diff options
| author | Werner Koch <[email protected]> | 2012-12-10 13:45:26 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2012-12-10 13:45:26 +0000 |
| commit | 36ba7845995dd3caf8faeec3e09b3ffb879fc29b (patch) | |
| tree | 5e4af488c4cff6fe8f956c34029f82aef34f2f17 | |
| parent | config: Update npth.m4. (diff) | |
| download | gnupg-36ba7845995dd3caf8faeec3e09b3ffb879fc29b.tar.gz gnupg-36ba7845995dd3caf8faeec3e09b3ffb879fc29b.zip | |
agent: Add envvar "gnupg_SSH_AUTH_SOCK_by"
* agent/gpg-agent.c (main): Pass new envar gnupg_SSH_AUTH_SOCK_by to
an invoked process.
--
This environment variable is useful for debugging if
--use-standard-socket is used (which is the default since 2.1).
Commonly you should have this in your init script (e.g. ~/.bashrc):
unset GPG_AGENT_INFO
unset SSH_AGENT_PID
SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"
export SSH_AUTH_SOCK
The problem is that gpg-agent won't be able to override the
SSH_AUTH_SOCK envvar if gpg-agent has been invoked as
gpg-agent --enable-ssh-support --daemon /bin/bash
To fix this you should instead use this code in the init script:
unset GPG_AGENT_INFO
unset SSH_AGENT_PID
if [ ${gnupg_SSH_AUTH_SOCK_by:-0} -ne $$ ]; then
export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"
fi
This will work in all cases and thus allows to start gpg-agent for
testing purposes with a different homedir and use this gpg-agent as an
ssh-agent. Example:
GNUPGHOME=$(pwd) gpg-agent --enable-ssh-support --daemon /bin/bash
gnupg_SSH_AUTH_SOCK_by is set to the PID of the exec-ed process and
thus will work safely if called recursively.
| -rw-r--r-- | agent/gpg-agent.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 32da578f0..469011493 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -1067,7 +1067,7 @@ main (int argc, char **argv ) } else if (pid) { /* We are the parent */ - char *infostr, *infostr_ssh_sock; + char *infostr, *infostr_ssh_sock, *infostr_ssh_valid; /* Close the socket FD. */ close (fd); @@ -1104,6 +1104,13 @@ main (int argc, char **argv ) kill (pid, SIGTERM); exit (1); } + if (asprintf (&infostr_ssh_valid, "gnupg_SSH_AUTH_SOCK_by=%lu", + (unsigned long)getpid()) < 0) + { + log_error ("out of core\n"); + kill (pid, SIGTERM); + exit (1); + } } *socket_name = 0; /* Don't let cleanup() remove the socket - @@ -1142,7 +1149,8 @@ main (int argc, char **argv ) kill (pid, SIGTERM ); exit (1); } - if (opt.ssh_support && putenv (infostr_ssh_sock)) + if (opt.ssh_support && (putenv (infostr_ssh_sock) + || putenv (infostr_ssh_valid))) { log_error ("failed to set environment: %s\n", strerror (errno) ); @@ -1189,6 +1197,7 @@ main (int argc, char **argv ) if (opt.ssh_support) { xfree (infostr_ssh_sock); + xfree (infostr_ssh_valid); } exit (0); } |