Page MenuHome GnuPG

Don't use deprecated --supervised option in example systemd service units
Closed, ResolvedPublic

Description

The --supervised option was deprecated in ca5d5142c (Deprecate the --supervised options., 2022-04-25). They were left in the systemd service units shipped in doc/examples/systemd-user. Using the provided unit files produces WARNING: "--supervised" is a deprecated option" in the output.

Details

Version
gnupg-2.4.0

Revisions and Commits

Event Timeline

The attached patch removes the --supervised option from the example dirmng and gpg-agent systemd unit files.

This issue was reported to the Fedora devel list today. A related Fedora https://bugzilla.redhat.com/2158627 was also created.

Actually, the entire systemd based launching is deprecated and thus the logged warning is on purpose.

The problem with the systemd launched gpg-agent is that it creates a race: gpg launches gpg-agent as needed and to avoid concurrent launching by other gpg or gpgsm processes, it takes a file system lock during the launch process. systemd does not know about this and we end up with sometimes end up with two gpg-agent processes. Eventually one of those processes detects that it does not own the socket and terminates itself. No real harm here but you may see smart card lockups or a flushed password cache.

Thanks for the context Werner. This was missing from the commit which added the deprecation warning so all one could do is guess.

If this is the case, a prominent notice in doc/examples/systemd-user/README (and possibly within the unit files as well) would probably be warranted?

The current warning doesn't directly suggest that the solution is to not use the systemd-user units at all. I'm not sure of the best way that it could, or I would try to put that in patch form.

werner claimed this task.