Page MenuHome GnuPG
Create Task
Maniphest T3218

gpg-agent instances leak
Closed, ResolvedPublic
Actions

Description

We run gpg2 from another program. A typical command would be:

gpg2 --homedir $tmpdir --status-file logfile --import keyfile

In all cases we pass a temporary directory as --homedir because we don't want to interfere or use the user's own gpg keys.

After the program runs the temporary directory is deleted.

After this, gpg-agent instances are found to be leaking:

16543 ?        Ss     0:00 gpg-agent --homedir /tmp/virt-builder.eYvl5v/vb.gpghome.zyHsvg --use-standard-socket --daemon
16559 ?        Ss     0:00 gpg-agent --homedir /tmp/virt-builder.eYvl5v/vb.gpghome.MN7zSD --use-standard-socket --daemon

They basically hang around forever as far as I can tell.

Details

Version
gnupg2-2.1.21-2.fc26.x86_64

Revisions and Commits

rG GnuPG
rG1ead1ca818bd agent: Shutdown on removal of the home directory.

Event Timeline

rwmj created this task.Jun 22 2017, 6:54 PM
rwmj updated the task description. (Show Details)
rwmj added a comment.Jun 23 2017, 10:37 AM

For anyone following this bug, someone has worked out a (very awkward) workaround: https://stackoverflow.com/a/27689596/2505159

werner claimed this task.Jun 23 2017, 12:31 PM
werner triaged this task as High priority.
werner added a project: gnupg (gpg22).
werner added a subscriber: werner.

Well, this is a regression due to us creating creating /run/user/gnupg/ socket directories now on the fly. Thus there is no more need to create non-default home directories via gpgconf. Now, gpg-agent watches the socket file and terminates itself as soon as the socket file vanishes. Before that change the socket for a non-default home directory was created in the homedir itself and thus removing the homedir also removed the socket file and in turn gpg-agent terminated itself.

The solution is to also watch the home directory...

werner added a commit: rG1ead1ca818bd: agent: Shutdown on removal of the home directory..Jun 23 2017, 2:03 PM
werner added a project: Restricted Project.Jun 23 2017, 2:08 PM

I commited a change which should fix this on Linux

rwmj added a comment.Jun 23 2017, 2:17 PM

I have tested this and it appears to fix the leak of gpg-agent processes in virt-builder, thanks.

werner closed this task as Resolved.Jun 23 2017, 2:52 PM
werner removed a project: Restricted Project.