[arch-general] gnupg, dirmngr and sockets
arnaud gaboury
arnaud.gaboury at gmail.com
Fri Dec 18 18:36:43 UTC 2015
On Fri, Dec 18, 2015 at 6:57 PM, arnaud gaboury
<arnaud.gaboury at gmail.com> wrote:
> As I was building an AUR package[0], I had an issue with validating
> the key. I run:
> $ gpg --rec-keys PkgKey
>
> only to get an error about dirmngr not being able to connect to
> ~/.config/gnupg/S.dirmngr
>
> $GNUPGHOME is set in my env.
>
> After hours of reading similar issues, but usually running such
> command as root, I couldn't find any clear answer.
>
> I tried to understand how dirmngr worked, the sockets, and the whole process.
> I got the answer running on one shell
> $ dirmngr --debug-level expert --server
> and the above command in another one.
>
> The culprit was in fact my gnupd home dire files set as mod 600.
> Settings the files as 700 solved the issue.
>
> Now I am wondering a few things:
> - man dirmngr says running in daemon mode is depreciated. But grepping
> the process, I see:
> 289:root 27509 1 0 09:12 ? 00:00:01 dirmngr --daemon
> --homedir /etc/pacman.d/gnupg
>
> What starts this daemon (a previous gpg command ran as root?)? How to
> change the way it is run from daemon to server mode?
> - the sockets directory (root one in /root/.gnupg/ and user one in
> ~./config/gnupg/) do not seem to me the best place. Something under
> /run would be more appropriate. I can not find any doc on how to set
> the socket in another place.
>
> Same can be said for socket S.pgp-agent. In fact, for root, this
> socket is in two places: /etc/pacman.d/gnupg and /root/.gnupg.
>
> I am not sure having /root/.gnupg is a good option.
>
>
> Is there any way to change all these behaviors via any config files ?
> If no, I am thinking of writing systemd service + socket files.
EDIT : why is the system gnupg directory under /etc/pacman.d ?
Wouldn't it be better to have /etc/gnupg ?
>
> Thank you for any tips and thoughts.
>
>
> [0]https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=lib32-nettle4
> --
>
> google.com/+arnaudgabourygabx
--
google.com/+arnaudgabourygabx
More information about the arch-general
mailing list