[arch-general] gpg-agent, ssh keys, and systemd --user
Damien Robert
damien.olivier.robert+gmane at gmail.com
Mon Apr 15 05:00:11 EDT 2013
Robbie Smith wrote in message <5165674E.4080001 at gmail.com>:
> I’ve written the following user service, and it should do the same
> thing, but it doesn’t seem to work:
>
> $ cat ~/.config/systemd/user/gpg-agent.service
> [Unit]
> Description=GnuPG private key agent
> Wants=environment.target
> Before=environment.target
> IgnoreOnIsolate=true
So your question has been answered, but in case anyone is interested I run
a setup pretty similar to yours, except that I also launch a user service
for ssh-agent (because gpg-agent does not yet know how to handle ECDSA ssh keys
:-()
$ cat gpg-agent.service
[Unit]
Description=gpg-agent
ConditionFileIsExecutable=/usr/bin/gpg-agent
[Service]
ExecStart=/usr/bin/gpg-agent --daemon --use-standard-socket
Type=forking
Restart=always
[Install]
WantedBy=basic.target
$ cat ssh-agent.service
[Unit]
Description=ssh-agent
ConditionFileIsExecutable=/usr/bin/ssh-agent
[Service]
ExecStart=/usr/bin/ssh-agent -d -a %t/ssh_auth_sock
Restart=always
[Install]
WantedBy=basic.target
So after ssh-agent is launched, it is just a matter of exporting the right
environment variable:
[ -z "$SSH_AUTH_SOCK" ] && export SSH_AUTH_SOCK="${XDG_RUNTIME_DIR:-/run/user/${UID:-$(id -u)}}/ssh_auth_sock"
As for gpg-agent, you can't tell him where to put his socket, but at least
using "--use-standard-socket" he will use a socket in a standard place.
You then just need to tell gpg to look for an agent listening to this socket:
$ cat ~/.gnupg/gpg.conf
[...]
use-agent
$ cat ~/.gnupg/gpg-agent.conf
use-standard-socket
More information about the arch-general
mailing list