Subversion HTTPS password caching using GPG-Agent?

This thread seems to give a hint: https://groups.google.com/forum/#!topic/subversion_users/WS8Cr7mAovQ

I'm running Xfce on Ubuntu, and I had the same problem. Apparently, the reason is that the $GPG_AGENT_INFO environment variable is not set. Manually running the /etc/X11/Xsession.d/90gpg-agent script (which sets this variable) did help me.


I finally found a solution to my problem by looking into it once more, starting from the suggestion of Roman above. The comments of the find_gpg_agent_socket function in the Subversion client's GPG-Agent authentication source code indeed explain:

$GPG_AGENT_INFO takes precedence, if set, otherwise $GNUPGHOME will be used.

(...)

For reference GPG_AGENT_INFO consists of 3 : separated fields. The path to the socket, the pid of the gpg-agent process and finally the version of the protocol the agent talks.

The path to the GPG-Agent socket can easily be found by calling gpgconf --list-dirs agent-socket on the command line. The other two segments of the $GPG_AGENT_INFO variable are not used by the Subversion client, and should thus not necessarily be set.

I have therefore added the following code at the end of my .profile file:

export GPG_TTY=$(tty)
export GPG_AGENT_INFO=`gpgconf --list-dirs agent-socket | tr -d '\n' && echo -n ::`

This sets the $GPG_TTY variable to the current terminal, and the $GPG_AGENT_INFO variable to the GPG-Agent socket, followed by two colon characters (i.e., the format expected by the Subversion source code).

Subversion seems to cache the repositories' authentication settings in ~/.subversion/auth, so I found it necessary to clear that directory before GPG-Agent would be used correctly:

rm -rf ~/.subversion/auth

After starting a new session, you should be able to verify that the $GPG_AGENT_INFO variable is set correctly: echo $GPG_AGENT_INFO should output something like /run/user/1000/gnupg/S.gpg-agent:: (where 1000 is the uid of the current user).

When performing a Subversion command, for example svn up, your password will be prompted the first time:

Updating '.':
Enter your Subversion password for <https://example.com:443> Subversion Repository
Password for 'username': :
At revision 123.

When performing a second Subversion command for the same repository for some time afterwards, Subversion should use the password cached by GPG-Agent:

Updating '.':
At revision 123.

Edit: I have the impression that, when using a repository for the first time (i.e., when it is not yet present in Subversion's cache), the password is only correctly saved by GPG-Agent after entering it twice.