[arch-general] gpg-agent, ssh keys, and systemd --user

[Robbie Smith]

On 15/04/13 19:00, Damien Robert wrote:
> Robbie Smith  wrote in message <5165674E.4080001 at gmail.com>:
>> I’ve written the following user service, and it should do the same
>> thing, but it doesn’t seem to work:
>>
>> $ cat ~/.config/systemd/user/gpg-agent.service
>> [Unit]
>> Description=GnuPG private key agent
>> Wants=environment.target
>> Before=environment.target
>> IgnoreOnIsolate=true
>
> So your question has been answered, but in case anyone is interested I run
> a setup pretty similar to yours, except that I also launch a user service
> for ssh-agent (because gpg-agent does not yet know how to handle ECDSA ssh keys
> :-()
>
> $ cat gpg-agent.service
> [Unit]
> Description=gpg-agent
> ConditionFileIsExecutable=/usr/bin/gpg-agent
>
> [Service]
> ExecStart=/usr/bin/gpg-agent --daemon --use-standard-socket
> Type=forking
> Restart=always
>
> [Install]
> WantedBy=basic.target
>
> $ cat ssh-agent.service
> [Unit]
> Description=ssh-agent
> ConditionFileIsExecutable=/usr/bin/ssh-agent
>
> [Service]
> ExecStart=/usr/bin/ssh-agent -d -a %t/ssh_auth_sock
> Restart=always
>
> [Install]
> WantedBy=basic.target
>
> So after ssh-agent is launched, it is just a matter of exporting the right
> environment variable:
>      [ -z "$SSH_AUTH_SOCK" ] && export SSH_AUTH_SOCK="${XDG_RUNTIME_DIR:-/run/user/${UID:-$(id -u)}}/ssh_auth_sock"
>
> As for gpg-agent, you can't tell him where to put his socket, but at least
> using "--use-standard-socket" he will use a socket in a standard place.
> You then just need to tell gpg to look for an agent listening to this socket:
>
> $ cat ~/.gnupg/gpg.conf
> [...]
> use-agent
> $ cat ~/.gnupg/gpg-agent.conf
> use-standard-socket
>
The issue I’m getting is that these unit files (or my variants thereof) 
do not work for me. The agents are starting, and the environment 
variables exist, but none of my programs (ssh-add, git, etc) can access 
them, so I continuously get asked the passphrase for the private keys.