Followup Part3
GPG Cache Checking: deja vu
Until this week I had been using a clean way of checking if my laptop GPG key was cached.
...
If this doesn't sound like a familiar story, see Part1.
A Broken Solution
This week debian sid moved to using gpg2 as gpg.
After the upgrade I found that my Backups were no longer passing, via my Conky Script.
However my awk was still working when run in the terminal... odd.
gpg-connect-agent 'keyinfo --list' /bye 2>/dev/null | awk 'BEGIN{CACHED=0} /^S/ {match($0, /S\sKEYINFO\s\S+\s\S\s\S+\s\S+\s(\S)\s\S\s\S+\s\S+\s\S/, m); if(m[1]==1){CACHED=1}} END{print CACHED}'
Why it Broke
When I upgraded, I moved from:
gnupg1.4.20-6 to 2.1.14-5 gnupg2 was separategnupg22.1.11-7 to 2.1.14-5gnupg-agent2.1.11-7 to 2.1.14-5
Post upgrade, gpg-connect-agent 'keyinfo --list' /bye still works normally.
~ -> gpg-connect-agent 'keyinfo --list' /bye
S KEYINFO REDACTEDREDACTEDREDACTEDREDACTEDREDACTED D - - - P - - -
S KEYINFO REDACTEDREDACTEDREDACTEDREDACTEDREDACTED D - - 1 P - - -
S KEYINFO REDACTEDREDACTEDREDACTEDREDACTEDREDACTED T REDACTEDREDACTEDREDACTEDREDACTED OPENPGP.1 - - - - -
S KEYINFO REDACTEDREDACTEDREDACTEDREDACTEDREDACTED T REDACTEDREDACTEDREDACTEDREDACTED OPENPGP.3 - - - - -
S KEYINFO REDACTEDREDACTEDREDACTEDREDACTEDREDACTED T REDACTEDREDACTEDREDACTEDREDACTED OPENPGP.2 - - - - -
OK
But sudo gpg-connect-agent 'keyinfo --list' /bye does not.
~ -> gpg-connect-agent 'keyinfo --list' /bye
S KEYINFO REDACTEDREDACTEDREDACTEDREDACTEDREDACTED D - - - P - - -
S KEYINFO REDACTEDREDACTEDREDACTEDREDACTEDREDACTED D - - - P - - -
S KEYINFO REDACTEDREDACTEDREDACTEDREDACTEDREDACTED T REDACTEDREDACTEDREDACTEDREDACTED OPENPGP.1 - - - - -
S KEYINFO REDACTEDREDACTEDREDACTEDREDACTEDREDACTED T REDACTEDREDACTEDREDACTEDREDACTED OPENPGP.3 - - - - -
S KEYINFO REDACTEDREDACTEDREDACTEDREDACTEDREDACTED T REDACTEDREDACTEDREDACTEDREDACTED OPENPGP.2 - - - - -
OK
After asking around on #gnupg, it looks like socket location was changed in version 2.1.13. (thank you K_F, for pointing me in the right direction)
Instead of using $HOME/.gnupg/S.gpg-agent, gpg-agent now uses /run/user/${UID}/gnupg/S.gpg-agent
Running sudo gpg-connect-agent -S /run/user/${UID}/gnupg/S.gpg-agent 'keyinfo --list' /bye produces the correct output again.
A Clean Solution... revisited
When sudo privileges are needed (otherwise things still work), you can use:
gpg-connect-agent -S /run/user/${UID}/gnupg/S.gpg-agent 'keyinfo --list' /bye 2>/dev/null | awk 'BEGIN{CACHED=0} /^S/ {match($0, /S\sKEYINFO\s\S+\s\S\s\S+\s\S+\s(\S)\s\S\s\S+\s\S+\s\S/, m); if(m[1]==1){CACHED=1}} END{print CACHED}'
This is assuming you aren't sudo -s, where $SUDO_UID would then be needed.
EDIT 19FEB2017: In hind sight, there is a better awk, which now doesn't have to be gawk:
gpg-connect-agent 'keyinfo --list' /bye 2>/dev/null | awk 'BEGIN{CACHED=0} /^S/ {if($7==1){CACHED=1}} END{if($0!=""){print CACHED} else {print "none"}}'
gpg-connect-agent -S /run/user/${UID}/gnupg/S.gpg-agent 'keyinfo --list' /bye 2>/dev/null | awk 'BEGIN{CACHED=0} /^S/ {if($7==1){CACHED=1}} END{print CACHED}'
Afterwords
While this does work for the cache check of my backups (with added code to account for $UID vs $SUDU_UID, as manually running and cryptshotr and running via cryptshotr-cron have different needs...), it does not handle sudo gpg... working...
sigh
So I am currently still using a hack, which is to link $HOME/.gnupg/S.gpg-agent to it's current location. After this, Things-Just-Work™.
For now.
ln -s /run/user/${UID}/gnupg/S.gpg-agent $HOME/.gnupg/S.gpg-agent