ssh: Move to GPG

.gnupg/gpg-agent.conf

@@ -1,5 +1,11 @@
+## 1-day timeout
+default-cache-ttl 86400
+max-cache-ttl 86400
+## SSH
+enable-ssh-support
+default-cache-ttl-ssh 86400
+max-cache-ttl-ssh 86400
+## Emacs pinentry
 pinentry-program /usr/bin/pinentry-emacs
 allow-emacs-pinentry
-allow-loopback-pinentry
-default-cache-ttl 86400
-max-cache-ttl 86400
+allow-loopback-pinentry

.profile

@@ -111,11 +111,16 @@ export MANWIDTH=80
 export TIME_STYLE=+"|%Y-%m-%d %H:%M:%S|"
 
 ## SSH-Agent
-if command -v ssh-agent >/dev/null 2>&1 && [ -z "$SSH_AGENT_PID" ]; then
-	 eval "$(ssh-agent)"
-	 ## Kill ssh-agent on session end. Console login only.
-	 trap 'test -n "$SSH_AGENT_PID" && eval $(ssh-agent -k)' 0
+## Set SSH to use gpg-agent
+unset SSH_AGENT_PID
+if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
+  export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
 fi
+# Set GPG TTY
+export GPG_TTY=$(tty)
+# Refresh gpg-agent tty in case user switches into an X session
+gpg-connect-agent updatestartuptty /bye >/dev/null
+eval $(keychain --eval --quiet --agents gpg)
 
 ## Linux specific
 if [ "$(uname -o)" = "GNU/Linux" ] ; then

.xinitrc

@@ -23,12 +23,3 @@ else
 	emacs --daemon -f exwm-enable
 	exec emacsclient -c
 fi
-
-## TODO: When the session is terminated, some forked processes must be closed
-## manually. This can automated by setting a shell 'trap' in .profile when
-## logged from a TTY. The trick does not work from an X login manager. This file
-## could be the place where to clean everything, but it will not be parsed by
-## some login managers. Beside, systemd sessions may sigkill all user apps on
-## logoff, preventing a clean termination.
-# ssh-agent -k
-## See if exec'ing "ssh-agent <WM>" is a better idea.