Package: x11-common
Version: 1:7.6+8
Severity: important
File: /etc/X11/Xsession.d/90x11-common_ssh-agent
Affects: openssh-client gnupg-agent
Tags: patch

Hi there!

As the title suggests, if you install both openssh-client and
gnupg-agent and you enable the SSH support in the latter, ssh-agent is
anyway started by the Xsession script:
=====
$ ps aux | grep agent
luca     16399  0.0  0.0  12236   304 ?        Ss   16:09   0:00 \
 /usr/bin/ssh-agent \
 /usr/bin/gpg-agent --daemon --sh --write-env-file=/home/luca/.gnupg/gpg-agent-info-gismo \
 /usr/bin/ck-launch-session \
 /usr/bin/dbus-launch --exit-with-session /home/luca/.xsession

luca     16400  0.0  0.0  18968   424 ?        Ss   16:09   0:00 \
 /usr/bin/gpg-agent --daemon --sh --write-env-file=/home/luca/.gnupg/gpg-agent-info-gismo \
 /usr/bin/ck-launch-session \
 /usr/bin/dbus-launch --exit-with-session /home/luca/.xsession

$ ls -l /tmp | grep -e gpg -e ssh
drwx------ 2 luca luca  60 Sep 18 16:09 gpg-0drpxf
drwx------ 2 luca luca  60 Sep 18 16:09 gpg-xSZr4Z
drwx------ 2 luca luca  60 Sep 18 16:09 ssh-GmzGjVQ16373

$ grep -s '^[[:space:]]*use-agent' ~/.gnupg/gpg.conf
use-agent

$ grep -s '^[[:space:]]*enable-ssh-support' ~/.gnupg/gpg-agent.conf
enable-ssh-support

$ export | grep -e GPG -e SSH
declare -x GPG_AGENT_INFO="/tmp/gpg-0drpxf/S.gpg-agent:16400:1"
declare -x SSH_AGENT_PID="16400"
declare -x SSH_AUTH_SOCK="/tmp/gpg-xSZr4Z/S.gpg-agent.ssh"
=====

Indeed the check for $SSH_AUTH_SOCK is not enough: this variable is not
set given that gpg-agent has not been started yet.  Here is the patch:

--8<---------------cut here---------------start------------->8---
--- 90x11-common_ssh-agent.ORG
+++ 90x11-common_ssh-agent
@@ -9,10 +9,15 @@
 if has_option use-ssh-agent; then
   if [ -x "$SSHAGENT" ] && [ -z "$SSH_AUTH_SOCK" ] \
      && [ -z "$SSH2_AUTH_SOCK" ]; then
-    STARTSSH=yes
-    if [ -f /usr/bin/ssh-add1 ] && cmp -s $SSHAGENT /usr/bin/ssh-agent2; then
-      # use ssh-agent2's ssh-agent1 compatibility mode
-      SSHAGENTARGS=-1
+    # check if gpg-agent will be started with SSH support
+    : ${GNUPGHOME=$HOME/.gnupg}
+    if ! ( grep -qs '^[[:space:]]*use-agent' "$GNUPGHOME/gpg.conf" && \
+           grep -qs '^[[:space:]]*enable-ssh-support' "$GNUPGHOME/gpg-agent.conf" ); then
+      STARTSSH=yes
+      if [ -f /usr/bin/ssh-add1 ] && cmp -s $SSHAGENT /usr/bin/ssh-agent2; then
+        # use ssh-agent2's ssh-agent1 compatibility mode
+        SSHAGENTARGS=-1
+      fi
     fi
   fi
 fi
--8<---------------cut here---------------end--------------->8---

Thx, bye,
Gismo / Luca

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.0-rc4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages x11-common depends on:
ii  debconf [debconf-2.0]  1.5.41
ii  lsb-base               3.2-28

x11-common recommends no packages.

x11-common suggests no packages.

-- debconf information:
  x11-common/xwrapper/allowed_users: Console Users Only
  x11-common/xwrapper/actual_allowed_users: console