Skip to content

Instantly share code, notes, and snippets.

Last active March 5, 2023 05:46
What would you like to do?
Script taken from and improved
#!/usr/bin/env bash
# Inspired by
# Guide:
# Install GPG on windows & Unix
# Add "enable-putty-support" to gpg-agent.conf
# Download wsl-ssh-pageant and npiperelay and place the executables in "C:\Users\[USER]\AppData\Roaming\" under wsl-ssh-pageant & npiperelay
# Adjust relay() below if you alter those paths
# Place this script in WSL at ~/.local/bin/gpg-agent-relay
# Start it on login by calling it from your .bashrc: "$HOME/.local/bin/gpg-agent-relay start"
die() {
# shellcheck disable=SC2059
printf "$1\n" >&2
exit 1
main() {
checkdeps socat start-stop-daemon lsof timeout
case $1 in
if ! start-stop-daemon --pidfile "$PIDFILE" --background --notify-await --notify-timeout 5 --make-pidfile --exec "$0" --start -- foreground; then
# shellcheck disable=SC2016
die 'Failed to start. Run `gpg-agent-relay foreground` to see output.'
start-stop-daemon --pidfile "$PIDFILE" --remove-pidfile --stop ;;
start-stop-daemon --pidfile "$PIDFILE" --status
local result=$?
case $result in
0) printf "gpg-agent-relay is running\n" ;;
1 | 3) printf "gpg-agent-relay is not running\n" ;;
4) printf "unable to determine status\n" ;;
return $result
relay ;;
die "Usage:\n gpg-agent-relay start\n gpg-agent-relay stop\n gpg-agent-relay status\n gpg-agent-relay foreground" ;;
relay() {
set -e
local winhome
local wslwinhome
winhome=$(cmd.exe /c "<nul set /p=%UserProfile%" 2>/dev/null || true)
wslwinhome="$(wslpath -u "$winhome")"
local npiperelay="$wslwinhome/AppData/Roaming/npiperelay/npiperelay.exe"
local wslsshpageant="$wslwinhome/AppData/Roaming/wsl-ssh-pageant/wsl-ssh-pageant-amd64-gui.exe"
local gpgconnectagent="/mnt/c/Program Files (x86)/GnuPG/bin/gpg-connect-agent.exe"
local gpgagentsocket="$GNUPGHOME/S.gpg-agent"
local sshagentsocket="$GNUPGHOME/S.gpg-agent.ssh"
# backslash escaping in socat EXEC doesn't seem to work very well, use forward slashes instead
# windows/npiperelay handle that just fine
local wingpgagentpath="${winhome//\\/\/}/AppData/Roaming/gnupg/S.gpg-agent"
killsocket "$gpgagentsocket"
killsocket "$sshagentsocket"
"$gpgconnectagent" /bye
"$wslsshpageant" --systray --winssh ssh-pageant 2>/dev/null &
# shellcheck disable=SC2034
socat UNIX-LISTEN:"$gpgagentsocket,unlink-close,fork,umask=177" EXEC:"$npiperelay -ep -ei -s -a '$wingpgagentpath'",nofork &
# shellcheck disable=SC2064
trap "kill -TERM $GNUPID" EXIT
socat UNIX-LISTEN:"$sshagentsocket,unlink-close,fork,umask=177" EXEC:"$npiperelay /\/\./\pipe/\ssh-pageant" &
set +e
# shellcheck disable=SC2064
trap "kill -TERM $GNUPID; kill -TERM $SSHPID" EXIT
systemd-notify --ready 2>/dev/null
trap - EXIT
killsocket() {
local socketpath=$1
if [[ -e $socketpath ]]; then
local socketpid
if socketpid=$(lsof +E -taU -- "$socketpath"); then
timeout .5s tail --pid=$socketpid -f /dev/null &
local timeoutpid=$!
kill "$socketpid"
if ! wait $timeoutpid; then
die "Timed out waiting for pid $socketpid listening at $socketpath"
rm "$socketpath"
checkdeps() {
local deps=("$@")
local dep
local out
local ret=0
for dep in "${deps[@]}"; do
if ! out=$(type "$dep" 2>&1); then
printf -- "Dependency %s not found:\n%s\n" "$dep" "$out"
return $ret
main "$@"
Copy link

andsens commented Dec 13, 2020

@jmigual huh, curious. Of course, only on process can be listening on that socket. So the others must be clients. I'm not sure killing them is the best way to go, it would be better to have lsof filter properly.

Copy link

mew1033 commented Feb 8, 2021

This isn't working for me as is. I moved a few files around, but other than that I'm running the script exactly as you have here. The only thing that fixed gpg for me was to symlink /mnt/c/Program Files (x86)/GnuPG/bin/gpg.exe to /usr/local/sbin/gpg. (Found here:

Is there any way I can help figure out why it doesn't work with stock gpg?

P.S. I'm also going to work on modifying the script to only setup the GPG relay. I want to use the built in Windows OpenSSH client with its ssh-agent.

Copy link

alanivey commented Feb 8, 2021

I'm also not able to get it working. When I run any gpg commands in WSL2 (Ubuntu 20.10 fwiw), it doesn't seem able to use the existing sockets. I added extra-socket /dev/null and browser-socket /dev/null to ~/.gnupg/gpg-agent.conf to keep it from creating any new sockets, and then any gpg commands return: gpg: can't connect to the agent: End of file

Copy link

mew1033 commented Feb 8, 2021

@alanivey Did you try the symlink method? That was the only thing that worked for me.

Copy link

alanivey commented Feb 9, 2021

@mew1033 yes, I symlinked the Gpg4Win exe in WSL2 Linux as $HOME/.local/bin/gpg with ln -sv /mnt/c/Program\ Files\ \(x86\)/GnuPG/bin/gpg.exe ~/.local/bin/gpg (in my WSL2 Linux environment, I have this directory at the front of $PATH). This binary does not attempt to use $HOME/.gnupg/S.gpg-agent when running gpg commands, nor does it use $HOME/.gnupg for its database, so it's not necessary to do any GPG setup in the WSL2 Linux environment. B/c I'm not looking to use the SSH agent integration, I ultimately find this easier; I maintain a single GPG database in Windows and can use it in multiple WSL2 Linux environments without replicating.

I'll caveat that I have not used this configuration for longer than a day so I might end up being wrong!

Copy link

In my Debian-WSL2, I can't access cmd.exe (and I didn't investigate in this further, as there seems to be a cleaner way), so the script isn't working. I replaced line 55 and 56 with this (you have to install wslu for this):

username="$(wslvar USERPROFILE)"
wslwinhome="$(wslpath $username)"
winhome="$(wslpath -w $wslwinhome)"

additionally, I had to add export PATH=$PATH:/sbin to my .bashrc as otherwise start-stop-daemon isn't found in path.

Copy link

matt-forster commented Dec 16, 2021

@andsens I was having difficulty with this script and multiple shells (ie, a windows terminal and VSCode, which opens another terminal). It was failing because multiple PIDs were being included in the socket file, and kill was not super happy about that.

I'd end up with an error like;

gpg-agent-relay foreground
gpg-agent-relay: line 99: kill: 768
30552: arguments must be process or job IDs
tail: cannot open '2650' for reading: No such file or directory
tail: cannot open '8610' for reading: No such file or directory
tail: cannot open '23065' for reading: No such file or directory
tail: cannot open '26471' for reading: No such file or directory
tail: cannot open '27892' for reading: No such file or directory
tail: cannot open '30552' for reading: No such file or directory
==> /dev/null <==

To correct it, I modified the killsocket function;

 killsocket() {
   local socketpath=$1
   if [[ -e $socketpath ]]; then
     # local socketpid
     lsof +E -taU -- "$socketpath" | awk 'length {print $1}' | xargs -rn1 kill

This works and corrects my multiple-terminal issues, but the timeout is also removed. It could be added, but I am wondering if it is even necessary?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment