Mailing List Archive

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

* Neil Williams <linux at codehelp.co.uk> [2003-04-22 15:43]:
> Does anyone know how to solve problems with the environment variable
> for gpg-agent?

Make sure that the script that gpg-agent --daemon emits is exporting the
variables, or export them yourself:

eval `gpg-agent --daemon`
export GNUPG_AGENT_INFO

(darren)

- --
The rebootings will continue until the configuration works.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (SunOS)

iD8DBQE+pZx7zsinjrVhZaoRAof9AJ9P4np0kBRH/bkcwOgbb7FADw1KewCdHASU
HxjdFvgFc8ySKwpcOrbAh+M=
=ishf
-----END PGP SIGNATURE-----

On Tuesday 22 April 2003 8:48 pm, darren chamberlain wrote:
> * Neil Williams <linux at codehelp.co.uk> [2003-04-22 15:43]:
> > Does anyone know how to solve problems with the environment variable
> > for gpg-agent?
>
> Make sure that the script that gpg-agent --daemon emits is exporting the
> variables, or export them yourself:
>
> eval `gpg-agent --daemon`
> export GNUPG_AGENT_INFO
>
> (darren)

The variable is being emitted in the root environment space but not in the
user space. Even when I run the command above, the variable doesn't remain
set outside the terminal window.

--

Neil Williams
=============
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://www.wewantbroadband.co.uk/

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

* Neil Williams <linux at codehelp.co.uk> [2003-04-23 15:07]:
> The variable is being emitted in the root environment space but not in
> the user space. Even when I run the command above, the variable
> doesn't remain set outside the terminal window.

I'm not sure that I understand what you mean by "outside the terminal
window"; the variable will only propogated to the children of the
process marks the variable as exported. If the shell invoking X has the
variable set and exported, then all the children will inherit it.
Similarly, if .xinitrc (or .xsession) has the variable set and exported,
and then spawns a few xterms (e.g.) and then your window manager, the
xterms and window manager (and _their_ children) will inherit the
variable as well.

(darren)

- --
A lot of things wrong with society today are directly attributable to
the fact that the people who make the laws are sexually maladjusted.
-- Frank Zappa
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (SunOS)

iD8DBQE+pufDzsinjrVhZaoRAjICAJ4xsjp+Ir1jmF3v+iolUfFX7CJ7qgCfb9Yq
aAXzVxKWdvUR9DK0B68AjFY=
=dWFO
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

> The variable is being emitted in the root environment space but not
> in the user space. Even when I run the command above, the variable
> doesn't remain set outside the terminal window.

I start gpg-agent this way via ~/.xsession


if test -e ~/.gpg_agent_info; then
. ~/.gpg_agent_info
else
gpg-agent --daemon --sh >> ~/.gpg_agent_info

. ~/.gpg_agent_info

fi

So, every time I log in, ~/.xsession will check, whether gpg-agent is up
and running and if not, it will be started.

I have the right options for gpg-agent in ~/.gnupg/gpg-agent.conf which
looks like this:

[malte_gell@eingang]~/.gnupg· cat gpg-agent.conf
pinentry-program /usr/local/bin/pinentry-qt
no-grab
default-cache-ttl 3600

This works fine for me. If I exit from KDE and log in later, ~/.xsession
sees that gpg-agent is already up and running.

HTH
Malte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iEYEAREDAAYFAj6nH+sACgkQGzg12gD8wBbOPQCgmfUgdT8lZzJZ7ON1vKldI4jI
30MAn0cUYSO2eR602xzc8isWDuJ1ctWE
=I73V
-----END PGP SIGNATURE-----

On Thursday 24 April 2003 1:40 pm, darren chamberlain wrote:
> Hi Neil,
>
> * Neil Williams <linux at codehelp.co.uk> [2003-04-23 19:15]:
> > If I start kmail from the terminal window, it can find the agent. If
> > I start kmail from the menu or a desktop link, it fails to find the
> > agent.
>
> Hm, weird. I suspect that KDE is doing somethink wonky. Perhaps it's
> launcher app (whatever it's called) intentionally scrubs the environment
> before spawning new processes?

I've had to write a bash script now - eval gpg-agent --daemon etc, then kmail.
Guess what - it works BUT the KPanel complains that it can't execute the bash
script (probably because it is set as chmod 700). Still, it's not really a
bother, at least it works now. (I will experiment with not having the
gpg-agent command in the bash script at all, just using .bashrc).

> It's also possible that the variable isn't being propogated from the
> main kde app to the program that manages the desktop or menu, I suppose.

Very likely - kmail is seeing the variable now but that's because it is being
started from bash which itself has the variable set in .bashrc - it sounds
like the panel is cleansing the environment.

> > Without a line in .bashrc, the terminal window can't see the variable
> > either, despite lines in startkde and .xinitc. Yet when I su to root,
> > it is there. (I'm currently using a different installation with an
> > older version of kmail but I will look at it again tomorrow on the
> > installation with KDE3.1).
>
> I definitely suspect KDE, then, because this sounds broken to me.

Agreed. However, is this an opportunity to ask for a change in design?
Wouldn't it be better to use a temporary file? It already uses a location in
/tmp but the filename changes each session. If the filename was kept the
same, the agent could detect existing instances and all programs would know
where to find the information without using the environment at all. Would
that be more reliable? If the file was a risk, would putting it in ~/tmp be
any better?

> If you have the wherewithal, try running X without KDE, and then launch
> kmail, and see if it has the variable.

The only distro that has KDE3.1 and therefore KMail 1.5 and S/MIME is an
optimised one that doesn't include Gnome or anything else really. It seems a
little longwinded to compile Gnome from source just to test this!!!

> (darren)

--

Neil Williams
=============
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://www.wewantbroadband.co.uk/

On Tuesday 22 April 2003 8:48 pm, darren chamberlain wrote:
> * Neil Williams <linux at codehelp.co.uk> [2003-04-22 15:43]:
> > Does anyone know how to solve problems with the environment variable
> > for gpg-agent?

The problem now is that in order to start KMail, I MUST issue the eval
"$(gpg-agent --daemon)" command in a bash script and execute kmail from the
same script - no other form (like the one you list below) will work and KMail
never finds the agent unless yet another gpg-agent daemon is started each
time I start KMail.

What is the consequence (if any) of perhaps 10 or more gpg-agent --daemon
listings in ps -ax?

I've tried just exporting the variable (it shows in the output but is not
passed to KMail), I've tried alternative formats of the eval command. I've
tried setting the panel properties to execute in a terminal and I've tried
executing the same file from the desktop and from the panel.

The only method to work is:
#!/bin/bash
eval "$(gpg-agent --daemon)"
kmail

Even now I still get the complaint that KPanel cannot execute the script (but
it goes ahead and does so anyway) despite the script now being chmod 755 and
all directories in the path also being 755.

> Make sure that the script that gpg-agent --daemon emits is exporting the
> variables, or export them yourself:
>
> eval `gpg-agent --daemon`
> export GNUPG_AGENT_INFO
>
> (darren)

Doesn't work. There has to be a better way than using environment variables.

--

Neil Williams
=============
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://www.wewantbroadband.co.uk/

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

* Neil Williams <linux at codehelp.co.uk> [2003-04-24 13:43]:
> On Thursday 24 April 2003 1:40 pm, darren chamberlain wrote:
> > If you have the wherewithal, try running X without KDE, and then
> > launch kmail, and see if it has the variable.
>
> The only distro that has KDE3.1 and therefore KMail 1.5 and S/MIME is
> an optimised one that doesn't include Gnome or anything else really.
> It seems a little longwinded to compile Gnome from source just to test
> this!!!

"Without KDE" doesn't mean "with GNOME", it means, run startx from a
console. You definitely have X, or KDE wouldn't run.

Meanwhile, take a look at keychain
(http://www.gentoo.org/proj/en/keychain.xml). keychain is designed to
work with ssh-agent, but the idea is the same. You can probably steal
some ideas from it.

(darren)

- --
What a strange illusion it is to suppose that beauty is goodness.
-- Leo Tolstoy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (SunOS)

iD8DBQE+qCQOzsinjrVhZaoRAtzXAKCWlLOqYXM7raLxnlJwJ1D2gZ68igCeNECZ
PVvy6sLnyt+nBs6X30UoCl0=
=ud49
-----END PGP SIGNATURE-----

On Thu, 24 Apr 2003 18:41:37 +0100, Neil Williams said:

>> eval `gpg-agent --daemon`
>> export GNUPG_AGENT_INFO
>>
>> (darren)

> Doesn't work. There has to be a better way than using environment variables.

Most likely you also run ssh-agent. gpg-agent must be startet in
excactly the same way. Note, that you can also let gpg-agent start an
application:

gpg-agent --daemon /bin/sh


--
Nonviolence is the greatest force at the disposal of
mankind. It is mightier than the mightiest weapon of
destruction devised by the ingenuity of man. -Gandhi

On Friday 25 April 2003 9:40 am, Werner Koch wrote:
> On Thu, 24 Apr 2003 18:41:37 +0100, Neil Williams said:
> >> eval `gpg-agent --daemon`
> >> export GNUPG_AGENT_INFO

When it works, the variable that shows up is GPG_AGENT_INFO not GNUPG.

> >>
> >> (darren)
> >
> > Doesn't work. There has to be a better way than using environment
> > variables.
>
> Most likely you also run ssh-agent. gpg-agent must be startet in

Therein is the problem - this optimised distro has no servers at all so
ssh-agent isn't installed. I can use ssh as a client (but it is very slow to
authorise) but I have no ssh, telnet, ftp, mysql or httpd servers. I'm
waiting to get hold of Mandrake 9.1 (can't download as I have no broadband)
so that I can get better use out of KDE3.1

I have installed the same distro on two machines - on one I end up with three
copies of gpg-agent but it works. On the other I need to start kmail from the
bash script referred to before and end up with lots and lots of gpg-agents.

--

Neil Williams
=============
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://www.wewantbroadband.co.uk/

On Friday 25 April 2003 19:15, Neil Williams wrote:
> I have installed the same distro on two machines - on one I end up
> with three copies of gpg-agent but it works. On the other I need to
> start kmail from the bash script referred to before and end up with
> lots and lots of gpg-agents.

Simply add a 'killall gpg-agent' as first command to your script if you
don't want multiple gpg-agents.

Regards,
Ingo

On Thu, 4 Aug 2022 21:27, folkert said:

> How can I, programmatically, prevent gpg-agent to cache a passphrase?
> Or clear its cache?

Put

max-cache-ttl 0

into gpg-agent.conf

To fluish the cache run

gpgconf --reload gpg-agent

> err = gpgme_set_ctx_flag(ctx, "no-symkey-cache", "1");
>
> but then when I run my program for the second time, it uses a cached
> item.

If this has been set, the cache should not be used. Note, this is only
for this special symmetric password caching (which uses the salt of the
S2K)


Shalom-Salam,

Werner


--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein