[MacPorts] #43584: gpg-agent: enable launchd integration (including LaunchAgent file)
#43584: gpg-agent: enable launchd integration (including LaunchAgent file) ----------------------+-------------------------------- Reporter: ionic@… | Owner: macports-tickets@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: Keywords: haspatch | Port: gpg-agent ----------------------+-------------------------------- Until now, users in need of gpg-agent either had to install the bloated GPGTools script or write hacks to start gpg-agent (which only worked after restarting the terminal.) To clean up this mess, I incorporated a patch for making gpg-agent launchd-compatible and set up a StartupItem MP users can load with launchctl load -w to automatically spawn gpg-agent after login. The Portfile is currently establishing and deleting links and files in post-activate and post-deactivate. This sounds like the most logical way, as the uninstall phase will not be run during upgrades, but we still want to clean old StartupItems and links. Likewise, using the install phase for setting files and links in place would be possible, but this won't allow switching between installed versions easily. -- Ticket URL: <https://trac.macports.org/ticket/43584> MacPorts <http://www.macports.org/> Ports system for OS X
#43584: gpg-agent: enable launchd integration (including LaunchAgent file) ------------------------+-------------------------------- Reporter: ionic@… | Owner: macports-tickets@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: Resolution: | Keywords: haspatch Port: gpg-agent | ------------------------+-------------------------------- Comment (by borys@…): This patch is working well for me on 10.6.8. gpg complains about a malformed GPG_AGENT_INFO because launchd is masking gpg's control socket in $HOME/.gnupg/S.gpg-agent with its own in /tmp /launch-XXXXXX/Listeners as configured by the gpg-agent.plist, dropping the pid & protocol version from GPG_AGENT_INFO. gpg is still able to connect to the agent, though, so it's just a warning. Thanks! -- Ticket URL: <https://trac.macports.org/ticket/43584#comment:1> MacPorts <http://www.macports.org/> Ports system for OS X
#43584: gpg-agent: enable launchd integration (including LaunchAgent file) ------------------------+-------------------------------- Reporter: ionic@… | Owner: macports-tickets@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: Resolution: | Keywords: haspatch Port: gpg-agent | ------------------------+-------------------------------- Comment (by ionic@…): Oh, do you have an example for me so that I can reproduce this? GPG indeed shouldn't be searching `$HOME/.gnupg/S.gpg-agent` anymore. Actually, `GPG_AGENT_INFO` should also be available session-wide with the correct information. {{{ ionic@nopileos~% echo $GPG_AGENT_INFO /tmp/launch-KvsnGf/Listeners }}} -- Ticket URL: <https://trac.macports.org/ticket/43584#comment:2> MacPorts <http://www.macports.org/> Ports system for OS X
#43584: gpg-agent: enable launchd integration (including LaunchAgent file) ------------------------+-------------------------------- Reporter: ionic@… | Owner: macports-tickets@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: Resolution: | Keywords: haspatch Port: gpg-agent | ------------------------+-------------------------------- Comment (by ionic@…): That's actually a bug. Thanks for catching that. -- Ticket URL: <https://trac.macports.org/ticket/43584#comment:3> MacPorts <http://www.macports.org/> Ports system for OS X
#43584: gpg-agent: enable launchd integration (including LaunchAgent file) ------------------------+-------------------------------- Reporter: ionic@… | Owner: macports-tickets@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: Resolution: | Keywords: haspatch Port: gpg-agent | ------------------------+-------------------------------- Comment (by ionic@…): Updated patchset. I have disabled the creation of a UNIX socket in the user's home directory and worked around the fact that one cannot control what the environment variable set via `SecureSocketWithKey` in the `launchd plist` is actually set to (as mentioned, dropping the PID and protocol version information.) This is working for me, but there's a catch: [[BR]]If users have programs starting up right after login, those programs won't inherit the correct environment variable. In order to solve this, one has to restart the application(s) in question. I admit that this is very uncomfortable. However, this solution also has a good side: [[BR]]The SSH agent option is fail-safe. As `gpg-agent` is started after `launchd` initialized all sockets (and environment variables it sets), `SSH_AUTH_SOCK` will always be populated with some value, if another `LaunchAgent` is providing SSH agent support (like for instance Apple's or MacPorts's `ssh-agent`.) `gpg-agent` can query that and gracefully disable SSH agent support, to not collide with the other daemon. This said, I guess that nobody is using SSH agent support in gpg-agent anyway. [[BR]][[BR]] There is another, more intrusive way to do stuff. I could restore the previous behavior (setting `GPG_AGENT_INFO` to "`/tmp /launch-xxxxxx/Listeners`" only) and patch the other GPG ports, so that they accept a "malformed" `GPG_AGENT_INFO` value with the PID and protocol version stripped. This may lead to a race condition when it comes to `SSH_AUTH_SOCK`. I don't know what happens when two Agents define that in their plist files. Probably one of them gets control over it, likely the first one to come. I will thus disable SSH agent support completely. [[BR]][[BR]] In general, I think that an always available `GPG_AGENT_INFO` environment variable without clumsy application restarts outweights the benefits of SSH agent support (and, really, nobody uses this. Apple even ships ssh- agent and it's turned on by default.) -- Ticket URL: <https://trac.macports.org/ticket/43584#comment:5> MacPorts <http://www.macports.org/> Ports system for OS X
#43584: gpg-agent: enable launchd integration (including LaunchAgent file) ------------------------+-------------------------------- Reporter: ionic@… | Owner: macports-tickets@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: Resolution: | Keywords: haspatch Port: gpg-agent | ------------------------+-------------------------------- Comment (by ionic@…): This is working fine for me. Please test it, especially Borys. You will have to install the (patched) new versions of gpg-agent and either gnupg or gnupg2, or both, depending on what version you use. -- Ticket URL: <https://trac.macports.org/ticket/43584#comment:6> MacPorts <http://www.macports.org/> Ports system for OS X
#43584: gpg-agent: enable launchd integration (including LaunchAgent file) ------------------------+-------------------------------- Reporter: ionic@… | Owner: macports-tickets@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: Resolution: | Keywords: haspatch Port: gpg-agent | ------------------------+-------------------------------- Comment (by ionic@…): Updated patchset against the current MacPorts tree. -- Ticket URL: <https://trac.macports.org/ticket/43584#comment:7> MacPorts <http://www.macports.org/> Ports system for OS X
#43584: gpg-agent: enable launchd integration (including LaunchAgent file) ------------------------+-------------------------------- Reporter: ionic@… | Owner: macports-tickets@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: Resolution: | Keywords: haspatch Port: gpg-agent | ------------------------+-------------------------------- Comment (by ionic@…): Accidentally created a new attachment, please ignore the .2.patch file. Updated patchset against the current `gnupg1` and `gnupg2` versions. -- Ticket URL: <https://trac.macports.org/ticket/43584#comment:8> MacPorts <http://www.macports.org/> Ports system for OS X
participants (1)
-
MacPorts