{"id":55,"date":"2021-01-12T09:23:59","date_gmt":"2021-01-12T09:23:59","guid":{"rendered":"https:\/\/veltzer.net:8890\/?p=55"},"modified":"2021-01-12T09:24:17","modified_gmt":"2021-01-12T09:24:17","slug":"using-gpg-agent-to-write-authenticating-scripts","status":"publish","type":"post","link":"https:\/\/veltzer.net:8890\/using-gpg-agent-to-write-authenticating-scripts\/","title":{"rendered":"Using gpg-agent to write authenticating scripts"},"content":{"rendered":"\n
Sometimes you want to write a shell or other script, and that script is going to have to run under Ok. So how do you do it? Well, in your original environment you have a variable called Sometimes you want to write a shell or other script, and that script is going to have to run under sudo. Under such conditions if the script does anything that requires authentication it will not act as expected. In plain terms it means that the regular popup for authentication will not appear. The tool maybe … <\/p>\nsudo<\/code>. Under such conditions if the script does anything that requires authentication it will not act as expected. In plain terms it means that the regular popup for authentication will not appear. The tool maybe written in a way which deals with the problem and falls back on other authentication methods, and yet it may not. In any case what you really want is for your own authentication agent (the little program called
gpg-agent<\/code> which is running on almost every Linux distribution from the time you log in till the time you log out) will do the authentication. This saves you lots of clicking. Imagine that the script has to do something which requires authentication X number of times. If the script does not use an agent it will not be able to cache the pass-phrases and so you will have to retype the pass-phrase several times. It can also be the case that your authenticating agent already has your pass-phrase in it\u2019s cache and you can save typing it yet another time.<\/p>\n\n\n\n
GPG_AGENT_INFO<\/code>. This variable holds the details of how to connect to your authenticating agent. If you are running regular scripts then this variable, which is an environment variable, is automatically available to them. But if you run your scripts via
ssh<\/code> or
sudo<\/code> then it is not. Just make the variable available to those scripts. Obviously the users that these scripts will be running under will have to have the right level of permission to talk to your gpg agent. How do you make them available? One way is to pass this variable over the command line and turn it into an environment variable as soon as the script starts.<\/p>\n","protected":false},"excerpt":{"rendered":"