On Mon, 10 Nov 2025, Raphael Hertzog wrote: > So my suggestion at this point is to actually do the opposite and use > "Before=gpg-agent-ssh.socket" because gpg-agent-ssh.socket is a no-op in > the default case, and when it's not a no-op, it's best to respect the > user's choice.
FWIW I tried this and it seems to work but only if gcr-ssh-agent.socket is explicitly enabled (as is the case by default). Otherwise it's started as a dependency of gcr-agent.service and again overwrites the operation performed by gpg-agent-ssh.socket. Note that with the suggested "Before" setting I get this ordering (it's in chronological order): nov. 10 16:08:39 fr13-buxy systemd[26418]: Starting dbus.socket - D-Bus User Message Bus Socket... nov. 10 16:08:39 fr13-buxy systemd[26418]: Listening on dirmngr.socket - GnuPG network certificate management daemon. nov. 10 16:08:39 fr13-buxy systemd[26418]: Starting gcr-ssh-agent.socket - GCR ssh-agent wrapper... nov. 10 16:08:39 fr13-buxy systemd[26418]: Listening on gnome-keyring-daemon.socket - GNOME Keyring daemon. nov. 10 16:08:39 fr13-buxy systemd[26418]: Listening on gpg-agent-browser.socket - GnuPG cryptographic agent and passphrase cache (access for web browsers). nov. 10 16:08:39 fr13-buxy systemd[26418]: Listening on gpg-agent-extra.socket - GnuPG cryptographic agent and passphrase cache (restricted). nov. 10 16:08:39 fr13-buxy systemd[26418]: Starting gpg-agent.socket - GnuPG cryptographic agent and passphrase cache... nov. 10 16:08:39 fr13-buxy systemd[26418]: Listening on keyboxd.socket - GnuPG public key management service. nov. 10 16:08:39 fr13-buxy systemd[26418]: Listening on pipewire-pulse.socket - PipeWire PulseAudio. nov. 10 16:08:39 fr13-buxy systemd[26418]: Listening on pipewire.socket - PipeWire Multimedia System Sockets. nov. 10 16:08:39 fr13-buxy systemd[26418]: Listening on pk-debconf-helper.socket - debconf communication socket. nov. 10 16:08:39 fr13-buxy systemd[26418]: Listening on snapd.session-agent.socket - REST API socket for snapd user session agent. nov. 10 16:08:39 fr13-buxy systemd[26418]: Listening on speech-dispatcher.socket - Speech Dispatcher Socket. nov. 10 16:08:39 fr13-buxy systemd[26418]: Starting ssh-agent.socket - OpenSSH Agent socket... nov. 10 16:08:39 fr13-buxy systemd[26418]: Listening on systemd-ask-password.socket - Query the User Interactively for a Password. nov. 10 16:08:39 fr13-buxy systemd[26418]: Listening on yubikey-touch-detector.socket - Unix socket activation for YubiKey touch detector service. nov. 10 16:08:39 fr13-buxy systemd[26418]: Listening on dbus.socket - D-Bus User Message Bus Socket. nov. 10 16:08:39 fr13-buxy systemd[26418]: Listening on gcr-ssh-agent.socket - GCR ssh-agent wrapper. nov. 10 16:08:39 fr13-buxy systemd[26418]: Listening on ssh-agent.socket - OpenSSH Agent socket. nov. 10 16:08:39 fr13-buxy systemd[26418]: Listening on gpg-agent.socket - GnuPG cryptographic agent and passphrase cache. nov. 10 16:08:39 fr13-buxy systemd[26418]: Starting gpg-agent-ssh.socket - GnuPG cryptographic agent (ssh-agent emulation)... nov. 10 16:08:39 fr13-buxy systemd[26418]: Listening on gpg-agent-ssh.socket - GnuPG cryptographic agent (ssh-agent emulation). nov. 10 16:08:39 fr13-buxy systemd[26418]: Reached target sockets.target - Sockets. It shows that gpg-agent.socket would also overwrite SSH_AUTH_SOCK, so maybe you want to add an extra "After=ssh-agent.socket" since that one is not smarter than the gcr one and overwrites the same variable unconditionally. Cheers, -- ⢀⣴⠾⠻⢶⣦⠀ Raphaël Hertzog <[email protected]> ⣾⠁⢠⠒⠀⣿⡁ ⢿⡄⠘⠷⠚⠋ The Debian Handbook: https://debian-handbook.info/get/ ⠈⠳⣄⠀⠀⠀⠀ Debian Long Term Support: https://deb.li/LTS
