[pkg-gnupg-maint] Bug#902316: Bug#902316: gnupg failing completely in dgit autopkgtests [and 1 more messages]

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Jun 26 19:27:37 BST 2020

Hi Ian--

I don't know what the current status of the failing tests suites is for
dgit -- last i heard, you had to have major, clunky workarounds to avoid
problems with concurrent access to gpg-agent, or else gpg-agent would
(intermittently, unpredictably) fail on some requests.

Please correct me if that description is wrong.  It sounds pretty

I just learned today of the --auto-expand-secmem option for gpg-agent,
which a user on IRC reports resolved all of their problems with heavy
concurrent use of gpg-agent.

It's not clear why this argument should be off by default (i'm also not
convinced that "secmem" is a particularly useful defense on modern
computers either, but that's another line of discussion entirely).

I'd like to nudge upstream about this, but getting feedback in the wild
would be really useful.

I don't know whether you have any patience left to experiment with this,
or whether you're still using gpg at all, but if you are, this would be
a useful test for me:

 - set aside the scaffolding you used as a workaround to avoid these

 - reproduce the failure

 - add "auto-expand-secmem" to the relevant gpg-agent.conf before you
   start the agent for dgit

 - try to reproduce the failure again

if that resolves the problem, it would be really useful information for
me to know what version you're trying with, and what the behavior looks

Sorry for the hassle here, and i hope this is useful in moving the
situation forward.  (if you've given up, that's also fair -- please let
me know if that's the case so i can try to track down the errors in a
more synthetic context).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20200626/9d8051cf/attachment.sig>

More information about the pkg-gnupg-maint mailing list