Created attachment 1175706 [details] proposed patch substituting SSH_AUTH_SOCK for SSH_AGENT Description of problem: Right now, this is how /etc/X11/xinit/xinitrc-common decides whether to start a new ssh-agent for the X session: # Prefix launch of session with ssh-agent if available and not already running. if [ -z "$SSH_AGENT" ] && [ -z "$SSH_AGENT_PID" ] && [ -x /usr/bin/ssh-agent ]; then I'm not clear on what programs, if any, set the SSH_AGENT environment variable that is being tested. The ssh-agent distributed with Fedora sets only SSH_AUTH_SOCK and SSH_AGENT_PID, e.g., $ ssh-agent SSH_AUTH_SOCK=/tmp/ssh-NAIASogdRImN/agent.27732; export SSH_AUTH_SOCK; SSH_AGENT_PID=27733; export SSH_AGENT_PID; echo Agent pid 27733; I think the correct behavior here is to test SSH_AUTH_SOCK instead of SSH_AGENT. A patch is attached. Version-Release number of selected component (if applicable): xorg-x11-xinit-1.3.4-11.fc24.x86_64 How reproducible: If SSH_AUTH_SOCK is set, but SSH_AGENT_PID is not, the xinit scripts will start a new agent instead of using the old one. Steps to Reproduce: 1. eval $(ssh-agent -a /tmp/my_preferred_socket_location) 2. export SSH_AGENT_PID= 3. startx Actual results: A new ssh-agent is started and its SSH_AUTH_SOCK is exported to the new X session. Expected results: The X session should not start a new agent, and `/tmp/my_preferred_socket_location` should be exported as its SSH_AUTH_SOCK. Additional info:
Thanks, I'm currently preparing an update fixing this using your patch.
xorg-x11-xinit-1.3.4-12.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-383ce09620
xorg-x11-xinit-1.3.4-12.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-383ce09620
xorg-x11-xinit-1.3.4-12.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
This was not a bug. The "fix" reintroduced an old bug. The purpose of the previous behavior was to let the user customize the system to use something other than OpenSSH's ssh-agent program as the SSH agent. In particular, gpg-agent can handle keys for SSH, and supports things that ssh-agent does not. The variable could be set in a script in xinitrc.d. xinitrc.d scripts are called a couple of lines above the SSH_AGENT test. With this change, that no longer works. There's no point in checking SSH_AUTH_SOCK. No agent is going to be running at this point.
(In reply to jbash from comment #5) > This was not a bug. The "fix" reintroduced an old bug. > > The purpose of the previous behavior was to let the user customize the > system to use something other than OpenSSH's ssh-agent program as the SSH > agent. In particular, gpg-agent can handle keys for SSH, and supports things > that ssh-agent does not. The variable could be set in a script in xinitrc.d. > xinitrc.d scripts are called a couple of lines above the SSH_AGENT test. > > With this change, that no longer works. I see, so we should test for SSH_AGENT as well ? or maybe for all 3 of: SSH_AGENT, SSH_AGENT_PID and SSH_AUTH_SOCK > There's no point in checking SSH_AUTH_SOCK. No agent is going to be running > at this point. That is not necessarily true some people may start ssh-agent from the cmdline (this is not unheard of) and then maybe later do startx. I assume this is what the original SSH_AGENT_PID check was trying to catch, but since consumers of the agent only care about SSH_AUTH_SOCK that seems like the better variable to check, I guess we should have left the check for SSH_AGENT in place...
OK, fair enough, there COULD be an ssh-agent running. And checking for all three would fix my own problem. But checking for whether an agent is already running is different from checking WHAT should be started in the event that something does need to be started. So it may be a symptom of something weird for the check for SSH_AGENT_PID or SSH_AGENT_SOCK to be on the same line as the check for SSH_AGENT. I guess it's because XSession overloads the setting of the variable that way too...
Sorry for the misunderstanding. I agree with this comment: >since consumers of the agent only care about SSH_AUTH_SOCK that seems like the better variable to check It seems like if SSH_AUTH_SOCK is set, then no new agent should be started, regardless of the values of the other environment variables. I'm not sure about the other cases.
Ok, I'm currently preparing an update for F25 checking for all 3 environment variables to fix the regression.
Sorry, to clarify: if any one of the 3 variables is set, a new agent will not be started? That sounds right to me.
(In reply to Shivaram Lingamneni from comment #10) > Sorry, to clarify: if any one of the 3 variables is set, a new agent will > not be started? That sounds right to me. Correct.
xorg-x11-xinit-1.3.4-13.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-130710e1c3
xorg-x11-xinit-1.3.4-13.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-130710e1c3
xorg-x11-xinit-1.3.4-13.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.