I'd like gnugp2 to be built with --enable-run-gnupg-user-socket configure option. This is not true as of the latest RHEL-8 build gnupg2-2.2.20-3.el8_6.

libdnf and librepo need it for RHEL-6421. In short libdnf and librepo creates /run/user/${UID} directory to let gpg to create a gpg-agent named socket there rather than in a GPG home path. The reason why DNF wanted the socket there is using DNF from a container builders which do not support named socket files (https://bugzilla.redhat.com/show_bug.cgi?id=1769831, https://bugzilla.redhat.com/show_bug.cgi?id=1781601). However, we got a report that if DNF is executed by an Insights client, the directory is created with a SELinux label which does not match what systemd-logind needs (RHEL-6421). Therefore I'd like to utilize a different path which does not clash systemd.

The --enable-run-gnupg-user-socket option enhances gpg to first try /run/gnupg/${UID} path, then /run/user/${UID}, and finally a GPG home path. See _gnupg_socketdir_internal() in common/homedir.c:

  static const char * const bases[] = {
#ifdef USE_RUN_GNUPG_USER_SOCKET
    "/run/gnupg",
#endif
    "/run",
#ifdef USE_RUN_GNUPG_USER_SOCKET
    "/var/run/gnupg",
#endif
    "/var/run",
    NULL
  };

Because the path does not exist by default and it can be create only by a superuser, enabling the option is a low risk for normal GnuPG use cases as in most cases the new path will be simply skipped.

RHEL 9 is also affected (gnupg2-2.3.3-4.el9.x86_64).