Good, here comes the report I was waiting for. Sorry for using this way of
testing but it is easier to add a fix if tehre is a real problem.

The idea is to fix this mainly in libassuan. If the socket is a real file
libassuan will check for a keyword in the file and use the socket name given
there for access. I already expected that some variabales need to be
substituted like

Socket: /tmp/${USER}/S.gpg-agent

Any suggestions on what variables you need USER, HOME, HOSTNAME ?

Nice - i was surprised this wasn't accounted for, so i'm not surprised you
expected it to come up. :)

No worries, i've reverted back to 2.0.x for now and will wait to see how this
goes. A solution using variables like you suggest would be perfect.

For my case, to replicate my previous setup (but without a lot of fussing with
environment variables, which will be nice!) all i really need is HOSTNAME. I
suspect USER and HOME would also be useful in some situations! Perhaps also UID?

Off the top of my head i can't really think of much else that would be useful
but perhaps the XDG_* variables (with appropriate defaults) might qualify?
http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html

I actually just re-tooled my setup to use $XDG_CACHE_HOME (with fallback to
~/.cache) but that's really over-engineering that i just figured i'd do to keep
from sticking more crap in $HOME.

So you're talking about creating a regular file S.gpg-agent in ~/.gnupg, and
using its contents to point to the actual socket?

That feels a little bit tricksy. I don't mind personally, but i wonder, would a
less surprising method be to introduce a configuration variable in
~/.gnupg/gpg-agent.conf, like:

socket-name /tmp/$USER/$HOSTNAME/S.gpg-agent

Does that make it too difficult to implement at the libassuan level?

I beliive it is easier to encapsulate this all in libassuan. This way we do not
need anything on the client side. I have not yet looked on how to implement
that on the server and it may be easier to add an option there.

If you use the latest Libassuan and GnuPG from GIT you should get what you want.
For example:

rm ~/.gnupg/S.gpg-agent || true
printf '%%Assuan%%\nsocket=${HOME}/.gnupg/S.gpg-agent-${HOSTNAME}\n' \

      > ~/.gnupg/S.gpg-agent

Creates a redirection file which uses HOME and the HOSTNAME. If you start
gpg-agent with --verbose you get a noticed about what has been redirected.

Needs to be implemented for scdaemon and dirmngr as well - but that needs to
wait until Monday.

Looks like a good solution. I got the git versions compiled and gave it
a whirl. I noticed a couple of things:

I tried the exact contents of S.gpg-agent you gave below, but libassuan
is creating the file as $HOME/.gnupg/S.gpg-agent-

In other words the ${HOSTNAME} is blank, which obviously won't work out
very well. :) Presumably a bug. I checked my setup:

echo $HOSTNAME

mymble

hostname

mymble

So the hostname does appear to be set correctly. I'm not quite sure how
i can start it with --verbose to see if it helps show what's happening;
if i try that, with or without a server running it just gives me the
server status.

Second, with --enable-ssh-agent, i noticed that the ssh-agent socket is
still created as ~/.gnupg/S.gpg-agent.ssh. Will this same method be
able to specify a per-host ssh-agent?

In general, though, this looks like it's on the right track! Let me
know if i can do any more testing to help.

Looks like a good solution. I got the git versions compiled and gave it
a whirl. I noticed a couple of things:

I tried the exact contents of S.gpg-agent you gave below, but libassuan
is creating the file as $HOME/.gnupg/S.gpg-agent-

In other words the ${HOSTNAME} is blank, which obviously won't work out
very well. :) Presumably a bug. I checked my setup:

echo $HOSTNAME

mymble

hostname

mymble

So the hostname does appear to be set correctly. I'm not quite sure how
i can start it with --verbose to see if it helps show what's happening;
if i try that, with or without a server running it just gives me the
server status.

Second, with --enable-ssh-agent, i noticed that the ssh-agent socket is
still created as ~/.gnupg/S.gpg-agent.ssh. Will this same method be
able to specify a per-host ssh-agent?

In general, though, this looks like it's on the right track! Let me
know if i can do any more testing to help.

-damon

On 28 Nov, Werner Koch via BTS wrote:

Werner Koch <wk@gnupg.org> added the comment:

If you use the latest Libassuan and GnuPG from GIT you should get what you
want.
For example:

rm ~/.gnupg/S.gpg-agent || true
printf '%%Assuan%%\nsocket=${HOME}/.gnupg/S.gpg-agent-${HOSTNAME}\n' \

> ~/.gnupg/S.gpg-agent

Creates a redirection file which uses HOME and the HOSTNAME. If you start
gpg-agent with --verbose you get a noticed about what has been redirected.

Needs to be implemented for scdaemon and dirmngr as well - but that needs to
wait until Monday.

---

status: chatting -> in-progress

---

g10 Code's BTS <gnupg@bugs.g10code.com>
<T1752>

---

On my system HOSTNAME is not an exported envvar. Thus

export HOSTNAME

should do what you want. ssh support and the new --extra-socket all use the
same code for creating the socket, thus this hould work. I have not tested it
but I am pretty sure. A problem might be that the printed SSH_AUTH_SOCK is not
set to the real socket name - I have not checked this.

Hi again -

Exporting HOSTNAME worked, thanks.

I'm still not seeing a per-host ssh agent socket, though. Maybe i'm missing
something, but here's exactly what i'm doing:

Set contents of ~/.gnupg/S.gpg-agent to:
%Assuan%
socket=${HOME}/.gnupg/S.gpg-agent-${HOSTNAME}

(newlines after each of the two lines)

~/.gnupg/gpg-agent.conf contents:
enable-ssh-support
default-cache-ttl 7200
max-cache-ttl 14400
default-cache-ttl-ssh 7200
max-cache-ttl-ssh 14400
no-grab

gpg-connect-agent --verbose /bye

gpg-connect-agent: no running gpg-agent - starting '/usr/bin/gpg-agent'
gpg-connect-agent: waiting for the agent to come up ... (5s)
gpg-connect-agent: connection to agent established
gpg-connect-agent: closing connection to agent

Now i have gpg-agent running, and gpg works as expected.

In ~/.gnupg i see the following sockets:
S.gpg-agent-mymble
S.gpg-agent.ssh

Is the ssh agent socket supposed to be the same filename with .ssh appended, or
is there another line i should be adding to the S.gpg-agent redirect file?

Thanks!

You need to create a redirection file for ssh too:

Set contents of ~/.gnupg/S.gpg-agent.ssh to:
%Assuan%
socket=${HOME}/.gnupg/S.gpg-agent.ssh-${HOSTNAME}

BTW, I just commtied the missing chnages to dirmngr and scdaemon.

For easier debugging you set a log file for gpg-agent or even better set that
log file to a socket in gpg-agent.conf
log-file socket:////home/foo/.gnupg/S.log
and the run
watchgnupg --time-only --force /home/foo/.gnupg/S.log
in another xterm.

That is... just far too obvious for words. *facepalm*

Okay, this works nicely for my needs. Wrapper scripts can turn it into a
site-wide policy.

2.1.1 has been released.