Package: x11-common
Version: 1:7.6+8
Severity: important
File: /etc/X11/Xsession.d/90x11-common_ssh-agent
Affects: openssh-client gnupg-agent
Tags: patch
Hi there!
As the title suggests, if you install both openssh-client and
gnupg-agent and you enable the SSH support in the latter, ssh-agent is
anyway started by the Xsession script:
=====
$ ps aux | grep agent
luca 16399 0.0 0.0 12236 304 ? Ss 16:09 0:00 \
/usr/bin/ssh-agent \
/usr/bin/gpg-agent --daemon --sh --write-env-file=/home/luca/.gnupg/gpg-agent-info-gismo \
/usr/bin/ck-launch-session \
/usr/bin/dbus-launch --exit-with-session /home/luca/.xsession
luca 16400 0.0 0.0 18968 424 ? Ss 16:09 0:00 \
/usr/bin/gpg-agent --daemon --sh --write-env-file=/home/luca/.gnupg/gpg-agent-info-gismo \
/usr/bin/ck-launch-session \
/usr/bin/dbus-launch --exit-with-session /home/luca/.xsession
$ ls -l /tmp | grep -e gpg -e ssh
drwx------ 2 luca luca 60 Sep 18 16:09 gpg-0drpxf
drwx------ 2 luca luca 60 Sep 18 16:09 gpg-xSZr4Z
drwx------ 2 luca luca 60 Sep 18 16:09 ssh-GmzGjVQ16373
$ grep -s '^[[:space:]]*use-agent' ~/.gnupg/gpg.conf
use-agent
$ grep -s '^[[:space:]]*enable-ssh-support' ~/.gnupg/gpg-agent.conf
enable-ssh-support
$ export | grep -e GPG -e SSH
declare -x GPG_AGENT_INFO="/tmp/gpg-0drpxf/S.gpg-agent:16400:1"
declare -x SSH_AGENT_PID="16400"
declare -x SSH_AUTH_SOCK="/tmp/gpg-xSZr4Z/S.gpg-agent.ssh"
=====
Indeed the check for $SSH_AUTH_SOCK is not enough: this variable is not
set given that gpg-agent has not been started yet. Here is the patch:
--8<---------------cut here---------------start------------->8---
--- 90x11-common_ssh-agent.ORG
+++ 90x11-common_ssh-agent
@@ -9,10 +9,15 @@
if has_option use-ssh-agent; then
if [ -x "$SSHAGENT" ] && [ -z "$SSH_AUTH_SOCK" ] \
&& [ -z "$SSH2_AUTH_SOCK" ]; then
- STARTSSH=yes
- if [ -f /usr/bin/ssh-add1 ] && cmp -s $SSHAGENT /usr/bin/ssh-agent2; then
- # use ssh-agent2's ssh-agent1 compatibility mode
- SSHAGENTARGS=-1
+ # check if gpg-agent will be started with SSH support
+ : ${GNUPGHOME=$HOME/.gnupg}
+ if ! ( grep -qs '^[[:space:]]*use-agent' "$GNUPGHOME/gpg.conf" && \
+ grep -qs '^[[:space:]]*enable-ssh-support' "$GNUPGHOME/gpg-agent.conf" ); then
+ STARTSSH=yes
+ if [ -f /usr/bin/ssh-add1 ] && cmp -s $SSHAGENT /usr/bin/ssh-agent2; then
+ # use ssh-agent2's ssh-agent1 compatibility mode
+ SSHAGENTARGS=-1
+ fi
fi
fi
fi
--8<---------------cut here---------------end--------------->8---
Thx, bye,
Gismo / Luca
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (990, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-rc4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages x11-common depends on:
ii debconf [debconf-2.0] 1.5.41
ii lsb-base 3.2-28
x11-common recommends no packages.
x11-common suggests no packages.
-- debconf information:
x11-common/xwrapper/allowed_users: Console Users Only
x11-common/xwrapper/actual_allowed_users: console
Attachment:
pgpUdjOVKxOsC.pgp
Description: PGP signature