Hi On Tue, Nov 01, 2016 at 11:49:39PM +0000, brian m. carlson wrote: > 1. Add a new mirror to /etc/apt/sources.list. Can you go into more detail what you do in this step please? Are you installing -keyring packages perhaps? > 2. Set "extra-socket ~/.gnupg/S.gpg-agent-extra" in your user's > ~/.gnupg/gpg-agent.conf > 3. As an unprivileged user in the sudo group, run "sudo -E apt-get update". > 4. Notice that there is now a root-owned gpg-agent running which has > inherited your user's homedir and configuration settings. > 5. Notice that your extra socket has been overwritten by root's gpg-agent. apt-key as called by apt doesn't use gnupg. The functionality apt is using from apt-key is gpgv only and that isn't spawning agents or whatever as there is no secret key material to protect. So, figuring out what is calling gpg would be good – or what is calling apt-key [which likely shouldn't be called it]. > apt needs to set HOME before invoking gnupg so that the spawned > gpg-agent does not inherit the user's (or root's) homedir. The mhhh. Even if apt-key is calling gpg, it invokes it with its own fresh GPGHOMEDIR it has created in TMPDIR. It shouldn't be even near HOME, neither of USER nor of root. I haven't a sudo setup here at the moment I could test this with. I guess I will try that later "today" (after having slept a bit), but perhaps you can shine some additional light on this while I cuddle with my pillow with those questions already… Best regards David Kalnischkies
Attachment:
signature.asc
Description: PGP signature