Mike -- EMAIL IGNORED wrote: >> Okay. So obviously the best thing to work with your scripts >> currently will be if SSH_AGENT_PID is set so that when the >> xinitrc-common script checks for it, it's already set. I haven't >> made time to log out and test that yet. Have you tried it to see >> if that will work? > > Yes, I could preset SSH_AGENT_PID -- as long as someone does not > change the script. I don't think you need to worry too much about that test going away. It's definitely important for the xinit scripts to test for the existence of an already running ssh-agent before starting one up. >> Also, might it not be more robust (and better in the long term) if >> your script checked for the things you put in place when yo start >> an ssh-agent? That way it wouldn't matter whether the agent was >> started by xinitrc-common or you. > > Did they use my preferred options in creating the agent? What options are you passing to ssh-agent? The options it takes are pretty sparse. > I start the agent by hand execution of the script only when I intend > to use it. The script reads encrypted keys from removable media, > which is usually not present. You can have the agent running without adding keys to it right away. So the keys need not be present when you start it. You can also add and remove keys at will. So if you wanted, your script could add the keys to the agent whenever you wanted to use them, and remove them when you were done (or after some timeout, using the -t option to ssh-add). > It is only nice if it is easily visible and controllable. As can be > seen above, my use of agents is different that yours. I'm still not sure that there's a problem with how the agent is started, even for your use. Perhaps I'm just not understanding how you're using it. With the agent started, you still have full control of what and when keys are loaded. > Yes. My suggestion is that by default, it be disabled. It might > also be added to the install dialog (hopefully in terms that most > reasonably well educated users could understand without web-search, > which presently is the case for only a minority of the options). I don't see the default being disabled. It's much more common and generally useful to have it started automatically. If it's made optional, I'd prefer the default to be on. But that's just my opinion. > To whom do I present my suggestion, or have I just done it? :) Nah, I haven't wormed my way into the project that far. :) To make a request for enhancement, you'd use bugzilla. There's a page on the wiki which (hopefully) includes all the steps needed. http://fedoraproject.org/wiki/BugsAndFeatureRequests Before filing such a request, be sure that what you want really can't be done with the existing setup. Also, if you really want to increase the likelihood of something being picked up, propose a patch to do what you want or a nice outline of how it can actually be done. I'm not sure it's needed, but one way I could see something like this being generally useful would be to add a check to the xinitrc-common script to source the files in a dir (first in $HOME and then in /etc) to read settings from. That way you could override things like SSH_AGENT to prevent it from being started. Oh, and I just realized that even if you can't set SSH_AGENT_PID from your bash startup before the xinitrc-common script runs (let me know if you get a chance to try that, BTW), you could put a file in /etc/X11/xinit/xinitrc.d/ which would set it. Files in that dir are sourced just before the ssh-agent code. -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sometimes you get the blues because your baby leaves you. Sometimes you get'em 'cause she comes back. -- B.B. King
Attachment:
pgpDrP9GyqEr6.pgp
Description: PGP signature