On 2018-06-10 at 18:05 +0200, Benjamin Kircher wrote:
> This gives me
>
> gpg: can't connect to the agent: IPC connect call failed
>
> from within the container.
>
> Command lines that led to this output are:
>
> $ docker run --volume $(gpgconf --list-dirs
> agent-extra-socket):/root/.gnupg/S.gpg-agent --entrypoint=sh -ti --rm
> fedora:latest
Did you do something to start the agent in the parent Linux host before
trying to forward the socket?
I can run that Docker image just fine, using the same approach, and
things work for me.
But once you're isolating processes between different virtual operating
systems, none of GnuPG's facilities for auto-launching processes will
help you.
Run:
gpg-connect-agent /bye
in the non-Docker environment before starting the Docker commands. That
command will ensure that the agent is running, then disconnect from the
running agent.
It might be that you have SELinux preventing the volume mount; if
tacking ':z' onto the end of the volume spec works, that would be the
cause.
docker run -it --rm \
--volume $(gpgconf --list-dirs
agent-extra-socket):/root/.gnupg/S.gpg-agent:z \
--entrypoint=sh fedora:latest
<https://docs.docker.com/storage/bind-mounts/#configure-the-selinux-label>
I am not using Linux with SELinux to run Docker anywhere, so can't be of
any further help in debugging if this is the cause; warning notes online
suggest extreme caution is warranted when using the `z` mount option,
you'll need to test carefully to make sure that GnuPG _outside_ of
Docker still works afterwards. (If not ... `gpgconf --kill gpg-agent`
and continue on).
-Phil
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
