[MacPorts] #43584: gpg-agent: enable launchd integration (including LaunchAgent file)

MacPorts noreply at macports.org
Mon Jul 7 18:14:25 PDT 2014 

#43584: gpg-agent: enable launchd integration (including LaunchAgent file)
------------------------+--------------------------------
  Reporter:  ionic@…    |      Owner:  macports-tickets@…
      Type:  defect     |     Status:  new
  Priority:  Normal     |  Milestone:
 Component:  ports      |    Version:
Resolution:             |   Keywords:  haspatch
      Port:  gpg-agent  |
------------------------+--------------------------------

Comment (by ionic@…):

 Updated patchset.

 I have disabled the creation of a UNIX socket in the user's home directory
 and worked around the fact that one cannot control what the environment
 variable set via `SecureSocketWithKey` in the `launchd plist` is actually
 set to (as mentioned, dropping the PID and protocol version information.)

 This is working for me, but there's a catch:
 [[BR]]If users have programs starting up right after login, those programs
 won't inherit the correct environment variable. In order to solve this,
 one has to restart the application(s) in question.

 I admit that this is very uncomfortable.

 However, this solution also has a good side:
 [[BR]]The SSH agent option is fail-safe. As `gpg-agent` is started after
 `launchd` initialized all sockets (and environment variables it sets),
 `SSH_AUTH_SOCK` will always be populated with some value, if another
 `LaunchAgent` is providing SSH agent support (like for instance Apple's or
 MacPorts's `ssh-agent`.) `gpg-agent` can query that and gracefully disable
 SSH agent support, to not collide with the other daemon.

 This said, I guess that nobody is using SSH agent support in gpg-agent
 anyway.

 [[BR]][[BR]]
 There is another, more intrusive way to do stuff.

 I could restore the previous behavior (setting `GPG_AGENT_INFO` to "`/tmp
 /launch-xxxxxx/Listeners`" only) and patch the other GPG ports, so that
 they accept a "malformed" `GPG_AGENT_INFO` value with the PID and protocol
 version stripped.

 This may lead to a race condition when it comes to `SSH_AUTH_SOCK`. I
 don't know what happens when two Agents define that in their plist files.
 Probably one of them gets control over it, likely the first one to come.

 I will thus disable SSH agent support completely.

 [[BR]][[BR]]
 In general, I think that an always available `GPG_AGENT_INFO` environment
 variable without clumsy application restarts outweights the benefits of
 SSH agent support (and, really, nobody uses this. Apple even ships ssh-
 agent and it's turned on by default.)

-- 
Ticket URL: <https://trac.macports.org/ticket/43584#comment:5>
MacPorts <http://www.macports.org/>
Ports system for OS X

More information about the macports-tickets mailing list