From abf7d3c54546d4200eb88924beefc4d6b0f2dc90 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 7 Sep 2022 11:53:32 +0200 Subject: [PATCH] agent: Don't start in --supervised mode if no-autostart is enabled. * agent/gpg-agent.c (main): Print an error message if no-autostart is set in common.conf. --- agent/gpg-agent.c | 11 +++++++++++ doc/gpg-agent.texi | 3 +++ 2 files changed, 14 insertions(+) diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 7194e020a..fad2a363e 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -1517,6 +1517,17 @@ main (int argc, char **argv) agent_deinit_default_ctrl (ctrl); xfree (ctrl); } + else if (is_supervised && comopt.no_autostart) + { + /* If we are running on a server and the user has set + * no-autostart for gpg or gpgsm. gpg-agent would anyway be + * started by the supervisor which has the bad effect that it + * will steal the socket from a remote server. Note that + * systemd has no knowledge about the lock files we take during + * the start operation. */ + log_info ("%s %s not starting in supervised mode due to no-autostart.\n", + gpgrt_strusage(11), gpgrt_strusage(13) ); + } else if (is_supervised) { #ifndef HAVE_W32_SYSTEM diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 1655847bf..97abbed59 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -174,6 +174,9 @@ listening on provided file descriptors, which must already be bound to listening sockets. This option is deprecated and not supported on Windows. +If in @file{common.conf} the option @option{no-autostart} is set, any +start attemps will be ignored. + In --supervised mode, different file descriptors can be provided for use as different socket types (e.g. ssh, extra) as long as they are identified in the environment variable @code{LISTEN_FDNAMES} (see