Debian Bug report logs - #642012
x11-common: ssh-agent Xsession script does not check if gpg-agent will enable SSH support

Reply or subscribe to this bug.

Display info messages

Message #5 received at [email protected] (full text, mbox, reply):

From: Luca Capello <[email protected]>

To: Debian Bug Tracking System <[email protected]>

Subject: x11-common: ssh-agent Xsession script does not check if gpg-agent will enable SSH support

Date: Sun, 18 Sep 2011 16:53:13 +0200

[Message part 1 (text/plain, inline)]

Package: x11-common
Version: 1:7.6+8
Severity: important
File: /etc/X11/Xsession.d/90x11-common_ssh-agent
Affects: openssh-client gnupg-agent
Tags: patch

Hi there!

As the title suggests, if you install both openssh-client and
gnupg-agent and you enable the SSH support in the latter, ssh-agent is
anyway started by the Xsession script:
=====
$ ps aux | grep agent
luca     16399  0.0  0.0  12236   304 ?        Ss   16:09   0:00 \
 /usr/bin/ssh-agent \
 /usr/bin/gpg-agent --daemon --sh --write-env-file=/home/luca/.gnupg/gpg-agent-info-gismo \
 /usr/bin/ck-launch-session \
 /usr/bin/dbus-launch --exit-with-session /home/luca/.xsession

luca     16400  0.0  0.0  18968   424 ?        Ss   16:09   0:00 \
 /usr/bin/gpg-agent --daemon --sh --write-env-file=/home/luca/.gnupg/gpg-agent-info-gismo \
 /usr/bin/ck-launch-session \
 /usr/bin/dbus-launch --exit-with-session /home/luca/.xsession

$ ls -l /tmp | grep -e gpg -e ssh
drwx------ 2 luca luca  60 Sep 18 16:09 gpg-0drpxf
drwx------ 2 luca luca  60 Sep 18 16:09 gpg-xSZr4Z
drwx------ 2 luca luca  60 Sep 18 16:09 ssh-GmzGjVQ16373

$ grep -s '^[[:space:]]*use-agent' ~/.gnupg/gpg.conf
use-agent

$ grep -s '^[[:space:]]*enable-ssh-support' ~/.gnupg/gpg-agent.conf
enable-ssh-support

$ export | grep -e GPG -e SSH
declare -x GPG_AGENT_INFO="/tmp/gpg-0drpxf/S.gpg-agent:16400:1"
declare -x SSH_AGENT_PID="16400"
declare -x SSH_AUTH_SOCK="/tmp/gpg-xSZr4Z/S.gpg-agent.ssh"
=====

Indeed the check for $SSH_AUTH_SOCK is not enough: this variable is not
set given that gpg-agent has not been started yet.  Here is the patch:

--8<---------------cut here---------------start------------->8---
--- 90x11-common_ssh-agent.ORG
+++ 90x11-common_ssh-agent
@@ -9,10 +9,15 @@
 if has_option use-ssh-agent; then
   if [ -x "$SSHAGENT" ] && [ -z "$SSH_AUTH_SOCK" ] \
      && [ -z "$SSH2_AUTH_SOCK" ]; then
-    STARTSSH=yes
-    if [ -f /usr/bin/ssh-add1 ] && cmp -s $SSHAGENT /usr/bin/ssh-agent2; then
-      # use ssh-agent2's ssh-agent1 compatibility mode
-      SSHAGENTARGS=-1
+    # check if gpg-agent will be started with SSH support
+    : ${GNUPGHOME=$HOME/.gnupg}
+    if ! ( grep -qs '^[[:space:]]*use-agent' "$GNUPGHOME/gpg.conf" && \
+           grep -qs '^[[:space:]]*enable-ssh-support' "$GNUPGHOME/gpg-agent.conf" ); then
+      STARTSSH=yes
+      if [ -f /usr/bin/ssh-add1 ] && cmp -s $SSHAGENT /usr/bin/ssh-agent2; then
+        # use ssh-agent2's ssh-agent1 compatibility mode
+        SSHAGENTARGS=-1
+      fi
     fi
   fi
 fi
--8<---------------cut here---------------end--------------->8---

Thx, bye,
Gismo / Luca

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.0-rc4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages x11-common depends on:
ii  debconf [debconf-2.0]  1.5.41
ii  lsb-base               3.2-28

x11-common recommends no packages.

x11-common suggests no packages.

-- debconf information:
  x11-common/xwrapper/allowed_users: Console Users Only
  x11-common/xwrapper/actual_allowed_users: console

[Message part 2 (application/pgp-signature, inline)]

Message #10 received at [email protected] (full text, mbox, reply):

From: Julien Cristau <[email protected]>

To: Luca Capello <[email protected]>, [email protected]

Subject: Re: Bug#642012: x11-common: ssh-agent Xsession script does not check if gpg-agent will enable SSH support

Date: Sun, 18 Sep 2011 17:05:37 +0200

[Message part 1 (text/plain, inline)]

On Sun, Sep 18, 2011 at 16:53:13 +0200, Luca Capello wrote:

> --8<---------------cut here---------------start------------->8---
> --- 90x11-common_ssh-agent.ORG
> +++ 90x11-common_ssh-agent
> @@ -9,10 +9,15 @@
>  if has_option use-ssh-agent; then
>    if [ -x "$SSHAGENT" ] && [ -z "$SSH_AUTH_SOCK" ] \
>       && [ -z "$SSH2_AUTH_SOCK" ]; then
> -    STARTSSH=yes
> -    if [ -f /usr/bin/ssh-add1 ] && cmp -s $SSHAGENT /usr/bin/ssh-agent2; then
> -      # use ssh-agent2's ssh-agent1 compatibility mode
> -      SSHAGENTARGS=-1
> +    # check if gpg-agent will be started with SSH support
> +    : ${GNUPGHOME=$HOME/.gnupg}
> +    if ! ( grep -qs '^[[:space:]]*use-agent' "$GNUPGHOME/gpg.conf" && \
> +           grep -qs '^[[:space:]]*enable-ssh-support' "$GNUPGHOME/gpg-agent.conf" ); then
> +      STARTSSH=yes
> +      if [ -f /usr/bin/ssh-add1 ] && cmp -s $SSHAGENT /usr/bin/ssh-agent2; then
> +        # use ssh-agent2's ssh-agent1 compatibility mode
> +        SSHAGENTARGS=-1
> +      fi
>      fi
>    fi
>  fi
> --8<---------------cut here---------------end--------------->8---
> 
NAK, as far as I'm concerned this script has no business looking around
in gpg.conf.

Cheers,
Julien

[signature.asc (application/pgp-signature, inline)]

Message #17 received at [email protected] (full text, mbox, reply):

From: Luca Capello <[email protected]>

To: [email protected]

Subject: Re: Bug#642012: x11-common: ssh-agent Xsession script does not check if gpg-agent will enable SSH support

Date: Sun, 18 Sep 2011 21:51:21 +0200

[Message part 1 (text/plain, inline)]

Hi there!

On Sun, 18 Sep 2011 17:05:37 +0200, Julien Cristau wrote:
> On Sun, Sep 18, 2011 at 16:53:13 +0200, Luca Capello wrote:
>
>> --8<---------------cut here---------------start------------->8---
[patch]
>> --8<---------------cut here---------------end--------------->8---
>> 
> NAK, as far as I'm concerned this script has no business looking around
> in gpg.conf.

This leaves the bug opened: I would be glad to explore other solutions,
but AFAIK without checking gpg.conf and gpg-agent.conf there is no way
to know *beforehand* 1) if gpg-agent will run and 2) if the latter will
provide SSH support.

Please note that until now ssh-agent is *never* started if gpg-agent has
been started at least once with SSH support, for the following reasons
(and this is another bug, no matter what):

1) 90gpg-agent is sourced before 90x11-common_ssh-agent
2) gpg-agent does not remove its "PID" file when exiting, see #642021
3) 90gpg-agent sources the "PID" file above, which means that
   SSH_AUTH_SOCK is defined *before* any gpg-agent is started at all
4) 90x11-common_ssh-agent starts ssh-agent only if SSH_AUTH_SOCK is
   empty, which is not the case as per point 3

Here is the patch to test the behavior above:

--8<---------------cut here---------------start------------->8---
--- 90x11-common_ssh-agent.ORG
+++ 90x11-common_ssh-agent
@@ -14,6 +14,11 @@
       # use ssh-agent2's ssh-agent1 compatibility mode
       SSHAGENTARGS=-1
     fi
+  else
+    cat <<EOF >>"$HOME"/.xsession-errors
+/etc/X11/Xsession.d/90x11-common_ssh-agent: SSH_AUTH_SOCK='$SSH_AUTH_SOCK'
+/etc/X11/Xsession.d/90x11-common_ssh-agent: not starting ssh-agent
+EOF
   fi
 fi
 
--8<---------------cut here---------------end--------------->8---

IMHO the real bug is to try to start ssh-agent in a system-wide fashion
via /etc/X11/Xsession.options, while this is (clearly) a user option.
This is also why I fear the new Xsession "use-gpg-agent" option at
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=412993#20>.  The fact
that ssh_config does not have any way to define that we want the agent
is probably the original cause of this bug.

Finally, may I ask why this file is not provided by openssh-client?  I
could not find any reference in the x11-common changelog.Debian nor
x11-common Recommends:/Suggests:/Enhances: openssh-client.

Thx, bye,
Gismo / Luca

[Message part 2 (application/pgp-signature, inline)]

Message #22 received at [email protected] (full text, mbox, reply):

From: Julien Cristau <[email protected]>

To: Luca Capello <[email protected]>, [email protected]

Subject: Re: Bug#642012: x11-common: ssh-agent Xsession script does not check if gpg-agent will enable SSH support

Date: Mon, 19 Sep 2011 14:57:14 +0200

On Sun, Sep 18, 2011 at 21:51:21 +0200, Luca Capello wrote:

> Hi there!
> 
> On Sun, 18 Sep 2011 17:05:37 +0200, Julien Cristau wrote:
> > On Sun, Sep 18, 2011 at 16:53:13 +0200, Luca Capello wrote:
> >
> >> --8<---------------cut here---------------start------------->8---
> [patch]
> >> --8<---------------cut here---------------end--------------->8---
> >> 
> > NAK, as far as I'm concerned this script has no business looking around
> > in gpg.conf.
> 
> This leaves the bug opened: I would be glad to explore other solutions,
> but AFAIK without checking gpg.conf and gpg-agent.conf there is no way
> to know *beforehand* 1) if gpg-agent will run and 2) if the latter will
> provide SSH support.
> 
> Please note that until now ssh-agent is *never* started if gpg-agent has
> been started at least once with SSH support, for the following reasons
> (and this is another bug, no matter what):
> 
> 1) 90gpg-agent is sourced before 90x11-common_ssh-agent
> 2) gpg-agent does not remove its "PID" file when exiting, see #642021

Sounds like that should be fixed.

> 3) 90gpg-agent sources the "PID" file above, which means that
>    SSH_AUTH_SOCK is defined *before* any gpg-agent is started at all

Shouldn't the "if ! $GPGAGENT 2>/dev/null; then" line in 90gpg-agent be
followed by unsetting the variables (and maybe removing the file) it
just read since it found out they don't work?

> 4) 90x11-common_ssh-agent starts ssh-agent only if SSH_AUTH_SOCK is
>    empty, which is not the case as per point 3
> 
> Here is the patch to test the behavior above:
> 
> --8<---------------cut here---------------start------------->8---
> --- 90x11-common_ssh-agent.ORG
> +++ 90x11-common_ssh-agent
> @@ -14,6 +14,11 @@
>        # use ssh-agent2's ssh-agent1 compatibility mode
>        SSHAGENTARGS=-1
>      fi
> +  else
> +    cat <<EOF >>"$HOME"/.xsession-errors
> +/etc/X11/Xsession.d/90x11-common_ssh-agent: SSH_AUTH_SOCK='$SSH_AUTH_SOCK'
> +/etc/X11/Xsession.d/90x11-common_ssh-agent: not starting ssh-agent
> +EOF
>    fi
>  fi
>  
> --8<---------------cut here---------------end--------------->8---
> 
> IMHO the real bug is to try to start ssh-agent in a system-wide fashion
> via /etc/X11/Xsession.options, while this is (clearly) a user option.
> This is also why I fear the new Xsession "use-gpg-agent" option at
> <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=412993#20>.  The fact
> that ssh_config does not have any way to define that we want the agent
> is probably the original cause of this bug.
> 
Can we switch the order so that 1) doesn't apply?  And turn ssh-agent
into a no-op when it's started by gpg-agent with ssh support (assuming
it's not already)?

> Finally, may I ask why this file is not provided by openssh-client?  I
> could not find any reference in the x11-common changelog.Debian nor
> x11-common Recommends:/Suggests:/Enhances: openssh-client.
> 
The changelog suggests this was already in xfree86-common with the
initial xfree86 4.0 upload 11 years ago.  I could go look for earlier
changelogs, but I guess "hysterical raisins" pretty much covers it?

Cheers,
Julien

Message #27 received at [email protected] (full text, mbox, reply):

From: Luca Capello <[email protected]>

To: [email protected]

Subject: Re: Bug#642012: x11-common: ssh-agent Xsession script does not check if gpg-agent will enable SSH support

Date: Mon, 26 Sep 2011 16:36:52 +0200

[Message part 1 (text/plain, inline)]

block 642012 by 642021
thanks

Hi there!

On Mon, 19 Sep 2011 14:57:14 +0200, Julien Cristau wrote:
> On Sun, Sep 18, 2011 at 21:51:21 +0200, Luca Capello wrote:
>> This leaves the bug opened: I would be glad to explore other solutions,
>> but AFAIK without checking gpg.conf and gpg-agent.conf there is no way
>> to know *beforehand* 1) if gpg-agent will run and 2) if the latter will
>> provide SSH support.

This is the real problem.

>> Please note that until now ssh-agent is *never* started if gpg-agent has
>> been started at least once with SSH support, for the following reasons
>> (and this is another bug, no matter what):
>> 
>> 1) 90gpg-agent is sourced before 90x11-common_ssh-agent
>> 2) gpg-agent does not remove its "PID" file when exiting, see #642021
>
> Sounds like that should be fixed.

Patch sent upstream and block added.

  <http://news.gmane.org/find-root.php?message_id=1316457193-26043-1-git-send-email-luca%40pca.it>
  <http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;bug=642021>

>> 3) 90gpg-agent sources the "PID" file above, which means that
>>    SSH_AUTH_SOCK is defined *before* any gpg-agent is started at all
>
> Shouldn't the "if ! $GPGAGENT 2>/dev/null; then" line in 90gpg-agent be
> followed by unsetting the variables (and maybe removing the file) it
> just read since it found out they don't work?

Good catch, I will follow-up on the other bug report.  However,
unsetting (at least) the SSH_AUTH_SOCK variable is not correct, because
it could be defined in ~/.Xsessionrc.

>> 4) 90x11-common_ssh-agent starts ssh-agent only if SSH_AUTH_SOCK is
>>    empty, which is not the case as per point 3
[...]
>> IMHO the real bug is to try to start ssh-agent in a system-wide fashion
>> via /etc/X11/Xsession.options, while this is (clearly) a user option.
>> This is also why I fear the new Xsession "use-gpg-agent" option at
>> <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=412993#20>.  The fact
>> that ssh_config does not have any way to define that we want the agent
>> is probably the original cause of this bug.
>> 
> Can we switch the order so that 1) doesn't apply?  And turn ssh-agent
> into a no-op when it's started by gpg-agent with ssh support (assuming
> it's not already)?

I still fail to see your solution: when both Xsession scripts do their
checks there is no agent running at all, so reverting the order should
not change anything.  Again, how do you know that gpg-agent will be
started with SSH support?

Please also note that unfortunately ssh-agent starts a new instance even
if another one is already running:
=====
$ gpg-agent
gpg-agent: gpg-agent running and available

$ export | grep -e GPG -e SSH
declare -x GPG_AGENT_INFO="/tmp/gpg-g4sLIi/S.gpg-agent:1943:1"
declare -x SSH_AGENT_PID="1943"
declare -x SSH_AUTH_SOCK="/tmp/gpg-Gy6MdS/S.gpg-agent.ssh"

$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-CdRxIRsi7792/agent.7792; export SSH_AUTH_SOCK;
SSH_AGENT_PID=7793; export SSH_AGENT_PID;
echo Agent pid 7793;

$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-PsTeGnGE7845/agent.7845; export SSH_AUTH_SOCK;
SSH_AGENT_PID=7846; export SSH_AGENT_PID;
echo Agent pid 7846;

$ export | grep -e GPG -e SSH
declare -x GPG_AGENT_INFO="/tmp/gpg-g4sLIi/S.gpg-agent:1943:1"
declare -x SSH_AGENT_PID="1943"
declare -x SSH_AUTH_SOCK="/tmp/gpg-Gy6MdS/S.gpg-agent.ssh"

$ ls -l /tmp/ | grep -e gpg -e ssh
drwx------ 2 luca luca  60 Sep 25 17:29 gpg-g4sLIi
drwx------ 2 luca luca  60 Sep 25 17:29 gpg-Gy6MdS
drwx------ 2 luca luca  60 Sep 26 15:19 ssh-CdRxIRsi7792
drwx------ 2 luca luca  60 Sep 26 15:20 ssh-PsTeGnGE7845
=====

>> Finally, may I ask why this file is not provided by openssh-client?  I
>> could not find any reference in the x11-common changelog.Debian nor
>> x11-common Recommends:/Suggests:/Enhances: openssh-client.
>> 
> The changelog suggests this was already in xfree86-common with the
> initial xfree86 4.0 upload 11 years ago.  I could go look for earlier
> changelogs, but I guess "hysterical raisins" pretty much covers it?

I came to the same conclusion.  However, I still think openssh-client
would be a better place, because until now ssh-agent is started
unconditionally without asking the user (and FWIW not event the
sysadmin).  The fact that there is no way to have ssh-agent "configured"
through a user variable changes the whole situations, so I will not
bother any more with this.

Attached a Git patch to add the Enhances: above, including dbus-x11 for
the very same reason.

Thx, bye,
Gismo / Luca

[0001-debian-control-x11-common-Enhances-dbus-x11-and-open.patch (text/x-diff, attachment)]

[Message part 3 (application/pgp-signature, inline)]

Message #34 received at [email protected] (full text, mbox, reply):

From: "Hellekin O. Wolf" <[email protected]>

To: [email protected]

Subject: Re: Bug#642012: x11-common: ssh-agent Xsession script does not check if gpg-agent will enable SSH support

Date: Fri, 28 Oct 2011 21:35:14 +0200

[Message part 1 (text/plain, inline)]

Hello,

I don't know the policy for overriding packages, but using that patch I
fixed the problem for myself.

As gpg-agent can provide the functionality of ssh-agent, 90gpg-agent can
take over the functionality of 90x11-common_ssh-agent by unsetting
OPTIONS[use-ssh-agent].

Another way of doing it is to chmod -x /usr/bin/ssh-agent, so using the
alternatives system might provide a cleaner way.

Cheers,

==
hk

[90gpg-agent.patch (text/x-diff, attachment)]

Message #39 received at [email protected] (full text, mbox, reply):

From: "Hellekin O. Wolf" <[email protected]>

To: [email protected]

Subject: Disregard previous patch

Date: Sat, 29 Oct 2011 06:29:38 +0200

It might help, but functionality is *not the same*: e.g. gpg-agent
cannot load ssh-keys bigger than 2048 bit.

==
hk

Message #44 received at [email protected] (full text, mbox, reply):

From: Luca Capello <[email protected]>

To: [email protected]

Cc: "Hellekin O. Wolf" <[email protected]>, [email protected]

Subject: Re: Bug#642012: x11-common: ssh-agent Xsession script does not check if gpg-agent will enable SSH support

Date: Tue, 21 Feb 2012 13:36:11 +0100

[Message part 1 (text/plain, inline)]

usertags 642012 + pca.it-authentication
thanks

Hi there!

Hellekin, the patch you have sent is referring to another bug, see:

  <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444103#15>

BTW, please always check if you need to Cc: other people interested in
the bug (you did not Cc: me, so I was not aware of your replies).

On Mon, 26 Sep 2011 16:36:52 +0200, Luca Capello wrote:
> On Mon, 19 Sep 2011 14:57:14 +0200, Julien Cristau wrote:
>> On Sun, Sep 18, 2011 at 21:51:21 +0200, Luca Capello wrote:
>>> This leaves the bug opened: I would be glad to explore other solutions,
>>> but AFAIK without checking gpg.conf and gpg-agent.conf there is no way
>>> to know *beforehand* 1) if gpg-agent will run and 2) if the latter will
>>> provide SSH support.
>
> This is the real problem.
>
>>> Please note that until now ssh-agent is *never* started if gpg-agent has
>>> been started at least once with SSH support, for the following reasons
>>> (and this is another bug, no matter what):
>>> 
>>> 1) 90gpg-agent is sourced before 90x11-common_ssh-agent
>>> 2) gpg-agent does not remove its "PID" file when exiting, see #642021
>>
>> Sounds like that should be fixed.
>
> Patch sent upstream and block added.
>
>   <http://news.gmane.org/find-root.php?message_id=1316457193-26043-1-git-send-email-luca%40pca.it>
>   <http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;bug=642021>

Upstream's opinion is that the "PID" file must not be removed:

  <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642021#33>

>>> 3) 90gpg-agent sources the "PID" file above, which means that
>>>    SSH_AUTH_SOCK is defined *before* any gpg-agent is started at all
>>
>> Shouldn't the "if ! $GPGAGENT 2>/dev/null; then" line in 90gpg-agent be
>> followed by unsetting the variables (and maybe removing the file) it
>> just read since it found out they don't work?
>
> Good catch, I will follow-up on the other bug report.  However,
> unsetting (at least) the SSH_AUTH_SOCK variable is not correct, because
> it could be defined in ~/.Xsessionrc.

According to its manpage, it is ssh-agent that sets this variable, so
any value in ~/.Xsessionrc (sourced by 40x11-common_xsessionrc, so
before any 90*agent) should be simply ignored:

  A UNIX-___domain socket is created and the name of this socket is
  stored in the SSH_AUTH_SOCK environment variable.  The socket is
  made accessible only to the current user.  This method is easily
  abused by root or another instance of the same user.

However, given upstream's opinion on the "PID" file not to be removed, I
would simply unset the variables.  This at least to be sure that
variables from dead gpg-agent processes will not influence the current
login.

>>> 4) 90x11-common_ssh-agent starts ssh-agent only if SSH_AUTH_SOCK is
>>>    empty, which is not the case as per point 3
> [...]
>>> IMHO the real bug is to try to start ssh-agent in a system-wide fashion
>>> via /etc/X11/Xsession.options, while this is (clearly) a user option.
>>> This is also why I fear the new Xsession "use-gpg-agent" option at
>>> <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=412993#20>.  The fact
>>> that ssh_config does not have any way to define that we want the agent
>>> is probably the original cause of this bug.
>>> 
>> Can we switch the order so that 1) doesn't apply?  And turn ssh-agent
>> into a no-op when it's started by gpg-agent with ssh support (assuming
>> it's not already)?
>
> I still fail to see your solution: when both Xsession scripts do their
> checks there is no agent running at all, so reverting the order should
> not change anything.  Again, how do you know that gpg-agent will be
> started with SSH support?

The key is SSH_AUTH_SOCK, which should be *anyway* set is gpg-agent
should be started with the SSH support, which is covered by:

  <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444103#15>

Git patch attached.  Test packages fixing #444103, #642012 and #642021
are available at:

  <http://people.debian.org/~gismo/tmp/gnupg2_2.0.18-3~gismo444103.642012.642021.1.dsc>

>>> Finally, may I ask why this file is not provided by openssh-client?  I
>>> could not find any reference in the x11-common changelog.Debian nor
>>> x11-common Recommends:/Suggests:/Enhances: openssh-client.
>>> 
>> The changelog suggests this was already in xfree86-common with the
>> initial xfree86 4.0 upload 11 years ago.  I could go look for earlier
>> changelogs, but I guess "hysterical raisins" pretty much covers it?
>
> I came to the same conclusion.  However, I still think openssh-client
> would be a better place, because until now ssh-agent is started
> unconditionally without asking the user (and FWIW not event the
> sysadmin).  The fact that there is no way to have ssh-agent "configured"
> through a user variable changes the whole situations, so I will not
> bother any more with this.
>
> Attached a Git patch to add the Enhances: above, including dbus-x11 for
> the very same reason.

The last sentence is independent of the gpg-agent stuff, can it be
included anyway?

Thx, bye,
Gismo / Luca

[0002-debian-gnupg-agent.xsession-642012-fix-90x11-common_.patch (text/x-diff, attachment)]

[Message part 3 (application/pgp-signature, inline)]

Send a report that this bug log contains spam.