[pkg-gnupg-maint] Bug#853905: Bug#853905: Ships incorrect /usr/lib/systemd/user/sockets.target.wants files, makes disabling impossible

Yuri D'Elia wavexx at thregr.org
Tue Feb 7 18:00:31 UTC 2017 

On Mon, Feb 06 2017, Daniel Kahn Gillmor wrote:
>>   gpg --batch -qe -r keyid "$@"
>
> sure, but what's the "$@" ?  Is it guaranteed to be a simple file name?
> or could it be more gpg options?

I left that out in a copy-paste, but it's empty. There are no extra args
to given to gpg that I didn't show.

> So i'm still unable to reproduce this :/

I need to output extra debugging in the cron job, but I need some extra
time to set some testing environment.

>> gpg: WARNING: server 'gpg-agent' is older than us (2.1.17 < 2.1.18)
>
> hm, that's interesting.  I wonder whether it makes sense for a package
> upgrade that includes user services to tell all systemd-managed user
> services to reload.  I could see that being useful, but i don't know how
> to do it.

I think that terminating the agent when unused, in combination with the
socket listening is the right approach here. Thanks a lot for requesting
this upstream.

>> In the specific cron case, I do see the listening sockets being created
>> (due to pam-systemd integration I guess) and removed at each job.
>
> so in that case, when the listening sockets are removed, does the
> gpg-agent process itself also get terminated properly?  or does the
> process continue to survive even with all sockets removed?  gpg-agent
> should notice that removal and shut itself down.

It survives, obviously :/

There are some extra questions raised by cron+pam-systemd+linger here.
For instance, this should only happen because root has no session
active, and thus cron starts/destroys one.

But if the agent is using the systemd's socket, this should get removed
and I should see more agents being started at each cron job. This is not
happening. I conclude that the agent is not actually using the sockets
provided by the service at all in the cron session[?].

Initially, in my report, I was actually assuming the sockets where
probed by something else that's using the agent - not gpg itself, and
hence my willingness to disable the socket creation entirely.

For example, does using ssh trigger the creation of the agent now,
simply because the sockets are available?

I can answer some of those question, but I need to setup some separate
testing environment.

More information about the pkg-gnupg-maint mailing list