-agent on a system that you've
> configured like this, i'll probably be grumpy about supporting it.
> 
> If you think it's a good idea for some reason, i'd really like to
> understand what that reason is so we can fix it.
> 
> You understand that no daemon is launched at all if no process ever
> tries to use the agent, right?

Yes, but how is that any different from the state my system was in before the
change was made in 2.1.17 to have systemd automatically launch gpg-agent?

I mean, the way it worked previously caused no observable problems for me.

As far I understand it, the way it works without systemd getting involved is
that calling gpg2 launches gpg-agent the first time it’s needed, and then it
just stays running and everything works fine for me from a user point of view.
I observe nothing broken or undesirable in that behavior.

  —Mike

-- 
Michael[tm] Smith https://sideshowbarker.net/

signature.asc
Description: PGP signature

Bug#850982: [pkg-gnupg-maint] Bug#850982: Exact command to globally disable gpg-agent user service?

2017-02-20 Thread Daniel Kahn Gillmor

On Sun 2017-02-19 21:20:52 -0500, Michael[tm] Smith wrote:
> "Michael[tm] Smith" , 2017-02-20 11:11 +0900:
>> 
>> Can you confirm what the exact command is for globally disabling the 
>> gpg-agent
>> user service? Is it the following?
>> 
>> systemctl --global --user mask --now gpg-agent.service gpg-agent.socket 
>> gpg-agent-ssh.socket gpg-agent-extra.socket gpg-agent-browser.socket
>
> Actually I guess that’s wrong and it should instead be the following, right?
>
> systemctl --global mask --now gpg-agent.service gpg-agent.socket 
> gpg-agent-ssh.socket gpg-agent-extra.socket gpg-agent-browser.socket

Yes, look at the per-user command in
/usr/share/doc/gnupg-agent/README.Debian and replace --user with
--global.

If you're using systemd, i don't think doing this is a good idea, and if
you find problems with managing gpg-agent on a system that you've
configured like this, i'll probably be grumpy about supporting it.

If you think it's a good idea for some reason, i'd really like to
understand what that reason is so we can fix it.

You understand that no daemon is launched at all if no process ever
tries to use the agent, right?

  --dkg

signature.asc
Description: PGP signature

Bug#850982: Exact command to globally disable gpg-agent user service?

2017-02-19 Thread Michael[tm] Smith

"Michael[tm] Smith" , 2017-02-20 11:11 +0900:
> 
> Can you confirm what the exact command is for globally disabling the gpg-agent
> user service? Is it the following?
> 
> systemctl --global --user mask --now gpg-agent.service gpg-agent.socket 
> gpg-agent-ssh.socket gpg-agent-extra.socket gpg-agent-browser.socket

Actually I guess that’s wrong and it should instead be the following, right?

systemctl --global mask --now gpg-agent.service gpg-agent.socket 
gpg-agent-ssh.socket gpg-agent-extra.socket gpg-agent-browser.socket

-- 
Michael[tm] Smith https://sideshowbarker.net/


signature.asc
Description: PGP signature

Bug#850982: Exact command to globally disable gpg-agent user service?

2017-02-19 Thread Michael[tm] Smith

Can you confirm what the exact command is for globally disabling the gpg-agent
user service? Is it the following?

systemctl --global --user mask --now gpg-agent.service gpg-agent.socket 
gpg-agent-ssh.socket gpg-agent-extra.socket gpg-agent-browser.socket

-- 
Michael[tm] Smith https://sideshowbarker.net/


signature.asc
Description: PGP signature

Bug#850982: [pkg-gnupg-maint] Bug#850982: Exact command to globally disable gpg-agent user service?

Bug#850982: [pkg-gnupg-maint] Bug#850982: Exact command to globally disable gpg-agent user service?

Bug#850982: [pkg-gnupg-maint] Bug#850982: Exact command to globally disable gpg-agent user service?

Bug#850982: [pkg-gnupg-maint] Bug#850982: Exact command to globally disable gpg-agent user service?

Bug#850982: [pkg-gnupg-maint] Bug#850982: Exact command to globally disable gpg-agent user service?

Bug#850982: [pkg-gnupg-maint] Bug#850982: Exact command to globally disable gpg-agent user service?

Bug#850982: Exact command to globally disable gpg-agent user service?

Bug#850982: Exact command to globally disable gpg-agent user service?

8 matches

Site Navigation

Mail list logo

Footer information