From 15222b77b8c72284dd619d682216432687391f5d Mon Sep 17 00:00:00 2001
From: Jens Sauer <jsauer65@gmail.com>
Date: Tue, 24 Nov 2020 14:24:47 +0100
Subject: [PATCH] gnupg: Add gpg-agent over SSH wrapper

gpg-agent forwarding over SSH, the remote SSH server needs to enable
"StreamLocalBindUnlink yes" in the global /etc/ssh/sshd_config. It may
happen that this file is not adjustable by the user.

The wrapper 'gssh' detects the correct socket and enables gpg-agent
forwarding when the user explicit wants to forward the gpg-agent.

See more: https://wiki.gnupg.org/AgentForwarding and
The code was written by Callan Bryant: https://github.com/naggie/dotfiles
thanks for sharing under MIT License.
---
 gnupg/.local/bin/gssh | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100755 gnupg/.local/bin/gssh

diff --git a/gnupg/.local/bin/gssh b/gnupg/.local/bin/gssh
new file mode 100755
index 0000000..936869b
--- /dev/null
+++ b/gnupg/.local/bin/gssh
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+echo "Preparing host for forwarded GPG agent..." >&2
+
+# prepare remote for agent forwarding, get socket
+# Remove the socket in this pre-command as an alternative to requiring
+# StreamLocalBindUnlink to be set on the remote SSH server.
+# Find the path of the agent socket remotely to avoid manual configuration
+# client side. The location of the socket varies per version of GPG,
+# username, and host OS.
+remote_socket=$(cat <<'EOF' | command ssh -T "$@" bash
+	set -e
+	socket=$(gpgconf --list-dirs | grep agent-socket | cut -f 2 -d :)
+	# killing agent works over socket, which might be dangling, so time it out.
+	timeout -k 2 1 gpgconf --kill gpg-agent || true
+	test -S $socket && rm $socket
+	echo $socket
+EOF
+)
+
+if [ ! $? -eq 0 ]; then
+echo "Problem with remote GPG. use ssh -A $@ for ssh with agent forwarding only." >&2
+return
+fi
+
+if [ "$SSH_CONNECTION" ]; then
+# agent on this host is forwarded, allow chaining
+local_socket=$(gpgconf --list-dirs | grep agent-socket | cut -f 2 -d :)
+else
+# agent on this host is running locally, use special remote socket
+local_socket=$(gpgconf --list-dirs | grep agent-extra-socket | cut -f 2 -d :)
+fi
+
+if [ ! -S $local_socket ]; then
+echo "Could not find suitable local GPG agent socket" 2>&1
+return
+fi
+
+echo "Connecting..." >&2
+ssh -A -R $remote_socket:$local_socket "$@"