[pkg-gnupg-maint] Beware of leftover gpg-agent processes
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Aug 5 18:54:29 UTC 2016
Hi Werner--
On Fri 2016-08-05 14:04:28 -0400, Werner Koch wrote:
> On Fri, 5 Aug 2016 18:41, dkg at fifthhorseman.net said:
>> /usr/share/doc/{gnupg-agent,dirmngr}/README.Debian :
>>
>> systemctl --user enable gpg-agent
>> systemctl --user enable dirmngr
>
> systemd does not know about GnuPG process locking mechanism used to
> avoid double spawning of these daemon. I would recommend against
> that.
These .service files are launching the daemons with a similar invocation
to what we have traditionally used in X11 startup scripts. I don't see
how this arrangement would be any more broken than those scripts were.
The benefit, though, is that the processes will be supervised and
cleanly terminated when the user finishes all their sessions -- and if a
user starts multiple sessions concurrently, the system won't try to
start more than one copy.
> The GnuPG processes know better when to start a tool and a future
> release may add another daemon to be started or killed on the fly.
i'm happy to add a user .service for that other daemon when it is
introduced. I'll definitely look out for it.
> And yes, I should write a patch for ssh to auto-spawn gpg-agent.
That'd be great, thanks! In addition, it would be great to be able to
have ssh be able to tell gpg-agent where to do its prompting if it was
started in a separate session (see https://bugs.debian.org/830658). i'm
not sure how to do that, but if you want to keep me in the loop on any
work i'd be happy to facilitate it any way i can.
Happy hacking,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20160805/dbe91006/attachment.sig>
More information about the pkg-gnupg-maint
mailing list