From 644785859ac960c0da64016065a800bf660ffbcf Mon Sep 17 00:00:00 2001 From: sommerfeld Date: Fri, 17 Apr 2026 14:47:34 +0100 Subject: refactor: revert GNUPGHOME to default ~/.gnupg Drop custom GNUPGHOME=~/.local/share/gnupg which required 6 systemd socket/service overrides with hardcoded directory hashes. GnuPG periodically changes its hash algorithm on updates, silently breaking systemd socket activation and pam-gnupg passphrase presetting. With default GNUPGHOME, stock systemd units work out of the box. - Move gpg.conf, gpg-agent.conf, sshcontrol to home/.gnupg/ - Delete all gpg-agent socket/service/dirmngr override dirs - Remove GNUPGHOME from .zprofile, .pam_environment, pam-gnupg - Remove GNUPGHOME from vdirsyncer and bridge service overrides --- home/.gnupg/sshcontrol | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 home/.gnupg/sshcontrol (limited to 'home/.gnupg/sshcontrol') diff --git a/home/.gnupg/sshcontrol b/home/.gnupg/sshcontrol new file mode 100644 index 0000000..9197976 --- /dev/null +++ b/home/.gnupg/sshcontrol @@ -0,0 +1,17 @@ +# List of allowed ssh keys. Only keys present in this file are used +# in the SSH protocol. The ssh-add tool may add new entries to this +# file to enable them; you may also add them manually. Comment +# lines, like this one, as well as empty lines are ignored. Lines do +# have a certain length limit but this is not serious limitation as +# the format of the entries is fixed and checked by gpg-agent. A +# non-comment line starts with optional white spaces, followed by the +# keygrip of the key given as 40 hex digits, optionally followed by a +# caching TTL in seconds, and another optional field for arbitrary +# flags. Prepend the keygrip with an '!' mark to disable it. + +91191A4A6E86279A901A7D38A7512EC126518FA5 +22747ABA1B4502F186654CD84DC353B0C3BD353F +9F3FCCA0F99AE1C5D05B834F0E89C79970A7B74A +5E9259E1EFFFB85520F62A5C31C97033C1DEDBD8 +515584E3A76C03EEA4A563156882938003FBEC90 +E843F385FEEAE6CA2E1B9A67796241FDA5423CA3 -- cgit v1.2.3-70-g09d2