Arch Linux: Fix gcr-agent interfering with ssh/gpg-agent

I finally found the reason why my ssh authentication socket provided by gpg-agent wasn’t used by programs started from the desktop environment (KDE in my case, but this is irrelevant). The problem is, not surprisingly, a bug in the Arch package of gcr-4.

I did configure the env variable SSH_AUTH_SOCK to use gpg-agent via ~/.config/environment.d/80_gpg_agent.conf containing

PINENTRY=pinentry-qt
SSH_AGENT_PID=""
SSH_AUTH_SOCK=${XDG_RUNTIME_DIR}/gnupg/S.gpg-agent.ssh

but despite this, all programs started from the DE (like start menu, task bar, etc) did have the wrong setting. This resulted in the ssh passphrase being asked multiple times.

Basically what happened is that the Arch packaging of gcr (Gnome Crypto ???) started enabling by default the gcr-ssh-agent.socket, which – in the infinite wisdom of Gnome whoohaa people – forcibly updated the environment

ExecStartPost=-/usr/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gcr/ssh

(no comment about this masterpiece, never heard about gpg-agent etc …).

The bug in the Arch package was fixed 2 months ago in this commit, but unfortunately, Arch does not provide clean-up of incorrectly configured systems. That means in my case that the incorrect link did remain there even after fixed packages got installed.

Sometimes I long for the Debian way requiring messed up configuration to be fixed by the package maintainers …

So, for those who are still seeing this bug, the following steps are necessary:

systemctl --user stop gcr-ssh-agent.service
systemctl --user stop gcr-ssh-agent.socket
systemctl --user disable gcr-ssh-agent.service
systemclt --user disable gcr-ssh-agent.socket

and most importantly

systemctl --global disable gcr-ssh-agent.socket

After that and a reboot, the SSH_AUTH_SOCK env variable should point to the correct place, and one should only get asked once for the passphrase.