[arch-general] gpg-agent, ssh keys, and systemd --user

Simon Gomizelj simongmzlj at gmail.com
Thu Apr 11 01:11:22 EDT 2013 

systemd --user runs in its own separate login/cgroup. I doubt
environmental variables set with `systemctl --user set-environment`
going to be available outside of that login/cgroup. I doubt they're
even made available to anything outside of future processes spawned by
systemctl.

So it'll all depend on how you're using user sessions. Anyhow...

Not quite the same thing and a bit of shameless self promotion, but
you could try envoy <https://github.com/vodik/envoy>

Create the following user sessions in ~/.config/systemd/user

envoy.socket:
    [Socket]
    ListenStream=@/vodik/envoy

    [Install]
    WantedBy=sockets.target

and envoy.service:
    [Unit]
    Description=Envoy agent monitor

    [Service]
    ExecStart=/usr/bin/envoyd -t gpg-agent
    StandardOutput=syslog
    StandardError=syslog

    [Install]
    WantedBy=vodik.target
    Also=envoy.socket

Enable the socket and then all you need to put is `source <(envoy -p)`
in your shell rc/profile. More details are available on github page.
Sorry about the poor state of the documentation if its confusing. Its
the last thing i need to work on now.

On Wed, Apr 10, 2013 at 9:21 AM, Robbie Smith <zoqaeski at gmail.com> wrote:
> How can I get gpg-agent to work with ssh keys? The following script that
> I’ve put in /etc/profile.d sets it up, but I’d like to move my user daemons
> (such as gpg-agent) over to systemd --user.
>
> $ cat gpg-agent.sh
> #!/bin/sh
>
> envfile="${HOME}/.gnupg/gpg-agent.env"
> if test -f "$envfile" && kill -0 $(grep GPG_AGENT_INFO "$envfile" | cut -d:
> -f 2) 2>/dev/null; then
>     eval "$(cat "$envfile")"
> else
>     eval "$(gpg-agent --daemon --enable-ssh-support --write-env-file
> "$envfile")"
> fi
> export GPG_AGENT_INFO
>
> I’ve written the following user service, and it should do the same thing,
> but it doesn’t seem to work:
>
> $ cat ~/.config/systemd/user/gpg-agent.service
> [Unit]
> Description=GnuPG private key agent
> Wants=environment.target
> Before=environment.target
> IgnoreOnIsolate=true
>
> [Service]
> Type=forking
> Environment=GPG_ENVFILE=%t/gpg-agent.info
> ExecStart=/usr/bin/gpg-agent --daemon --enable-ssh-support
> --use-standard-socket --write-env-file ${GPG_ENVFILE}
> ExecStartPost=/bin/sh -c "xargs systemctl --user set-environment <
> ${GPG_ENVFILE}"
> ExecStopPost=/bim/rm %t/gpg-agent.info
> Restart=on-abort
>
> [Install]
> WantedBy=default.target
>
> Both the script and the service file start gpg, create an environment file,
> and export the variables. But for some reason, gpg-agent doesn’t store keys
> or anything if run as a service. I don’t know why.
>
> Can anyone help?
>

More information about the arch-general mailing list