Public bug reported:
Background:
GPG supports authentication keys that can be used in place of normal SSH keys
with little effort on the part of the user by using the "enable-ssh-support"
option in ~/.gnupg/gpg-agent.conf. If the "enable-ssh-support" option is
present, the gpg-agent will emulate the ssh-agent application and export
SSH_AUTH_SOCK and SSH_AGENT_PID environment variables so that SSH-related
applications will know how to contact the gpg-agent to request operations
against the user's SSH keys. The primary use-case for this is for users who
have GPG authentication keys stored on a GPG smartcard and wish to use those
keys for SSH purposes.
Prerequisites:
Typically, gpg-agent has SSH_AUTH_SOCK and SSH_AGENT_PID overwritten by either
gnome-keyring or ssh-agent upstart jobs if they are enabled so for the use case
of using GPG authentication keys in place of normal SSH keys, we are assuming
that both of these services are being bypassed by setting their
~/.config/upstart/{job}.override files to "manual" leaving gpg-agent as the
only remaining process that will try and set the environment variables.
Expected:
When gpg-agent.conf contains "enable-ssh-support", the SSH_AUTH_SOCK and
SSH_AGENT_PID environment variables should be set globally by the
debian/gpg-agent.user-session.upstart script
(Note: This should only happen if "use-agent" is present in the gpg.conf
as well. Otherwise, the gpg-agent won't start and if the gpg-agent is
not started, all of this is pointless)
Actual:
SSH_AUTH_SOCK and SSH_AGENT_PID are not set when the gpg-agent upstart job is
started and SSH-related applications cannot access keys that are in GPG.
GPG_AGENT_INFO is set properly by the upstart job.
Additional info:
lsb_release -rd:
Description: Ubuntu 14.10
Release: 14.10
apt-cache policy gnupg2:
Installed: 2.0.24-1ubuntu2
Candidate: 2.0.24-1ubuntu2
Version table:
*** 2.0.24-1ubuntu2 0
500 http://us.archive.ubuntu.com/ubuntu/ utopic/main amd64 Packages
100 /var/lib/dpkg/status
** Affects: gnupg (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnupg in Ubuntu.
https://bugs.launchpad.net/bugs/1407513
Title:
gpg-agent upstart script doesn't set SSH environment variables
Status in gnupg package in Ubuntu:
New
Bug description:
Background:
GPG supports authentication keys that can be used in place of normal SSH keys
with little effort on the part of the user by using the "enable-ssh-support"
option in ~/.gnupg/gpg-agent.conf. If the "enable-ssh-support" option is
present, the gpg-agent will emulate the ssh-agent application and export
SSH_AUTH_SOCK and SSH_AGENT_PID environment variables so that SSH-related
applications will know how to contact the gpg-agent to request operations
against the user's SSH keys. The primary use-case for this is for users who
have GPG authentication keys stored on a GPG smartcard and wish to use those
keys for SSH purposes.
Prerequisites:
Typically, gpg-agent has SSH_AUTH_SOCK and SSH_AGENT_PID overwritten by
either gnome-keyring or ssh-agent upstart jobs if they are enabled so for the
use case of using GPG authentication keys in place of normal SSH keys, we are
assuming that both of these services are being bypassed by setting their
~/.config/upstart/{job}.override files to "manual" leaving gpg-agent as the
only remaining process that will try and set the environment variables.
Expected:
When gpg-agent.conf contains "enable-ssh-support", the SSH_AUTH_SOCK and
SSH_AGENT_PID environment variables should be set globally by the
debian/gpg-agent.user-session.upstart script
(Note: This should only happen if "use-agent" is present in the
gpg.conf as well. Otherwise, the gpg-agent won't start and if the gpg-
agent is not started, all of this is pointless)
Actual:
SSH_AUTH_SOCK and SSH_AGENT_PID are not set when the gpg-agent upstart job is
started and SSH-related applications cannot access keys that are in GPG.
GPG_AGENT_INFO is set properly by the upstart job.
Additional info:
lsb_release -rd:
Description: Ubuntu 14.10
Release: 14.10
apt-cache policy gnupg2:
Installed: 2.0.24-1ubuntu2
Candidate: 2.0.24-1ubuntu2
Version table:
*** 2.0.24-1ubuntu2 0
500 http://us.archive.ubuntu.com/ubuntu/ utopic/main amd64 Packages
100 /var/lib/dpkg/status
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/1407513/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
