[pkg-gnupg-maint] Bug#868550: Bug#889594: concurrency problems with ansible

Tony Finch dot at dotat.at
Tue Feb 12 12:30:57 GMT 2019


I am seeing random failures with gnupg more frequently than I used to.

I have an Ansible plugin that invokes gpg in a very straightforward manner:

https://dotat.at/cgi/git/regpg.git/blob/HEAD:/ansible/filter.py

In the situation I use this plugin, I am typically decrypting and
installing secrets on 15 servers in parallel. This happens several times
during an Ansible run, for a different kind of secret each time. Usually
one of these decryptions will randomly fail during the run, like this:

	TASK [ssh : ssh host private keys]

	gpg: decryption failed: No secret key

	failed: [rnb-a.dns.cam.ac.uk] (item=ssh_host_ed25519_key) => {"failed": true, "item": "ssh_host_ed25519_key", "msg": "gpg --decrypt /home/fanf2/work/dns/ipreg/ansible/roles/ssh/files/rec/ssh_host_ed25519_key.asc failed: "}

The agent is pre-loaded with the passphrase at the start of the run, so
there is no user interaction while it is in progress. The random failures
are becoming more frequent as the number of servers increases.

I'm using gnupg 2.1.18-8~deb9u3 on Debian Stretch.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Dover, Wight, Portland, Plymouth: Southwest backing south 4 or 5, occasionally
3 at first, increasing 6 at times later in Plymouth. Slight or moderate,
becoming rough in west Plymouth. Fair. Good.



More information about the pkg-gnupg-maint mailing list