If I understand correctly, the openSUSE distribution of xdm contains a script /etc/X11/xdm/scripts/10-gpg-agent that invokes gpg-agent with the --keep-display option. This is inconvenient for me because it prevents me from processing signed/encrypted e-mails when I access my machine remotely. Steps to reproduce:
I log into my home machine locally. gpg-agent gets automatically launched with the --keep-display option.
I lock my screen and go to the office. At the office, I connect to my home machine via SSH or x2go and launch my mail client.
I try to read an encrypted message, or to send a signed or encrypted message. Normally the pinentry program would pop up asking for my passphrase. However, the --keep-display option prevents it from being displayed.
What is the best way of continuing to have my machine automatically launch gpg-agent on login, but without the --keep-display option? I don’t want to edit the /etc/X11/xdm/scripts/10-gpg-agent file directly as it will get overwritten whenever the xdm package is upgraded.
You should be able to start gpg-agent in your shell profile. If you are using “bash” that is presumably either “.profile” or “.bash_profile” in your home directory. For “csh” (which I use), it is “.login”.
Normal X startup begins by starting your login shell, which should run the appropriate startup file. And this happens before “ssh-agent” and “gpg-agent” are started.
I’ll note that you have to put in cross-checks, so that these agents are not started if they are already running (you can probably tell from environment variables).
In my experience, if I start “ssh-agent” from the shell startup file, then it is not started a second time in X session startup. I have not checked whether that is also true for “gpg-agent” startup.
OK, I can try that.The system default invokes gpg-agent with “–daemon /etc/X11/xinit/xinitrc”. Should my invocation in ~/.profile use that option too? I’m not really clear on the purpose of calling it with that environment. (Well, I understand the idea of daemonizing it; I just don’t understand why /etc/X11/xinit/xinitrc should be passed.)
But first check if “$GPG_AGENT_INFO” is defined.
Maybe something like:
if "$GPG_AGENT_INFO" = "" ] ; then
eval $(gpg-agent --daemon)
You most certainly do not want the “xinitrc” there when starting from shell startup file.
As to why that is there – the idea is to run gpg-agent as a daemon, and have that daemon startup X11 as a subprocess. That way, when X11 ends, the gpg-agent daemon will automatically shutdown. But you can’t do it that way from your shell profile, because X11 is being started elsewhere.
The file in question is a pipe with a very old timestamp—I think it was carried over from my old openSUSE 11.4 installation, which probably invoked gpg-agent in a different way. I’ll try moving the pipe out of the way and see if that helps.
I tried moving the pipe out of the way. I’m able to log in on the console now, and gpg-agent seems to get started correctly. But I can’t log into Plasma. As soon as I type my username and password and hit enter, the screen blanks for a moment and then returns me to the login prompt.