Package: gcr4 Version: 4.4.0.1-7 Followup-For: Bug #1079246 Control: severity -1 important
gcr4 goes to great length to actually override the SSH_AUTH_SOCK set by gpg-agent-ssh but that's not a useful thing to do. I refer specifically to this change that landed this summer: "Add proposed patch to ensure gcr4 is the default ssh-agent provider" by Alessandro: https://salsa.debian.org/gnome-team/gcr4/-/commit/2f9e7e82f03b985e7ccbb8218ead0a15e0bc5660 --- a/gcr/gcr-ssh-agent.socket.in +++ b/gcr/gcr-ssh-agent.socket.in @@ -1,5 +1,7 @@ [Unit] Description=GCR ssh-agent wrapper +# If gcr is installed, take priority in setting SSH_AUTH_SOCK over gpg-agent +After=gpg-agent-ssh.socket The ssh-agent provided by gpg-agent is disabled by default. The user needs to add enable-ssh-agent in ~/.gnupg/gpg-agent.conf to actually enable it. When the user does this, we ought to try to respect his choice instead of voluntarily override it. My reason to use gpg-agent is because my SSH key is a GPG subkey in a Yubikey. Please let me use it without having to resort to complicated hacks. It took me multiple tries until I figured out how to get this properly disabled. Hint: * "systemctl --user disable gcr-ssh-agent.socket" does not work because it's enabled globally via some links in /etc/systemd/user/grapgraphical-session-pre.target.wants/ * then you figure out that you need the same command under sudo with "--global" instead of "--user", but it still does not work * so I try again with "systemctl --user disable" and it's now accepted but it still doesn't help because /usr/lib/systemd/user/[email protected]/gnome.session.conf has Wants=gcr-ssh-agent.socket * finally I figure out that I really need to "systemctl --global mask gcr-ssh-agent.socket" to have something that works to not execute the code that overrides SSH_AUTH_SOCK So my suggestion at this point is to actually do the opposite and use "Before=gpg-agent-ssh.socket" because gpg-agent-ssh.socket is a no-op in the default case, and when it's not a no-op, it's best to respect the user's choice. -- System Information: Debian Release: forky/sid APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'oldstable-security'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.17.7+deb14+1-amd64 (SMP w/24 CPU threads; PREEMPT) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages gcr4 depends on: ii dbus-user-session [default-dbus-session-bus] 1.16.2-2 ii gcr 3.41.2-5 ii init-system-helpers 1.69 ii libc6 2.41-12 ii libgck-2-2 4.4.0.1-7 ii libgcr-4-4 4.4.0.1-7 ii libglib2.0-0t64 2.86.1-2 ii libgtk-4-1 4.20.2+ds-2 ii libpango-1.0-0 1.56.3-2 ii libsecret-1-0 0.21.7-2 ii libsystemd0 258.1-2 gcr4 recommends no packages. gcr4 suggests no packages. -- no debconf information -- ⢀⣴⠾⠻⢶⣦⠀ Raphaël Hertzog <[email protected]> ⣾⠁⢠⠒⠀⣿⡁ ⢿⡄⠘⠷⠚⠋ The Debian Handbook: https://debian-handbook.info/get/ ⠈⠳⣄⠀⠀⠀⠀ Debian Long Term Support: https://deb.li/LTS
