Bug#855868: [pkg-gnupg-maint] Bug#855868: GPG_AGENT_INFO and SSH_AUTH_SOCK not set in wayland sessions
On 08/09/17 04:44, Daniel Kahn Gillmor wrote: > > OK, the proposed fix is now part of the gnupg2 2.2.0-3 package, which > was just uploaded to unstable. > Looks good. Thanks! > i was expecting to see it work if i log into a user account via ssh, on > a machine with libpam-systemd installed, and with that user's > ~/.gnupg/gpg-agent.conf having enable-ssh-support. > > However, it doesn't seem to work (the environment variable isn't set in > the new ssh session, despite ensuring that no other process was active > for that user before logging in), and i confess i don't know why -- > running /usr/lib/systemd/user-environment-generators/90gpg-agent by hand > produces the output i expect. > Just looked into this - the generator script is actually working properly, but the env vars it sets are not being inherited by your shell when you ssh in. It looks like this is the intended behaviour of openssh, which builds an bare-bones env [1] before invoking your shell with execve. If a user wants SSH_AUTH_SOCK to be set inside their ssh session, the easiest way is probably for them to copy the old Xsession.d script into their .bashrc or similar. --rufo [1] https://github.com/openssh/openssh-portable/blob/de4ae07f12dabf8815ecede54235fce5d22e3f63/session.c#L963
Bug#855868: [pkg-gnupg-maint] Bug#855868: GPG_AGENT_INFO and SSH_AUTH_SOCK not set in wayland sessions
On 21/08/17 14:18, Raphael Hertzog wrote:
>
> I agree it looks like a good solution. Daniel, can you implement this
> please?
>
Quick amendment to my previous suggestion.
At least until this patch
(https://git.gnome.org/browse/gnome-session/commit/?id=818266a898b803960ce8dd6d330c1ef6934bba46)
lands in gnome-session-bin, we also need to set
GSM_SKIP_SSH_AGENT_WORKAROUND to prevent our SSH_AUTH_SOCK from being
clobbered. Updated script below.
--rufo
#!/bin/bash
if [ -n "$(gpgconf --list-options gpg-agent | \
awk -F: '/^enable-ssh-support:/{ print $10 }')" ]; then
echo SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
echo GSM_SKIP_SSH_AGENT_WORKAROUND=true
fi
Bug#855868: [pkg-gnupg-maint] Bug#855868: GPG_AGENT_INFO and SSH_AUTH_SOCK not set in wayland sessions
Hi folks,
Perhaps the solution might involve using systemd's
environment-generators [1]. This seems to be the new preferred way to
set environmental variables like SSH_AUTH_SOCK and the replacement for
putting scripts in /etc/X11/Xsession.d/.
For example the gnupg-agent package could create the file
/usr/lib/systemd/user-environment-generators/90gpg-agent containing
something like this:
#!/bin/bash
if [ -n "$(gpgconf --list-options gpg-agent | \
awk -F: '/^enable-ssh-support:/{ print $10 }')" ]; then
echo SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
fi
This is what I'm using at the moment and it seems to work well. What do
you think?
--rufo
[1]
https://www.freedesktop.org/software/systemd/man/systemd.environment-generator.html
Bug#835064: Syntax error in systemd unit file
Package: runit-systemd Version: 2.1.2-5 The Documentation field in runit.service contains the string "Runit service supervision", but it is supposed to contain one or more URIs to documentation. This causes complaints from systemd: [/lib/systemd/system/runit.service:3] Invalid URL, ignoring: Runit [/lib/systemd/system/runit.service:3] Invalid URL, ignoring: service [/lib/systemd/system/runit.service:3] Invalid URL, ignoring: supervision This line should be removed or replaced by a URI, perhaps http://smarden.org/runit/ Many thanks
Bug#520254: Hiya! I'm really looking around for guy!
zhuuxpdi jmbgifjuye jntxhxocq xphddfq qooxbzfynl rekecmz onkegukgk U F S U J F Y A E W X B V X U K H V G psgnysp S R G B I H V N Z S M M ddqidsomxy kzutfuyczn aaofhdfgo iaievjy aybzubi ymdnr rswobyd N H G R Q L A I T E U E A U O B J vdnzyqvdxykbuvntjs C I G G V E P P R Z N K M W U Xattachment: tvpyau.jpg
Bug#696451: Should depend on java2-runtime-headless rather than java2-runtime
Package: clojure1.4 Version: 1.4.0+dfsg-2 Clojure does not require the full versions of JREs. It works fine with headless versions, which have fewer dependencies and do not needlessly pull in x11-related packages. I believe the current dependency of this package on java2-runtime should be changed to java2-runtime-headless to reflect this. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
