Remove support for the GPG_AGENT_INFO envvar.

* agent/agent.h (opt): Remove field use_standard_socket. * agent/command.c (cmd_killagent): Always allow killing. * agent/gpg-agent.c (main): Turn --{no,}use-standard-socket and --write-env-file into dummy options. Always return true for --use-standard-socket-p. Do not print the GPG_AGENT_INFO envvar setting or set that envvar. (create_socket_name): Simplify by removing non standard socket support. (check_for_running_agent): Ditto. * common/asshelp.c (start_new_gpg_agent): Remove GPG_AGENT_INFO use. * common/simple-pwquery.c (agent_open): Ditto. * configure.ac (GPG_AGENT_INFO_NAME): Remove. * g10/server.c (gpg_server): Do not print the AgentInfo comment. * g13/server.c (g13_server): Ditto. * sm/server.c (gpgsm_server): Ditto. * tools/gpgconf.c (main): Simplify by removing non standard socket support. -- The indented fix to allow using a different socket than the one in the gnupg home directory is to change Libassuan to check whether the socket files exists as a regualr file with a special keyword to redirect to another socket file name.
2025-07-02 22:46:30 +02:00 · 2014-10-03 11:58:58 +02:00 · 2014-10-03 11:58:58 +02:00 · 9c380384da
commit 9c380384da
parent 688a903b4b
15 changed files with 221 additions and 538 deletions
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@ -53,10 +53,10 @@ independently from any protocol.  It is used as a backend for
 utilities.

@ifset gpgtwoone
-The agent is usualy started on demand by @command{gpg}, @command{gpgsm},
-@command{gpgconf} or @command{gpg-connect-agent}.  Thus there is no
-reason to start it manually.  In case you want to use the included
-Secure Shell Agent you may start the agent using:
+The agent is automatically started on demand by @command{gpg},
+@command{gpgsm}, @command{gpgconf}, or @command{gpg-connect-agent}.
+Thus there is no reason to start it manually.  In case you want to use
+the included Secure Shell Agent you may start the agent using:

@example
 gpg-connect-agent /bye
@ -174,11 +174,15 @@ default mode is to create a socket and listen for commands there.
@item --daemon [@var{command line}]
@opindex daemon
 Start the gpg-agent as a daemon; that is, detach it from the console
-and run it in the background.  Because @command{gpg-agent} prints out
+and run it in the background.
+@ifclear gpgtwoone
+Because @command{gpg-agent} prints out
 important information required for further use, a common way of
 invoking gpg-agent is: @code{eval $(gpg-agent --daemon)} to setup the
 environment variables.  The option @option{--write-env-file} is
-another way commonly used to do this.  Yet another way is creating
+another way commonly used to do this.
+@end ifclear
+Yet another way is creating
 a new process as a child of gpg-agent: @code{gpg-agent --daemon
 /bin/sh}.  This way you get a new shell with the environment setup
 properly; if you exit from this shell, gpg-agent terminates as well.
@ -305,6 +309,7 @@ shell or the C-shell respectively.  The default is to guess it based on
 the environment variable @code{SHELL} which is correct in almost all
 cases.

+@ifclear gpgtwoone
@item --write-env-file @var{file}
@opindex write-env-file
 Often it is required to connect to the agent from a process not being an
@ -319,7 +324,7 @@ to be evaluated by a Bourne shell like in this simple example:
 eval $(cat @var{file})
 eval $(cut -d= -f 1 < @var{file} | xargs echo export)
@end example
-
+@end ifclear


@item --no-grab
@ -466,6 +471,11 @@ debugging purposes.
@itemx --no-use-standard-socket
@opindex use-standard-socket
@opindex no-use-standard-socket
+@ifset gpgtwoone
+Since GnuPG 2.1 the standard socket is always used.  These options
+have no more effect.
+@end ifset
+@ifclear gpgtwoone
 By enabling this option @command{gpg-agent} will listen on the socket
 named @file{S.gpg-agent}, located in the home directory, and not create
 a random socket below a temporary directory.  Tools connecting to
@ -474,19 +484,16 @@ environment variable @var{GPG_AGENT_INFO} and then fall back to this
 socket.  This option may not be used if the home directory is mounted on
 a remote file system which does not support special files like fifos or
 sockets.
-@ifset gpgtwoone
-Note, that @option{--use-standard-socket} is the default on all
-systems since GnuPG 2.1.
-@end ifset
-@ifclear gpgtwoone
+
 Note, that @option{--use-standard-socket} is the default on
 Windows systems.
-@end ifclear
+
 The default may be changed at build time.  It is
 possible to test at runtime whether the agent has been configured for
 use with the standard socket by issuing the command @command{gpg-agent
 --use-standard-socket-p} which returns success if the standard socket
 option has been enabled.
+@end ifclear

@item --display @var{string}
@itemx --ttyname @var{string}
@ -751,6 +758,30 @@ This signal is used for internal purposes.
@node Agent Examples
@section Examples

+@ifset gpgtwoone
+It is important to set the GPG_TTY environment variable in
+your login shell, for example in the @file{~/.bashrc} init script:
+
+@cartouche
+@example
+  export GPG_TTY=$(tty)
+@end example
+@end cartouche
+
+If you enabled the Ssh Agent Support, you also need to tell ssh about
+it by adding this to your init script:
+
+@cartouche
+@example
+unset SSH_AGENT_PID
+if [ "$@{gnupg_SSH_AUTH_SOCK_by:-0@}" -ne $$ ]; then
+  export SSH_AUTH_SOCK="$@{HOME@}/.gnupg/S.gpg-agent.ssh"
+fi
+@end example
+@end cartouche
+@end ifset
+
+@ifclear gpgtwoone
 The usual way to invoke @command{gpg-agent} is

@example
@ -786,6 +817,7 @@ and add something like (for Bourne shells)

@noindent
 to your shell initialization file (e.g. @file{~/.bashrc}).
+@end ifclear

@c
@c  Assuan Protocol
@ -797,15 +829,21 @@ to your shell initialization file (e.g. @file{~/.bashrc}).
 Note: this section does only document the protocol, which is used by
 GnuPG components; it does not deal with the ssh-agent protocol.

+@ifset gpgtwoone
+The @command{gpg-agent} daemon is started on demand by the GnuPG
+components.
+@end ifset
+@ifclear gpgtwoone
 The @command{gpg-agent} should be started by the login shell and set an
 environment variable to tell clients about the socket to be used.
 Clients should deny to access an agent with a socket name which does
 not match its own configuration.  An application may choose to start
-an instance of the gpgagent if it does not figure that any has been
-started; it should not do this if a gpgagent is running but not
+an instance of the gpg-agent if it does not figure that any has been
+started; it should not do this if a gpg-agent is running but not
 usable.  Because @command{gpg-agent} can only be used in background mode, no
 special command line option is required to activate the use of the
 protocol.
+@end ifclear

 To identify a key we use a thing called keygrip which is the SHA-1 hash
 of an canonical encoded S-Expression of the public key as used in
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@ -1701,9 +1701,12 @@ This is dummy option. It has no effect when used with @command{gpg2}.
@item --agent-program @var{file}
@opindex agent-program
 Specify an agent program to be used for secret key operations.  The
-default value is the @file{/usr/bin/gpg-agent}.  This is only used
+default value is the @file{/usr/bin/gpg-agent}.
+@ifclear gpgtwoone
+This is only used
 as a fallback when the environment variable @code{GPG_AGENT_INFO} is not
 set or a running agent cannot be connected.
+@end ifclear

@ifset gpgtwoone
@item --dirmngr-program @var{file}
@ -3040,6 +3043,10 @@ Operation is further controlled by a few environment variables:
  If set directory used instead of "~/.gnupg".

  @item GPG_AGENT_INFO
+@ifset gpgtwoone
+  This variable was used by GnuPG versions before 2.1
+@end ifset
+@ifclear gpgtwoone
  Used to locate the gpg-agent.

  The value consists of 3 colon delimited fields: The first is the path
@ -3047,6 +3054,7 @@ Operation is further controlled by a few environment variables:
  protocol version which should be set to 1. When starting the gpg-agent
  as described in its documentation, this variable is set to the correct
  value. The option @option{--gpg-agent-info} can be used to override it.
+@end ifclear

  @item PINENTRY_USER_DATA
  This value is passed via gpg-agent to pinentry.  It is useful to convey
--- a/doc/gpgsm.texi
+++ b/doc/gpgsm.texi
@ -358,9 +358,12 @@ Change the default name of the policy file to @var{filename}.
@item --agent-program @var{file}
@opindex agent-program
 Specify an agent program to be used for secret key operations.  The
-default value is the @file{/usr/local/bin/gpg-agent}.  This is only used
+default value is the @file{/usr/local/bin/gpg-agent}.
+@ifclear gpgtwoone
+This is only used
 as a fallback when the environment variable @code{GPG_AGENT_INFO} is not
 set or a running agent cannot be connected.
+@end ifclear

@item --dirmngr-program @var{file}
@opindex dirmngr-program
@ -892,8 +895,12 @@ other programs of this software too.

@item S.gpg-agent
@cindex S.gpg-agent
-If this file exists and the environment variable @env{GPG_AGENT_INFO} is
-not set, @command{gpgsm} will first try to connect to this socket for
+If this file exists
+@ifclear gpgtwoone
+and the environment variable @env{GPG_AGENT_INFO} is
+not set,
+@end ifclear
+@command{gpgsm} will first try to connect to this socket for
 accessing @command{gpg-agent} before starting a new @command{gpg-agent}
 instance.  Under Windows this socket (which in reality be a plain file
 describing a regular TCP listening port) is the standard way of