That is... just far too obvious for words. *facepalm*

Okay, this works nicely for my needs. Wrapper scripts can turn it into a
site-wide policy.

Hi again -

Exporting HOSTNAME worked, thanks.

I'm still not seeing a per-host ssh agent socket, though. Maybe i'm missing
something, but here's exactly what i'm doing:

Set contents of ~/.gnupg/S.gpg-agent to:
%Assuan%
socket=${HOME}/.gnupg/S.gpg-agent-${HOSTNAME}

(newlines after each of the two lines)

~/.gnupg/gpg-agent.conf contents:
enable-ssh-support
default-cache-ttl 7200
max-cache-ttl 14400
default-cache-ttl-ssh 7200
max-cache-ttl-ssh 14400
no-grab

gpg-connect-agent --verbose /bye

gpg-connect-agent: no running gpg-agent - starting '/usr/bin/gpg-agent'
gpg-connect-agent: waiting for the agent to come up ... (5s)
gpg-connect-agent: connection to agent established
gpg-connect-agent: closing connection to agent

Now i have gpg-agent running, and gpg works as expected.

In ~/.gnupg i see the following sockets:
S.gpg-agent-mymble
S.gpg-agent.ssh

Is the ssh agent socket supposed to be the same filename with .ssh appended, or
is there another line i should be adding to the S.gpg-agent redirect file?

Thanks!

Looks like a good solution. I got the git versions compiled and gave it
a whirl. I noticed a couple of things:

Looks like a good solution. I got the git versions compiled and gave it
a whirl. I noticed a couple of things:

I tried the exact contents of S.gpg-agent you gave below, but libassuan
is creating the file as $HOME/.gnupg/S.gpg-agent-

In other words the ${HOSTNAME} is blank, which obviously won't work out
very well. :) Presumably a bug. I checked my setup:

echo $HOSTNAME

mymble

hostname

mymble

So the hostname does appear to be set correctly. I'm not quite sure how
i can start it with --verbose to see if it helps show what's happening;
if i try that, with or without a server running it just gives me the
server status.

Second, with --enable-ssh-agent, i noticed that the ssh-agent socket is
still created as ~/.gnupg/S.gpg-agent.ssh. Will this same method be
able to specify a per-host ssh-agent?

In general, though, this looks like it's on the right track! Let me
know if i can do any more testing to help.

Nice - i was surprised this wasn't accounted for, so i'm not surprised you
expected it to come up. :)

No worries, i've reverted back to 2.0.x for now and will wait to see how this
goes. A solution using variables like you suggest would be perfect.

For my case, to replicate my previous setup (but without a lot of fussing with
environment variables, which will be nice!) all i really need is HOSTNAME. I
suspect USER and HOME would also be useful in some situations! Perhaps also UID?

Off the top of my head i can't really think of much else that would be useful
but perhaps the XDG_* variables (with appropriate defaults) might qualify?
http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html

I actually just re-tooled my setup to use $XDG_CACHE_HOME (with fallback to
~/.cache) but that's really over-engineering that i just figured i'd do to keep
from sticking more crap in $HOME.

So you're talking about creating a regular file S.gpg-agent in ~/.gnupg, and
using its contents to point to the actual socket?

That feels a little bit tricksy. I don't mind personally, but i wonder, would a
less surprising method be to introduce a configuration variable in
~/.gnupg/gpg-agent.conf, like:

socket-name /tmp/$USER/$HOSTNAME/S.gpg-agent

Does that make it too difficult to implement at the libassuan level?