Results 1 to 6 of 6

Thread: Prevent gpg-agent from being called with --keep-display

  1. #1

    Question Prevent gpg-agent from being called with --keep-display

    If I understand correctly, the openSUSE distribution of xdm contains a script /etc/X11/xdm/scripts/10-gpg-agent that invokes gpg-agent with the --keep-display option. This is inconvenient for me because it prevents me from processing signed/encrypted e-mails when I access my machine remotely. Steps to reproduce:

    1. I log into my home machine locally. gpg-agent gets automatically launched with the --keep-display option.
    2. I lock my screen and go to the office. At the office, I connect to my home machine via SSH or x2go and launch my mail client.
    3. I try to read an encrypted message, or to send a signed or encrypted message. Normally the pinentry program would pop up asking for my passphrase. However, the --keep-display option prevents it from being displayed.


    What is the best way of continuing to have my machine automatically launch gpg-agent on login, but without the --keep-display option? I don't want to edit the /etc/X11/xdm/scripts/10-gpg-agent file directly as it will get overwritten whenever the xdm package is upgraded.

  2. #2
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    15,677
    Blog Entries
    3

    Default Re: Prevent gpg-agent from being called with --keep-display

    I haven't tested this.

    You should be able to start gpg-agent in your shell profile. If you are using "bash" that is presumably either ".profile" or ".bash_profile" in your home directory. For "csh" (which I use), it is ".login".

    Normal X startup begins by starting your login shell, which should run the appropriate startup file. And this happens before "ssh-agent" and "gpg-agent" are started.

    I'll note that you have to put in cross-checks, so that these agents are not started if they are already running (you can probably tell from environment variables).

    In my experience, if I start "ssh-agent" from the shell startup file, then it is not started a second time in X session startup. I have not checked whether that is also true for "gpg-agent" startup.
    openSUSE Leap 15.3; KDE Plasma 5.18.6;

  3. #3

    Default Re: Prevent gpg-agent from being called with --keep-display

    OK, I can try that.The system default invokes gpg-agent with "--daemon /etc/X11/xinit/xinitrc". Should my invocation in ~/.profile use that option too? I'm not really clear on the purpose of calling it with that environment. (Well, I understand the idea of daemonizing it; I just don't understand why /etc/X11/xinit/xinitrc should be passed.)

  4. #4
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    15,677
    Blog Entries
    3

    Default Re: Prevent gpg-agent from being called with --keep-display

    It looks as if you should start it with:
    Code:
    eval $(gpg-agent --daemon)
    But first check if "$GPG_AGENT_INFO" is defined.
    Maybe something like:
    Code:
    if [ "$GPG_AGENT_INFO" = "" ] ; then
      eval $(gpg-agent --daemon)
    fi
    You most certainly do not want the "xinitrc" there when starting from shell startup file.

    As to why that is there -- the idea is to run gpg-agent as a daemon, and have that daemon startup X11 as a subprocess. That way, when X11 ends, the gpg-agent daemon will automatically shutdown. But you can't do it that way from your shell profile, because X11 is being started elsewhere.
    openSUSE Leap 15.3; KDE Plasma 5.18.6;

  5. #5

    Default Re: Prevent gpg-agent from being called with --keep-display

    Quote Originally Posted by nrickert View Post
    It looks as if you should start it with:
    Code:
    eval $(gpg-agent --daemon)
    But first check if "$GPG_AGENT_INFO" is defined.
    Maybe something like:
    Code:
    if [ "$GPG_AGENT_INFO" = "" ] ; then
      eval $(gpg-agent --daemon)
    fi
    Yes, I'm trying something similar (but checking the string with with -z rather than = ""). However, this doesn't work; when I log in I get the following error:
    Code:
    gpg-agent[7844]: enabled debug flags: ipc
    can't connect to 'socket:///home/psy/.gnupg/log-socket': Connection refused
    The file in question is a pipe with a very old timestamp—I think it was carried over from my old openSUSE 11.4 installation, which probably invoked gpg-agent in a different way. I'll try moving the pipe out of the way and see if that helps.

    Quote Originally Posted by nrickert View Post
    You most certainly do not want the "xinitrc" there when starting from shell startup file.

    As to why that is there -- the idea is to run gpg-agent as a daemon, and have that daemon startup X11 as a subprocess. That way, when X11 ends, the gpg-agent daemon will automatically shutdown. But you can't do it that way from your shell profile, because X11 is being started elsewhere.
    OK, that makes sense. Thanks for the explanation.

  6. #6

    Default Re: Prevent gpg-agent from being called with --keep-display

    I tried moving the pipe out of the way. I'm able to log in on the console now, and gpg-agent seems to get started correctly. But I can't log into Plasma. As soon as I type my username and password and hit enter, the screen blanks for a moment and then returns me to the login prompt.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •