On , Werner Koch wrote: > On Fri, 1 Jul 2016 01:58, w...@wolfsden.cz said: > > > the building/signing is done in fakeroot environment. Therefore the > > socket path default to ~/.gnupg/S.gnu-agent. Because (at least it seems > > to me) in fakeroot I am root (0) and therefore don't own /run/user/1000 > > That is a very special case I would like to avoid an exception for this > (ie. relaxing the ownwed-by-user check).
I did some thinking about this and I must admit that I don't see why the
check is needing at all. In what situation relaxing the check would case
security issues?
> > What would be a good way to solve this issue?
>
> You can set the envvar GNUPGHOME to a different directory and this will
> then be used for the socket and all other files - assuming that you did
> not create a dedicated directory below /var/user/1000/gnupg for example
> with "gpgconf --create-socketdir".
So basically the "correct" solution are these two lines:
cp -r ~/.gnupg /run/user/1000/gnupg
gpg --homedir /run/user/1000/gnupg
? Since there is no way to provide the socket manually? That seems..
weird.
W.
PS: Apparently GPA is not working with 2.1.13 either (
https://bugs.archlinux.org/task/49930 ), but dunno if it's the same root
cause.
--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
