Am 19.04.24 um 18:28 schrieb Steve Grubb:
Hello,
I have run into an issue on F39 that I wanted to ask about. I decided that I
wanted to develop an application on github from another account to simplify
which keys are being used. I created the user acct and used "su - myacct" to
login to it. I then tried to import gpg keys and got this:
gpg: key 495F8DEXXX/495F8DEXXX: error sending to agent: Permission denied
gpg: error building skey array: Permission denied
gpg: error reading 'myacct-secret.gpg': Permission denied
gpg: import from 'myacct-secret.gpg' failed: Permission denied
So then I logged in by ssh localhost and run "gpg --import" and got this:
gpg: Note: database_open 134217901 waiting for lock (held by 16325) ...
gpg: Note: database_open 134217901 waiting for lock (held by 16325) ...
gpg: Note: database_open 134217901 waiting for lock (held by 16325) ...
gpg: Note: database_open 134217901 waiting for lock (held by 16325) ...
^C
gpg: signal Interrupt caught ... exiting
Process 16325 is keyboxd pointing to the right homedir path. But then I
notice there are 2 keyboxd running for this acct. I log out and as root kill
everything under the new account and then ssh back to it. This time gpg pops
up a screen to ask the passphrase and it succeeds.
This is weird. In the past I know that you could "su" into an account and
everything just worked. The difference between "su" and "ssh" is that "ssh"
creates /usr/lib/systemd/systemd --user.
Should "su -" also start it's own systemd instance since things seemingly
can't function without it?
By extension, what does this mean for sudo?
Why do 2 instances of keyboxd for that acct get started? (Should the second
one have gracefully exited?)
Or is this expected behavior?
Briefly:
- su - , into account
- tmux , use a terminal multiplexer for terminal env sanity
- gpg your stuff
Before that - put in your target .bash_profile
# GPG AGENT
GPG_TTY=$(tty)
export GPG_TTY
eval "$(gpg-agent --daemon)"
--
Leon
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
