Opened 4 years ago

Last modified 4 years ago

#155 accepted

Setup gpg-agent

Reported by: Scott Wales Owned by: Scott Wales
Priority: major Component: Accessdev Server
Keywords: Cc:

Description

GPG-agent can save encrypted passwords for subversion, rather than saving them as plaintext. Devise a way to automatically set up the agent for users, e.g. as a file in /etc/profile.d.

I'm currently using the following in my ~/.bash_profile:

export GPG_TTY=$(tty)
GPG_STATE_FILE=~/.gnupg/agent-state
mkdir -p $(dirname $GPG_STATE_FILE)

# Get the saved GPG-Agent PID from last session 
if [ -z "$GPG_AGENT_INFO" ]; then
    [ -f "$GPG_STATE_FILE" ] && source $GPG_STATE_FILE
fi
GPG_PID=$(echo "$GPG_AGENT_INFO" | sed 's/.*:\([0-9]*\):.*/\1/')

# Start GPG-Agent again if it's not still running
# By default passwords timeout after 2 hours so will need to be re-entered 
if ! pgrep -u "$USER" -s "${GPG_PID:-0}" gpg-agent > /dev/null; then
    gpg-agent --daemon --pinentry-program /usr/bin/pinentry-curses > $GPG_STATE_FILE
    source $GPG_STATE_FILE
fi

Needs to support csh as well

Change History (1)

comment:1 Changed 4 years ago by Scott Wales

Owner: set to Scott Wales
Status: newaccepted
Note: See TracTickets for help on using tickets.