Bug#835075: [PATCH] use fake-pinentry (Closes: #835075)

gregor herrmann gregoa at debian.org
Sun Sep 11 14:38:05 UTC 2016 

On Tue, 06 Sep 2016 10:56:15 -0400, Daniel Kahn Gillmor wrote:

> On Sat 2016-09-03 03:58:34 -0400, gregor herrmann wrote:
> > 1) After the build finishes there are 6 instances of gpg-agent
> >   running. In my cowbuilder setup this doesn't cause any issues and
> >   they time out after some time (1 minute I guess).
> right, those processes should time out after their temporary home
> directories are removed.  I'm working with upstream on making that
> timeout happen faster than a 1 minute delay, but it's not done yet.

Sounds good, thanks!
 
> > 3) This is in schroot-on-lvm. And here unmounting fails because of the
> >    running gpg-agents leaving my schroot/lvm setup in a sad state.
> right, but this is a different issue, related to gpg-agent not.
> terminating rapidly enough when its socket is removed (same as (1)).
> I'm happy to track this as an issue, but it is a different issue than
> 835075.

True, I'm just a bit hesitant to upload a package which (at least in
my autopkgtest setup) fails autopkgtests and leaves a broken schroot
session and an orphaned lvm snapshot lying around. My fear is that
the same happens on the buildds and on ci.debian.net.
 
> > Another question is if we could have a fake-pinentry in some central
> > place (gnupg binary package?) to be used from all packages instead of
> > adding it everywhere?
> I am happy to ship something like fake-pinentry.pl (a pinentry that
> always returns "passphrase" and gamely accepts anything else) in a
> separate package, or even in gnupg as /usr/lib/gnupg/fake-pinentry, 

Cool, thanks.

> but
> it seems more important for me to get these fixes upstreamed.

Right, and I've asked David on IRC to look into this issue.
 
> I could even ship upstream's ./tests/openpgp/fake-pinentry.c there,
> though i worry that it now has too many features, which might actually
> encourage people to try to use it in non-dev environments; i think that
> would be a bad outcome.

Good point.
 
> Also, for language-specific libraries like lib*-perl, upstream will want
> this stuff to work on all platforms, and we can't guarantee that any
> gnupg binary package on other platforms will ship a fake-pinentry.

Good point as well :)
 
> So i think we should go ahead with this patch, as well as submitting it
> upstream.  I'm happy to try to replicate it on the other lib*-perl
> gnupg-related packages too if you're ok with this.

You're more than welcome to take a look at the other perl packages :)

TTBOMK we have:
#834522 libgnupg-perl
#835075 libmail-gnupg-perl
#834281 libgnupg-interface-perl
#835711 libconfig-identity-perl


Cheers,
gregor

-- 
 .''`.  Homepage https://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer -  https://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Nick Drake: 'Cello Song
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: Digital Signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20160911/be4381c3/attachment.sig>

More information about the pkg-perl-maintainers mailing list