#teardown and #bootstrap gpg-agent, pcscd to have a working configuration:
#!/usr/bin/env sh
# Copyright (c) Jarkko Sakkinen 2024
# Bootstrap gpg-agent and pcscd for Yubikey use.
GPG_AGENT_SOCKETS=(gpg-agent-ssh.socket
gpg-agent-browser.socket
gpg-agent-extra.socket
gpg-agent-ssh.socket
gpg-agent.socket)
systemctl --user disable --now "${GPG_AGENT_SOCKETS[@]}"
gpgconf --kill gpg-agent
sudo systemctl disable --now pcscd.socket
systemctl --user enable --now gpg-agent.socket gpg-agent-ssh.socket
sudo systemctl enable --now pcscd.socket
For gpg-agent I have the following entries in ~/.gnupg
:
gpg-agent.conf
gpg-agent.conf.darwin
gpg-agent.conf.linux-gnu
In a new installation the correct configuration can be deployed as follows:
cp ~/.gnupg/gpg-agent.conf.$OSTYPE ~/.gnupg/gpg-agent.conf
At least in Fedora, also shared a access configuration needs to be defined in ~/.gnupg/scdaemon.conf
:
# See for further information:
# https://github.com/OpenSC/OpenSC/wiki/GnuPG-and-OpenSC
card-timeout 5
disable-ccid
pcsc-shared
Otherwise, the earlier script needs to be run separately for each boot as a workaround. In OpenSUSE, I guess the defaults are different, given that everything just works without this extra configuration.
@jarkko
gpg-agent-ssh.socket in there twice.
Are the agents something you have to manually setup, or is that part of the normal gpg-agent stuff? I've never messed around with any more granularity. Think I just use ssh-agent (no gpg)