From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=FREEMAIL_FROM, MAILING_LIST_MULTI autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 21854 invoked from network); 29 Sep 2022 09:37:12 -0000 Received: from alyss.skarnet.org (95.142.172.232) by inbox.vuxu.org with ESMTPUTF8; 29 Sep 2022 09:37:12 -0000 Received: (qmail 27895 invoked by uid 89); 29 Sep 2022 09:37:37 -0000 Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm Sender: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Received: (qmail 27888 invoked from network); 29 Sep 2022 09:37:37 -0000 X-PTMail-RemoteIP: 5.88.202.24 X-PTMail-AllowedSender-Action: X-PTMail-Service: default Date: Thu, 29 Sep 2022 11:37:06 +0200 From: =?utf-8?B?Sm/Do28=?= Pedro Malhado To: Guillermo Cc: Supervision Subject: Re: gpg-agent runit run script Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Hello Guillermo, On Wed, Sep 28, 2022 at 03:46:01PM -0300, Guillermo wrote: > El mar, 20 sept 2022 a las 18:51, João escribió: > > > > I would like to have gpg-agent running under runit supervision on a user > > runsvdir, but I have been unable to write a run script that works. > > Would anyone have an example run script for gpg-agent, or be able to offer any > > pointers? > > As already suggested, gpg-agent's --supervised command is probably the > closest thing that would do what you want, but in that case, gpg-agent > will: > > * expect to have a properly set up environment, which runit's 'chpst > -e' could do. This includes variable GPG_TTY, which should contain the > name of a valid terminal that the supervision tree would have to make > available. > * expect to receive a bound and listening UNIX domain socket as file > descriptor 3, which runit tools alone can't do (but > s6-ipcserver-socketbinder from s6 can). Thank you for this. It is this latter aspect of setting up the sockets which I'm struggling with. You mention that s6 tools can do this. Would I be right to presume this could be setup in the runit run script in some other way without s6? The Void linux manual shows gpg-agent running as an example, but they don't show the run script, so I don't know how they set it up. https://docs.voidlinux.org/config/services/user-services.html Any examples or pointers would be appreciated. > Then, also as already mentioned, this command has been deprecated > since GnuPG 2.3.6, so, in my opinion, it's better to just have > gpg-agent started by other GnuPG programs, as the manual says. > This is a pity as gpg-agent is a long running process which is the sort of thing you would want to run under supervision. I guess it is not possible to supervise a process if the rebel thing does not want to be supervised? Best regards, João