[arch-general] gnupg, dirmngr and sockets
As I was building an AUR package[0], I had an issue with validating the key. I run: $ gpg --rec-keys PkgKey only to get an error about dirmngr not being able to connect to ~/.config/gnupg/S.dirmngr $GNUPGHOME is set in my env. After hours of reading similar issues, but usually running such command as root, I couldn't find any clear answer. I tried to understand how dirmngr worked, the sockets, and the whole process. I got the answer running on one shell $ dirmngr --debug-level expert --server and the above command in another one. The culprit was in fact my gnupd home dire files set as mod 600. Settings the files as 700 solved the issue. Now I am wondering a few things: - man dirmngr says running in daemon mode is depreciated. But grepping the process, I see: 289:root 27509 1 0 09:12 ? 00:00:01 dirmngr --daemon --homedir /etc/pacman.d/gnupg What starts this daemon (a previous gpg command ran as root?)? How to change the way it is run from daemon to server mode? - the sockets directory (root one in /root/.gnupg/ and user one in ~./config/gnupg/) do not seem to me the best place. Something under /run would be more appropriate. I can not find any doc on how to set the socket in another place. Same can be said for socket S.pgp-agent. In fact, for root, this socket is in two places: /etc/pacman.d/gnupg and /root/.gnupg. I am not sure having /root/.gnupg is a good option. Is there any way to change all these behaviors via any config files ? If no, I am thinking of writing systemd service + socket files. Thank you for any tips and thoughts. [0]https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=lib32-nettle4 -- google.com/+arnaudgabourygabx
On Fri, Dec 18, 2015 at 6:57 PM, arnaud gaboury <arnaud.gaboury@gmail.com> wrote:
As I was building an AUR package[0], I had an issue with validating the key. I run: $ gpg --rec-keys PkgKey
only to get an error about dirmngr not being able to connect to ~/.config/gnupg/S.dirmngr
$GNUPGHOME is set in my env.
After hours of reading similar issues, but usually running such command as root, I couldn't find any clear answer.
I tried to understand how dirmngr worked, the sockets, and the whole process. I got the answer running on one shell $ dirmngr --debug-level expert --server and the above command in another one.
The culprit was in fact my gnupd home dire files set as mod 600. Settings the files as 700 solved the issue.
Now I am wondering a few things: - man dirmngr says running in daemon mode is depreciated. But grepping the process, I see: 289:root 27509 1 0 09:12 ? 00:00:01 dirmngr --daemon --homedir /etc/pacman.d/gnupg
What starts this daemon (a previous gpg command ran as root?)? How to change the way it is run from daemon to server mode? - the sockets directory (root one in /root/.gnupg/ and user one in ~./config/gnupg/) do not seem to me the best place. Something under /run would be more appropriate. I can not find any doc on how to set the socket in another place.
Same can be said for socket S.pgp-agent. In fact, for root, this socket is in two places: /etc/pacman.d/gnupg and /root/.gnupg.
I am not sure having /root/.gnupg is a good option.
Is there any way to change all these behaviors via any config files ? If no, I am thinking of writing systemd service + socket files.
EDIT : why is the system gnupg directory under /etc/pacman.d ? Wouldn't it be better to have /etc/gnupg ?
Thank you for any tips and thoughts.
[0]https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=lib32-nettle4 --
google.com/+arnaudgabourygabx
-- google.com/+arnaudgabourygabx
EDIT : why is the system gnupg directory under /etc/pacman.d ? Wouldn't it be better to have /etc/gnupg ?
There is no _system gnupg directory_. pacman uses its own instance for package verification and usually there's no need to ever fiddle with that (and in that case, use 'pacman-key'). I also never had a /root/.gnupg, no idea what you did there. Most problems with keyserver operations are due to the fact that Arch upgraded from GnuPG 2.0 to 2.1 at some point and many people (me included) never got the memo about dirmngr.conf. --byte
On Fri, Dec 18, 2015 at 8:12 PM Jens Adam <jra@byte.cx> wrote:
EDIT : why is the system gnupg directory under /etc/pacman.d ? Wouldn't it be better to have /etc/gnupg ?
There is no _system gnupg directory_. pacman uses its own instance for package verification and usually there's no need to ever fiddle with that (and in that case, use 'pacman-key').
I also never had a /root/.gnupg, no idea what you did there.
Maybe during my today tests (dir dated as today). Removed it. As for the sockets, I do not see anyway to move them elsewhere.
Most problems with keyserver operations are due to the fact that Arch upgraded from GnuPG 2.0 to 2.1 at some point and many people (me included) never got the memo about dirmngr.conf.
--byte
participants (2)
-
arnaud gaboury
-
Jens Adam