[pkg-gnupg-maint] Bug#840669: Bug#840669: Beware of leftover gpg-agent processes (was: Re: Changes for GnuPG in debian)
James McCoy
jamessan at debian.org
Sat Oct 15 01:45:17 UTC 2016
On Fri, Oct 14, 2016 at 03:21:43PM -0400, Daniel Kahn Gillmor wrote:
> On Fri 2016-10-14 13:17:06 -0400, Ian Jackson wrote:
> > This (and the change to gnupg2) has now broken dgit's DEP-8 test
> > suite, when run under schroot. I'm discussing this in #840669 (CC'd).
>
> in particular, the lack of a cleanup process breaks the test suite. If
> the test suite had a cleanup process, we know exactly how to "un-break"
> things.
>
> > I am trying to persaude Daniel that we should provide (at least
> > optionally) a mode where an autostarted agent (and the corresponding
> > authorisations, if the user types in a passphrase) have a lifetime
> > limited by that of the gpg process which started the agent.
>
> fwiw, i'm not the person who needs persuading. Ian's proposal is rather
> complex, seems likely to introduce new problems, and it isn't a change
> i'm up for either writing myself or supporting as a divergence from
> GnuPG upstream.
>
> The simple fix (cleaning up the test suite by eithe deleting the
> temporary GNUPGHOME directory or by invoking "gpgconf --kill gpg-agent")
> is a lot more straightforward.
I had to make a similar change[0] for devscripts' test suite, and it was
indeed pretty straightforward. The biggest hurdle was my fingers making
typos.
Granted, the code to create the temporary GNUPGHOME for the test was
already there, so it was just a matter of killing the agent. Supporting
setup and teardown around a test suite/case seems pretty typical. Heck,
even sh supports performing an action on exit (via trap).
[0]: https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=4038fbd93536c17ec2ad9cdb1b68acaae5782184&context=3&ignorews=1&dt=0
Cheers,
--
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
More information about the pkg-gnupg-maint
mailing list