[pkg-gnupg-maint] Bug#1117777: gpg-agent: handling of max-cache-ttl values is broken since trixie upgrade
Andreas Metzler
ametzler at bebt.de
Sat Oct 11 10:39:56 BST 2025
On 2025-10-10 Steve McIntyre <steve at einval.com> wrote:
> Package: gpg-agent
> Version: 2.4.8-3
> Severity: important
> Hi!
> I'm using gpg-agent to store passphrases for a software-signing server
> at Pexip. We've been doing this for quite some time, and it has worked
> well until now. With the upgrade to Trixie, things have broken. :-(
> I've debugged and found the problem: something has changed in the
> handling of the "max-cache-ttl" value for gpg-agent and it now breaks
> on values which are > 2^31.
> We've been using
> max-cache-ttl 4294967295
> (i.e. 2^32 - 1) in our config previously, so as to keep passphrases
> cached for a very long time. This worked just fine. Since the upgrade,
> testing showed that passphrases were being expired *immediately* after
> being preset.
[...]
Hello Steve,
Is this on a specific arch?
I just tried this on amd64/forky:
testit at argenau:~$ rm -rf ~/.gnupg/
testit at argenau:~$ gpg --quick-generate-key foo at example.com
testit at argenau:~$ echo 'max-cache-ttl 7000000000' > ~/.gnupg/gpg-agent.conf
testit at argenau:~$ killall gpg-agent
testit at argenau:~$ echo blah > /tmp/foo
testit at argenau:~$ rm -f /tmp/foo.gpg && gpg --sign /tmp/foo
# and a second time
testit at argenau:~$ rm -f /tmp/foo.gpg && gpg --sign /tmp/foo
And I thought I would have to re-enter the passphrase when signing the
2nd time but that did not happen.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the pkg-gnupg-maint
mailing list