View previous topic :: View next topic |
Author |
Message |
Trejkaz Guru
Joined: 14 Nov 2002 Posts: 479 Location: Sydney, Australia
|
Posted: Sun Feb 01, 2004 11:55 pm Post subject: GPG Agent -- SOLVED |
|
|
Is there a working GPG agent anywhere in Gentoo? I'm dissatisfied with quintuple-agent due to its apparent inability to kill itself when I'm done with it (ssh-agent has a -k option, quintuple-agent has no apparent equivalent), and when I ask people where to get a GPG agent they say "Isn't gpg-agent included as part of gnupg?"
Well, it isn't part of app-crypt/gnupg, at least not on 1.2.3-r5.
Is it supposed to be? I don't even know if this is a bug until I know whether gpg-agent is supposed to ship with gnupg.
Last edited by Trejkaz on Sun Feb 08, 2004 10:37 pm; edited 1 time in total |
|
Back to top |
|
|
der Mosher n00b
Joined: 21 Jan 2004 Posts: 17 Location: Bramsche/Lower Saxony/Germany
|
Posted: Mon Feb 02, 2004 1:16 am Post subject: |
|
|
gpg-agent is part of newpg. It will only compile if dev-libs/libgcrypt is < 1.1.91 (i have 1.1.12). Now, if you can tell me where I have to start gpg-agent so that kgpg will recognize it?
René _________________ 111111111^2 = 12345678987654321 |
|
Back to top |
|
|
Trejkaz Guru
Joined: 14 Nov 2002 Posts: 479 Location: Sydney, Australia
|
Posted: Mon Feb 02, 2004 1:47 am Post subject: |
|
|
That I can't say until I get gpg-agent installed.
But, what I do with ssh-agent, is in my .xinitrc file (I login on the framebuffer console and startup X using 'startx') I have "eval `ssh-agent -s`" before the spot where I run KDE, and "eval `ssh-agent -k`" afterwards. You can also use "ssh-agent /usr/kde/3.1/bin/startkde" which is simpler, actually I have no idea why I don't just do it this way instead.
Assuming gpg-agent is similar it should be possible using one or the other method. |
|
Back to top |
|
|
der Mosher n00b
Joined: 21 Jan 2004 Posts: 17 Location: Bramsche/Lower Saxony/Germany
|
Posted: Mon Feb 02, 2004 4:44 am Post subject: |
|
|
I've got it running now. I inserted the script from https://bugs.gentoo.org/show_bug.cgi?id=13573#c7 at the beginning of /usr/kde/3.2/bin/startkde . I had to modify one line:
PROG=`ps -p ${CHECK_PID} |tail -1| sed -e "s,^ *[^ ]* *[^ ]* *[^ ]* *,,"`
(notice the added " *" at the beginning of the sed command)
René _________________ 111111111^2 = 12345678987654321 |
|
Back to top |
|
|
Trejkaz Guru
Joined: 14 Nov 2002 Posts: 479 Location: Sydney, Australia
|
Posted: Mon Feb 02, 2004 5:48 am Post subject: |
|
|
I see. This script is a bit messy compared to the relatively clean ssh-agent. It doesn't kill the agent when it's finished with, which is undesirable in my mind but I guess I can live with it. At least it does check whether one is already running and uses its information instead of spawning a new one each time. |
|
Back to top |
|
|
plate Bodhisattva
Joined: 25 Jul 2002 Posts: 1663 Location: Berlin
|
Posted: Sun Feb 08, 2004 10:12 pm Post subject: |
|
|
Been scratching my head over this one ever since I successfully emerged KDE 3.2. The thing is, in spite of being part of my .xinitrc, the gpg-agent never gets to run before startkde is executed. When I run Paul de Vrieze's gpg-agent.sh (both with and without your extra asterisk, der Mosher), I'm getting a Code: | : bad interpreter: No such file or directory | error, and since I'm not excactly a genius at debugging shell schripts, I was wondering if someone here had an idea how to make the agent do what I want for a change... |
|
Back to top |
|
|
Trejkaz Guru
Joined: 14 Nov 2002 Posts: 479 Location: Sydney, Australia
|
Posted: Sun Feb 08, 2004 10:28 pm Post subject: |
|
|
That shell script probably just has to be run through dos2unix to work.
Edit: hang around a bit actually, I'll post my solution in a second, just have to write up the instructions. |
|
Back to top |
|
|
Trejkaz Guru
Joined: 14 Nov 2002 Posts: 479 Location: Sydney, Australia
|
Posted: Sun Feb 08, 2004 10:36 pm Post subject: |
|
|
SOLUTION
I will proceed with a solution for the lazy folk who don't necessarily care if there are multiple copies of an agent running on the system. This solution will allow you to use the agent whenever your X session is running, a similar solution can be adapted to make it work in remote SSH sessions and console logins, but then you might want the more sophisticated script in order to prevent multiple copies of the agent running.
As has been mentioned:
(newpg is the new GnuPG. It comes with the S/MIME version of the program as well as the agent, and optionally the GPG version of the program if you compile it in. The ebuild however doesn't let you compile the GPG part in. Harsh. But anyway on with the instructions.)
If you are using a graphical login (kdm or whatever), the following goes in your ~/.xsession file:
Code: |
# Replace pinentry-qt with pinentry-gtk if you use GNOME or prefer the look of Gtk in general.
eval `/usr/bin/gpg-agent --daemon --sh --pinentry-program /usr/bin/pinentry-qt`
# Replace this line with the line to start up your desktop or WM.
/usr/kde/3.2/bin/startkde
# Magic GPG agent killing line. ;-)
kill `echo $GPG_AGENT_INFO | cut -d ':' -f 2`
|
That should do it. Log out of X, login to X, once in start up a console and type
Code: |
echo $GPG_AGENT_INFO
|
This should print something like this:
Code: |
/tmp/gpg-JNSNCj/S.gpg-agent:29084:1
|
Then of course you need to add this line to ~/.gnupg/gpg.conf:
And all should be well.
Now I just have to configure the agent so it doesn't harrass me for a password every time I move my mouse after walking away from the computer. Good security, but a bit too paranoid, I'd say. |
|
Back to top |
|
|
|