Recent versions of
gpg launch a persistent user process (
gpg-agent) when generating keys. This process remains running even after the command terminates. I want to change this behavior.
Currently, I’m using
unshare and PID namespaces to isolate and kill off anything that
gpg leaves running. Unfortunately, this approach requires elevated privileges that may not always be available (root and access to pid/mount namespace).
Is there a way for a script to "cleanly" generate gpg keys using
- leaving processes running, or
- requiring elevated privileges?
For the sake of completion, the following roughly illustrates my current setup:
sudo unshare -fp --mount-proc sh -c 'gpg --homedir /tmp/TEMP_DIR --generate-key --batch; kill -9 -1' <<EOF Key-Type: DSA Key-Length: 768 Name-Real: TEMPKEY Name-Comment: TEMPKEY Name-Email: noreply@localhost Expire-Date: 0 %no-protection EOF