Mike -- EMAIL IGNORED wrote:
> On Thu, 30 Aug 2007 16:46:28 -0400, Todd Zullinger wrote:
>
> [...]
>> Yep, after you scratch your head for half an hour wondering why things
>> have broken. :)
>
> Well, then, what might be broken? Id the agent provided for something
> other than my "convenience"?
I just meant that if you tweak the script and then it gets updated via
yum or whatever, you may end up scratching your head for a bit before
realize that the tweak you made several months ago got overwritten. At
least, that's what happens to me. :)
Yes, I see your point -- another nuisance.
>> What it is that breaks by having ssh agent started automatically?
>>
>>
> My script checks for a preexisting agent, and if it finds one, it
> assumes it is one I created and tries to add a key to it. However, if
> the system created an agent, other things I put in place when I create
> the agent are not there, and I get a failure report.
Okay. So obviously the best thing to work with your scripts currently
will be if SSH_AGENT_PID is set so that when the xinitrc-common script
checks for it, it's already set. I haven't made time to log out and
test that yet. Have you tried it to see if that will work?
Yes, I could preset SSH_AGENT_PID -- as long as someone does not
change the script.
Also, might it not be more robust (and better in the long term) if your
script checked for the things you put in place when yo start an
ssh-agent? That way it wouldn't matter whether the agent was started by
xinitrc-common or you.
Did they use my preferred options in creating the agent?
At what point do you start your agent? If it's after the xinit scripts
would be starting it, then doesn't that leave you unable to use the
agent conveniently from some processes started in your X session?
I start the agent by hand execution of the script only when I intend
to use it. The script reads encrypted keys from removable media,
which is usually not present.
> I am reminded of the air conditioning in our family cars. I have a
> 1999 Camry. It has an excellent AC system. When I want more wind, I
> turn the fan-speed knob. Now my wife has a 2003 Camry. When it
> decides I should have more wind, it turns up the fan... I dread the day
> I will have to shop for a new car. If I wanted a system to
> transparently decide things like "I should have an ssh-agent", I would
> use Microsoft (may we be protected from the evil eye). ;)
I understand that concern. There's also the view that it's nice to have
some common things handled so that every user doesn't need to reinvent
the wheel. I used to always patch the x startup scripts precisely to
add ssh-agent, so I was happy when that change got added.
It is only nice if it is easily visible and controllable. As can be seen
above, my use of agents is different that yours.
Unless it turns out that you can't set your own SSH_AGENT_PID variable
before the xinitrc-common script runs, you should be able to easily work
with the current startup scripts to not start an agent for you, if you
prefer not to. And if not, then you can almost as easily modify the
xinitrc-common script to not start an agent.
This last suggestion remains my favorite.
If the latter case is true, then it might be worth submitting a patch to
make the xinitrc-common script check for something user controlled
(file, variable, etc.) which would allow you to tell it not to start an
agent for you.
[...]
Yes. My suggestion is that by default, it be disabled. It might also
be added to the install dialog (hopefully in terms that most reasonably
well educated users could understand without web-search, which presently
is the case for only a minority of the options).
To whom do I present my suggestion, or have I just done it? :)
Thanks again,
Mike.