View previous topic :: View next topic |
Author |
Message |
grant123 Veteran
Joined: 23 Mar 2005 Posts: 1099
|
Posted: Mon Dec 08, 2014 1:37 pm Post subject: Why is gpg-agent running? |
|
|
I can see that gnupg is installed as a dependency of git which is fine, but how can I find out why gpg-agent is running? |
|
Back to top |
|
|
khayyam Watchman
Joined: 07 Jun 2012 Posts: 6227 Location: Room 101
|
Posted: Mon Dec 08, 2014 10:53 pm Post subject: Re: Why is gpg-agent running? |
|
|
grant123 wrote: | I can see that gnupg is installed as a dependency of git which is fine, but how can I find out why gpg-agent is running? |
grant ... you should probably tell us what desktop ... or env ... you are running. Also, if you happen to use net-misc/keychain this will start gpg-agent unless explicitly told not to.
best ... khay |
|
Back to top |
|
|
grant123 Veteran
Joined: 23 Mar 2005 Posts: 1099
|
Posted: Mon Dec 08, 2014 11:48 pm Post subject: |
|
|
I'm using xfce4 and I don't have keychain installed. |
|
Back to top |
|
|
khayyam Watchman
Joined: 07 Jun 2012 Posts: 6227 Location: Room 101
|
Posted: Tue Dec 09, 2014 12:07 am Post subject: |
|
|
grant123 wrote: | I'm using xfce4 and I don't have keychain installed. |
grant ... ok, I suspect that it uses gnome-keyring, which is started by the session, this then starts gpg-agent to access, store, etc, keys. I say "suspect" as I don't use XFCE ... but I'm fairly sure this will be the case.
best ... khay |
|
Back to top |
|
|
Hu Administrator
Joined: 06 Mar 2007 Posts: 22877
|
Posted: Tue Dec 09, 2014 12:39 am Post subject: |
|
|
You might get more information by inspecting the environment of the gpg-agent process, its command line, or its ancestry. |
|
Back to top |
|
|
ct85711 Veteran
Joined: 27 Sep 2005 Posts: 1791
|
Posted: Tue Dec 09, 2014 12:49 am Post subject: |
|
|
well, on my system (running XFCE) these programs depend on gnupg (the package that gpg-agent belongs to) are these.
Code: | equery d gnupg
* These packages depend on gnupg:
app-text/pastebinit-1.4.1 (crypt ? app-crypt/gnupg)
dev-vcs/git-2.1.3 (test ? app-crypt/gnupg)
(gpg ? app-crypt/gnupg)
kde-base/kdelibs-4.14.3 (>=app-crypt/gnupg-2.0.11) |
Of those, I don't have git running, nor do I have pastebin running either, so it leaves something from kdelibs that is starting gpg-agent.
Note: I also do not have gnome-keyring or keychain. |
|
Back to top |
|
|
grant123 Veteran
Joined: 23 Mar 2005 Posts: 1099
|
Posted: Tue Dec 09, 2014 12:50 am Post subject: |
|
|
gnome-keyring and kdelibs aren't installed on my system. |
|
Back to top |
|
|
xaviermiller Bodhisattva
Joined: 23 Jul 2004 Posts: 8723 Location: ~Brussels - Belgique
|
Posted: Tue Dec 09, 2014 8:26 am Post subject: |
|
|
As khayyam said, XFCE is the culprit. I have the same behaviour here with XFCE. _________________ Kind regards,
Xavier Miller |
|
Back to top |
|
|
khayyam Watchman
Joined: 07 Jun 2012 Posts: 6227 Location: Room 101
|
Posted: Tue Dec 09, 2014 10:34 am Post subject: |
|
|
grant ... the xfce4-session documentaion has the following:
Quote: | SSH and GPG Agents
By default xfce4-session tries to start the gpg- or ssh-agent. To disable this run the following command:
Code: | xfconf-query -c xfce4-session -p /startup/ssh-agent/enabled -n -t bool -s false |
To force the ssh-agent instead of the gpg-agent use the following command:
Code: | xfconf-query -c xfce4-session -p /startup/ssh-agent/type -n -t string -s ssh-agent |
In case you want to use gnome-keyring enable the Launch GNOME services on startup in the Advanced tab of the settings dialog. If you do this xfce4-session will not attempt to start the gpg- or ssh-agent. |
best ... khay |
|
Back to top |
|
|
grant123 Veteran
Joined: 23 Mar 2005 Posts: 1099
|
Posted: Tue Dec 09, 2014 2:52 pm Post subject: |
|
|
Nice find, thank you Khay. What is the logic behind starting gpg-agent by default?
EDIT: In light of this, should gpg-agent be a dependency of xfce4? |
|
Back to top |
|
|
khayyam Watchman
Joined: 07 Jun 2012 Posts: 6227 Location: Room 101
|
Posted: Tue Dec 09, 2014 8:38 pm Post subject: |
|
|
grant123 wrote: | Nice find, thank you Khay. What is the logic behind starting gpg-agent by default? |
grant ... you're welcome. You mean gpg-agent explictly, or agents in general ... like why gpg-agent and not ssh-agent? It's probably because gpg-agent supports both gpg and ssh keys. If the question is why start it at all this is due the fact that these needed to be available to children of the parrent (session) to be of any use ... which is why {gpg,ssh}-agent is generally started at login or via the session-manager (when login is provided by the DM). If its not then anything (such as ssh) won't know what socket to use to speak with the agent and so be supplied a key when ssh'ing to a remote host that has an authorized_keys (public key) file.
grant123 wrote: | EDIT: In light of this, should gpg-agent be a dependency of xfce4? |
No, I wouldn't say so, its not critical that gpg-agent is available.
best ... khay |
|
Back to top |
|
|
|