Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 562784 - app-crypt/gnupg - provide systemd user service file for gpg-agent
Summary: app-crypt/gnupg - provide systemd user service file for gpg-agent
Status: RESOLVED OBSOLETE
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Mikle Kolyada (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: install-systemd-unit
  Show dependency tree
 
Reported: 2015-10-11 02:24 UTC by Reuben Martin
Modified: 2020-09-07 18:59 UTC (History)
6 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Reuben Martin 2015-10-11 02:24:54 UTC
/usr/lib/systemd/user/gpg-agent.service

(for >=app-crypt/gnupg-2.1.0)

[Unit]
Description=GPG Agent Service
IgnoreOnIsolate=true
Before=default.target

[Service]                                                                       
Type=forking
ExecStart=/usr/bin/gpg-agent --daemon

[Install]
WantedBy=default.target


Reproducible: Always
Comment 1 Pacho Ramos gentoo-dev 2015-10-13 20:17:37 UTC
Is it needed to run it in "--daemon" mode (and hence "Type=forking") or could it be run in foreground?
Comment 2 Reuben Martin 2015-10-13 20:30:18 UTC
No doubt that it could run either way as far as service management is concerned, but I'm not sure if gpg-agent itself might behave differently when not in daemon mode. It might be more chatty when not in daemon mode, but as long as it doesn't expect something from STDIN it probably doesn't matter.
Comment 3 Mike Gilbert gentoo-dev 2015-10-13 20:43:05 UTC
I prefer to have --daemon and forking mode since it allows systemd to detect startup failures.
Comment 4 Mike Gilbert gentoo-dev 2015-10-13 20:45:17 UTC
> IgnoreOnIsolate=true

Why do you have this?

> Before=default.target

This also seems unnecessary.
Comment 5 Reuben Martin 2015-10-13 21:14:32 UTC
This is entirely a copy paste from https://github.com/alezost/systemd-user-units/blob/master/gpg-agent.service I figured that would be a good starting point.

Those directives don't make much sense to me either, but I assumed there was reasoning of some sort behind it.

I'm not familiar enough with the internals of gpg to determine why those options are, or at one time were needed.
Comment 6 Reuben Martin 2015-10-13 21:24:04 UTC
And just to be clear, that service file with the same directives is found in Arch, Ubuntu, and several other git repos. But nothing with a git commit log that actually explains why those directives are needed.
Comment 7 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-10-14 07:18:33 UTC
This seems related and possibly a duplicate of bug 562782
Comment 8 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-10-14 08:03:52 UTC
(In reply to Kristian Fiskerstrand from comment #7)
> This seems related and possibly a duplicate of bug 562782

As pointed out in bug 562782, gnupg 2.1 auto-launch gpg-agent and other daemons as needed. The only place this would need to be explicitly launched is to enable ssh support, and the supported upstream way of launching it is gpgconf --launch gpg-agent
Comment 9 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-10-14 08:21:45 UTC
(In reply to Kristian Fiskerstrand from comment #8)
> (In reply to Kristian Fiskerstrand from comment #7)
> > This seems related and possibly a duplicate of bug 562782
> 
> As pointed out in bug 562782, gnupg 2.1 auto-launch gpg-agent and other
> daemons as needed. The only place this would need to be explicitly launched
> is to enable ssh support, and the supported upstream way of launching it is
> gpgconf --launch gpg-agent

... and just so that it is explicitly clear; this is to be done in the context of a user, not as a system service
Comment 10 Reuben Martin 2015-10-14 11:41:13 UTC
(In reply to Kristian Fiskerstrand from comment #8)
> (In reply to Kristian Fiskerstrand from comment #7)
> > This seems related and possibly a duplicate of bug 562782
> 
> As pointed out in bug 562782, gnupg 2.1 auto-launch gpg-agent and other
> daemons as needed. The only place this would need to be explicitly launched
> is to enable ssh support, and the supported upstream way of launching it is
> gpgconf --launch gpg-agent

The only reason I'm using this is for clients that were designed before 2.1 came out. In my case for kgpg and kleopatra on KDE desktops. It may be that setting GPG_AGENT_INFO is enough as long as there is something listening to the socket. (#562782). But I'm not certain if there is something always on the other end of the socket.

> ... and just so that it is explicitly clear; this is to be done in the
> context of a user, not as a system service

This is a session service, not a system service
Comment 11 John Harlan 2016-01-08 06:36:29 UTC
Gave this a shot on the latest Gentoo LiveDVD image running in a VM.
I wasn't able to gain access to the yubikey with pcsc_tools, but I don't believe that is relevant to gnupg continuing to provide the same output. The scdaemon would access it (and fail), but gnupg can't access the scdaemon.

https://bpaste.net/show/1709d6c87ff0
Comment 12 John Harlan 2016-01-08 06:37:02 UTC
Please ignore my comment, wrong bug. Sorry.
Comment 13 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2016-01-08 07:24:23 UTC
I wonder if we can make it work with ssh agent support enabled in gpg.
Comment 14 Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-06-29 16:13:17 UTC
(In reply to Michał Górny from comment #13)
> I wonder if we can make it work with ssh agent support enabled in gpg.

You might get some hints from bug 547544 comment 4
Comment 15 Mike Gilbert gentoo-dev 2020-09-07 18:59:07 UTC
Current versions of gnupg ship with systemd units provided by upstream.