[arch-general] gnupg, dirmngr and sockets
arnaud gaboury
arnaud.gaboury at gmail.com
Fri Dec 18 17:57:55 UTC 2015
As I was building an AUR package[0], I had an issue with validating
the key. I run:
$ gpg --rec-keys PkgKey
only to get an error about dirmngr not being able to connect to
~/.config/gnupg/S.dirmngr
$GNUPGHOME is set in my env.
After hours of reading similar issues, but usually running such
command as root, I couldn't find any clear answer.
I tried to understand how dirmngr worked, the sockets, and the whole process.
I got the answer running on one shell
$ dirmngr --debug-level expert --server
and the above command in another one.
The culprit was in fact my gnupd home dire files set as mod 600.
Settings the files as 700 solved the issue.
Now I am wondering a few things:
- man dirmngr says running in daemon mode is depreciated. But grepping
the process, I see:
289:root 27509 1 0 09:12 ? 00:00:01 dirmngr --daemon
--homedir /etc/pacman.d/gnupg
What starts this daemon (a previous gpg command ran as root?)? How to
change the way it is run from daemon to server mode?
- the sockets directory (root one in /root/.gnupg/ and user one in
~./config/gnupg/) do not seem to me the best place. Something under
/run would be more appropriate. I can not find any doc on how to set
the socket in another place.
Same can be said for socket S.pgp-agent. In fact, for root, this
socket is in two places: /etc/pacman.d/gnupg and /root/.gnupg.
I am not sure having /root/.gnupg is a good option.
Is there any way to change all these behaviors via any config files ?
If no, I am thinking of writing systemd service + socket files.
Thank you for any tips and thoughts.
[0]https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=lib32-nettle4
--
google.com/+arnaudgabourygabx
More information about the arch-general
mailing list