cruegge / pam-gnupg

Unlock GnuPG keys on login
GNU General Public License v3.0
269 stars 12 forks source link

Moving gpg folder with GNUPGHOME #4

Closed dh-nunes closed 6 years ago

dh-nunes commented 6 years ago

Newbie to gpg here, sorry if it's obvious.

I moved the gpg folder to ~/.config/gnupg with GNUPGHOME in ~/.bash_profile. pam-gnupg was working previously, followed all your instructions in the readme.

Now gpg is no longer unlocked at login and a ~/.gnupg/private-keys-v1.d empty folder is created. Any help is appreciated, thanks!

cruegge commented 6 years ago

Setting the environment variable in .bash_profile is probably too late; the pam stack runs before bash is initialized. You might try setting it through pam_env(8) by adding

GNUPGHOME DEFAULT=@{HOME}/.config/gnupg

to your ~/.pam_environment (see pam_env.conf(5) for details). Also, make sure that pam_env.so is run before pam_gnupg.so in your pam stack.

dh-nunes commented 6 years ago

Added ~/.pam_environment and /etc/pam.d/system-local-login includes system-login at the top which has session required pam_env.so at the end so I'm guessing it's above pam_gnupg.so.

The empty folder is no longer created but it still requests the passphrase when using pass the first time.

cruegge commented 6 years ago

Looks like there are some additional steps needed to actually use the environment that pam_env sets. I just pushed a possible fix. Can you test?

dh-nunes commented 6 years ago

It works now, thank you very much!