For my GPG setup, I have switched from a .bashrc model to a purely systemd-user-session+pam setup, following the instructions in https://wiki.archlinux.org/index.php/GnuPG#Set_SSH_AUTH_SOCK for setting up SSH_AUTH_SOCK. systemctl --user enable gpg-agent-ssh.socket makes the socket appear correctly at ${XDG_RUNTIME_DIR}/gnupg/S.gpg-agent.ssh, so the systemd part works fine. In order to set up the SSH_AUTH_SOCK variable, I rely on pam_env.so, which the archlinux wiki also recommends. The problem, echo $SSH_AUTH_SOCK shows "/gnupg/S.gpg-agent.ssh", which makes it clear that XDG_RUNTIME_DIR hasn't been defined yet. As shown by floppym, the problem is that session pam_env.so gets loaded *before* the session pam_systemd.so, and hence XDG_RUNTIME_DIR hasn't been defined when .pam_environment is parsed and activated. The solution is to move pam_env.so after pam_systemd.so. Reproducible: Always
Created attachment 617004 [details, diff] 0001-Run-pam_env.so-after-pam_systemd.so-for-better-socke.patch
ack
(In reply to David Seifert from comment #1) It looks like pam_elogind also sets XDG_RUNTIME_DIR, so it would be nice if pam_env is called after that. https://manpages.debian.org/unstable/libpam-elogind/pam_elogind.8.en.html#ENVIRONMENT
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/pambase.git/commit/?id=7eaf47da1d6cd18a8253c25213c34b16ae08e87f commit 7eaf47da1d6cd18a8253c25213c34b16ae08e87f Author: David Seifert <soap@gentoo.org> AuthorDate: 2020-03-04 17:32:01 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2020-03-04 17:32:01 +0000 Run pam_env.so after pam_systemd.so for better socket support * Running pam_systemd.so before setting user environment variables makes it possible for the user to use variables such as `XDG_RUNTIME_DIR` in their own definitions. Bug: https://bugs.gentoo.org/711450 Signed-off-by: David Seifert <soap@gentoo.org> system-auth.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Forgot to reference this bug while an ebuild was bumped.
