[pkg-gnupg-maint] Bug#840669: Bug#840669: Need way to avoid agent, or reliable way to kill agent
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Oct 14 19:38:29 UTC 2016
Hi Simon--
On Fri 2016-10-14 14:38:34 -0400, Simon McVittie wrote:
> If you like other people's patterns, have you considered borrowing the
> "adverb" pattern from dbus-run-session, but with s/dbus-daemon/gpg-agent/
> applied? Whether it addresses Ian's desired properties for dgit's
> credentials handling or not (probably not), it's certainly a viable
> model for running unit tests with a transient GPGHOME. I've found myself
> wishing for this facility when dealing with Flatpak and OSTree; both of
> those optionally sign the content you publish with them, and hence both
> of those need some special gpg-agent handling if you're going to run
> their unit tests without leaving stray processes.
>
> dbus-run-session consists of: start a dbus-daemon --session; set the
> environment for its other child to point to that dbus-daemon; run its
> remaining argv as a child process; when the other child exits, terminate
> the dbus-daemon and exit with the other child's exit status.
gpg-agent used to support this pattern explicitly:
gpg-agent run-my-test-suite
would have worked fine and behaved as you describe. fwiw, OpenSSH's
ssh-agent can do the same thing. We used the same pattern for the
monkeysphere validation agent in msva-perl.
However, since gpg-agent's move to the standard socket location, this
pattern isn't working any more. Any process which shares a GNUPGHOME
with another process will also share an agent with it.
If you see a way to restore that behavior, i'd certainly be interested.
It might help, perhaps, if there were a standard way for gpg to know to
use a different gpg-agent explicitly.
This has also been discussed tangentially in an upstream bug report,
fwiw: https://bugs.gnupg.org/gnupg/issue2749
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20161014/d672f61c/attachment.sig>
More information about the pkg-gnupg-maint
mailing list