[arch-general] gpg-agent, ssh keys, and systemd --user

Simon Gomizelj simongmzlj at gmail.com
Thu Apr 11 01:11:22 EDT 2013

systemd --user runs in its own separate login/cgroup. I doubt
environmental variables set with `systemctl --user set-environment`
going to be available outside of that login/cgroup. I doubt they're
even made available to anything outside of future processes spawned by

So it'll all depend on how you're using user sessions. Anyhow...

Not quite the same thing and a bit of shameless self promotion, but
you could try envoy <https://github.com/vodik/envoy>

Create the following user sessions in ~/.config/systemd/user



and envoy.service:
    Description=Envoy agent monitor

    ExecStart=/usr/bin/envoyd -t gpg-agent


Enable the socket and then all you need to put is `source <(envoy -p)`
in your shell rc/profile. More details are available on github page.
Sorry about the poor state of the documentation if its confusing. Its
the last thing i need to work on now.

On Wed, Apr 10, 2013 at 9:21 AM, Robbie Smith <zoqaeski at gmail.com> wrote:
> How can I get gpg-agent to work with ssh keys? The following script that
> I’ve put in /etc/profile.d sets it up, but I’d like to move my user daemons
> (such as gpg-agent) over to systemd --user.
> $ cat gpg-agent.sh
> #!/bin/sh
> envfile="${HOME}/.gnupg/gpg-agent.env"
> if test -f "$envfile" && kill -0 $(grep GPG_AGENT_INFO "$envfile" | cut -d:
> -f 2) 2>/dev/null; then
>     eval "$(cat "$envfile")"
> else
>     eval "$(gpg-agent --daemon --enable-ssh-support --write-env-file
> "$envfile")"
> fi
> I’ve written the following user service, and it should do the same thing,
> but it doesn’t seem to work:
> $ cat ~/.config/systemd/user/gpg-agent.service
> [Unit]
> Description=GnuPG private key agent
> Wants=environment.target
> Before=environment.target
> IgnoreOnIsolate=true
> [Service]
> Type=forking
> Environment=GPG_ENVFILE=%t/gpg-agent.info
> ExecStart=/usr/bin/gpg-agent --daemon --enable-ssh-support
> --use-standard-socket --write-env-file ${GPG_ENVFILE}
> ExecStartPost=/bin/sh -c "xargs systemctl --user set-environment <
> ExecStopPost=/bim/rm %t/gpg-agent.info
> Restart=on-abort
> [Install]
> WantedBy=default.target
> Both the script and the service file start gpg, create an environment file,
> and export the variables. But for some reason, gpg-agent doesn’t store keys
> or anything if run as a service. I don’t know why.
> Can anyone help?

More information about the arch-general mailing list