On Wednesday January 5 2005 19:13, Tom wrote:
> So I kind of wondered -- why is there no packaged solution to this?
> Debian boasts thousands of packages, why not gpg-agent, or something
> containing it?
The most precise thing I could find about it was, that the gnupg2 packages got
stuck in the ftp bureaucracy, possibly due to that *damn* freeze. The whole
thing is ridiculous (well, yes, I have other words for this, but I don't know
who to blame and it's *not* language I'd like to put on a public list...),
there are packages with dependencies on parts of that stuff in unstable, like
kleopatra or pinentry. OK, pinentry doesn't officially depend on gpg-agent,
but it's pretty darn useless without it.
If you want proper support, use this package source in sour sources.list:
deb http://smurf.noris.de/code/debian/ experimental smurf
Install the packages gnupg2 and gpgsm, that should get you proper gpg support
(and supposedly S/MIME with some fiddling) in KMail. One pitfall is that it
doesn't include a way to properly start gpg-agent. I'll attach my startup
script (which is different from the one in the gpg-agent docs) for use with a
session manager like kdm. You put it in /etc/X11/Xsession.d. This is what it
does:
- it'll keep the current client information in ~/.gpg-agent-info. Since there
is no proper shutdown mechanism for X sessions, it won't be deleted. The
script mainly handles disaster recovery.
- Each time a session is started, a new instance of gpg-agent is started. I
didn't want to rely on running agents. This is a potential leak, but it
should be easy to fix and I probably will look into reuse if I ever see a
reason for myself.
- It tries to kill a running instance from both the environment variable
GPG_AGENT_INFO and an existing info file. I got it to a point where it
shouldn't bomb except for some rare cases where PIDs and the random part of
the socket path match.
---*If you session doesn't start, disable the script.*---
If you aren't running an xsession but run from console, you can easily adapt a
few parts to run it from your .profile.
DISCLAIMER: The attached script works for me. However, there's no guarantee
that it won't crash your system, damage your data, steal your dog or run off
with your wife. You have been warned, everything you do from now on is ON
YOUR OWN RISK!
--
Got Backup?
Jabber: Shadowdancer at jabber.fsinf.de
GPG_AGENT_EXEC=/usr/bin/gpg-agent
GPG_AGENT_INFOFILE=${HOME}/.gpg-agent-info
# Except for going through the process table, there is not much we
# can do. Damn "developers". We'll try to kill the process.
# try the environment variable
if [ "x${GPG_AGENT_INFO}" != "x" ]; then
CUR_AGENT_PID=`echo ${GPG_AGENT_INFO} | sed -e 's/.*:\([0-9]\+\):.*/\1/'`
echo -n "Stopping gpg-agent with PID ${CUR_AGENT_PID}..."
kill -TERM ${CUR_AGENT_PID}
echo "done."
fi
# try the user file
if [ -f ${GPG_AGENT_INFOFILE} ]; then
# check if the socket given in the info string still exists
if [ -e `cat ${GPG_AGENT_INFOFILE} | sed -e 's/\([^:]\+\):[0-9]\+:[0-9]\+/\1/'` ]; then
# it exists, so terminate the process
kill -TERM `cat ${GPG_AGENT_INFOFILE} | sed -e 's/.*:\([0-9]\+\):.*/\1/'`
fi
rm ${GPG_AGENT_INFOFILE}
fi
if [ -x $GPG_AGENT_EXEC ]; then
# start the agent
echo "Starting gpg-agent: ${GPG_AGENT_EXEC}"
eval $(${GPG_AGENT_EXEC} --daemon)
echo "Got agent info: ${GPG_AGENT_INFO}"
echo ${GPG_AGENT_INFO} > $GPG_AGENT_INFOFILE
fi
Attachment:
pgpwSvGYuv6Ah.pgp
Description: PGP signature