Kleopatra: Multiple dirmngr started when searching for keys
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	• ebo
	Nov 23 2023, 4:11 PM

Description

When testing T6830 we noticed that multiple dirmngr.exe were running after doing some searches.

Details

Version: VS-Desktop-3.1.90.295-Beta

Revisions and Commits

rG GnuPG
	rGcc9568cd59b2 common,w32: Remove duplicated backslashes when setting the homedir.
	rG45f635788145 common,w32: Remove duplicated backslashes when setting the homedir.
rM GPGME
	rM85c7a94d635d cpp,tests: Launch dirmngr with gpg-conf
	rM7e520213c09d qt: Pass home directory with forward slashes when launching dirmngr
	rM1bbe2d4b7078 qt: Start dirmngr with gpgconf to avoid multiple instances

Related Objects

Mentioned In: T6849: Release GnuPG 2.2.43
T6578: Release GnuPG 2.4.4
T6782: Release GPGME 1.23.2
Mentioned Here: rM1bbe2d4b7078: qt: Start dirmngr with gpgconf to avoid multiple instances
T6830: Kleopatra: Smart card view does not show any certificates if one certficate could not be listed

Event Timeline

• ebo created this task.Nov 23 2023, 4:11 PM

ikloecker renamed this task from Kleopatra: multiple dirmngr.exe started when searching for keys to Kleopatra: Multiple dirmngr started when searching for keys.Nov 23 2023, 4:14 PM

High priority because multiple running dirmngr can cause interesting problems.

Should work now.

ikloecker added a commit: rM1bbe2d4b7078: qt: Start dirmngr with gpgconf to avoid multiple instances.Nov 23 2023, 5:01 PM

aheinecke moved this task from WiP to QA on the vsd32 board.Nov 25 2023, 10:15 PM

With VS-Desktop-3.1.90.300-Beta I do not any more see more than one dirmngr for the test user who is not in the windows test-domain.
But I still see 2 processes for the domain user. Which is less than before. Task manager for all users:

It looks as if it could be one dirmngr.exe per user and per path given in the call to it. One with slashes and one with multiple backslashes.
Do we have different calls to dirmngr.exe where the form how the path is given differs? At least on windows?
The Domain user was the only one of the two who had a working keyserver configured.

• ebo added a project: Restricted Project.Nov 27 2023, 3:51 PM

One proces per user is normal but the two for ebo-ad are strange. Especially the one with the multiple backslashes. I wonder where that came from. Can you try to find this out? e.g. have taskmanager open while you repeat your test and check when it comes up.

further improvement after the 3.2 release

When I do a search which is found on the keyserver, only the one without the multiple backslashes comes up, this seems to be started via gpgme call.
When starting again without a dirmngr and searching for a key which can only be found via WKD both entries appear in the taskmanager after only one search. The same is true if the key can be found in neither place. It seems the backslashes are associated with WKD and start is probably via gpgconf.

• ebo changed the task status from Testing to Open.Nov 27 2023, 4:26 PM

I guess that the second instance is started by gpgsm_new (engine-gpgsm.c) via assuan_pipe_connect.

assuan_pipe_connect, etc., is outside of my comfort zone. Somebody else (@werner ?) should check how to prevent two gpgsm's started via gpgconf --launch and assuan_pipe_connect (if that's what happens).

• werner mentioned this in T6782: Release GPGME 1.23.2.Nov 28 2023, 4:55 PM

• ebo added a project: vsd33.Jan 5 2024, 2:31 PM

• werner claimed this task.Jan 8 2024, 12:21 PM

It does not matter how many gpgsm instances try to start a daemon. The same code is used for starting and this code first takes a lock. When using gpgconf --launch the same code is used too (indirect by calling gpg-connect-agent NOP /bye wityh options for the respective daemon).

Ingo's commit rM1bbe2d4b707 should fix this. Feel free to re-open iff you see more than one instance again.

• werner moved this task from QA to vsd-3.2.0 on the vsd32 board.Jan 8 2024, 1:31 PM

• werner edited projects, added vsd32 (vsd-3.2.0); removed vsd32.

It is still there in VS-Desktop-3.2.1.0 insofar as 2 dirmngrs are started. It was only fixed insofar that it is no longer more than 2.

With Keyserver set to "none" I see 2 dirmngr processes in the Windows task manager after one search, regardless of if something was found or not:

Edit: As it seemed to be relevant before: I did just now only test with the user who is not in the Windows domain. And I didn't start GpgOL at all, therefore it can have nothing to do with this.
Edit2: There are 2 dirmngr startet for the domain user, too, regardless of if the key is found on the configured keyserver or the WKD.

Double backslash quoting is the culprit. For WKD requests the GPGMe QT code makes sure that the dirmngr has been started. This is done by running gpgconf --homedir FOO --launch dirmngr. gpgconf returns the homedir with backslashes on Windows to be be nice to ppl who wonder when they notice (legal) forward slashes on Windowns. Now when the spawn function along with its helper is called, it needs to quote the backslashes. But somewhere on the way back one de-quoting is missing and thus gpg sees double backslashes. That is in general not a problem but when checking whether this is the standard home directory, this does not match and gpg puts the socket into a subdirectory. In turn another dirmngr is started for the WKD purpose.

The fix should go into gpgme to spawn dirmngr with a proper home directory (i.e with forward slashes). Further we can detect double quoting when set parse the --homedir option and fix this too in most cases. Bonus points for actually figuring out why quoting and unquoting does not work as expected.

I think the double backslash quoting happens because _gpgme_io_spawn quotes the backslashes and calls gpgme-w32spawn and then gpgme-w32spawn quotes the backslashes again and calls gpgconf. I haven't seen anything in gpgme-w32spawn that would unquote the quotes backslashes. But maybe that's supposed to happen in the background. A comment in the code reads "We have to quote some things because under Windows the program parses the commandline and does some unquoting.", but maybe that's no longer true.

In T6833#181135, @werner wrote:

The fix should go into gpgme to spawn dirmngr with a proper home directory (i.e with forward slashes).

I propose to replace all backslashes in dirinfo with forward slashes so that GpgME always uses/returns paths with forward slashes. Or is there any reason for keeping the backslashes?

We did this on purpose once - For Windows ppl it is just weird to see forward slashes.

Taking over

I applied a fix to gnupg which also solves the issue.

• werner added a commit: rG45f635788145: common,w32: Remove duplicated backslashes when setting the homedir..Jan 9 2024, 10:23 AM

• werner added a commit: rGcc9568cd59b2: common,w32: Remove duplicated backslashes when setting the homedir..

ikloecker added a commit: rM85c7a94d635d: cpp,tests: Launch dirmngr with gpg-conf.Jan 9 2024, 11:25 AM

ikloecker added a commit: rM7e520213c09d: qt: Pass home directory with forward slashes when launching dirmngr.

Fixed in gpgme and gnupg 2.2/2.4.

• ebo added a project: vsd33.Jan 10 2024, 3:05 PM

• ebo moved this task from Backlog to QA on the vsd33 board.

works in Gpg4win-4.3.0-beta571

• werner mentioned this in T6578: Release GnuPG 2.4.4.Jan 25 2024, 11:37 AM

No more additional dirmngr.exe processes come up in VS-Desktop-3.1.92.39-Beta, too.

• werner mentioned this in T6849: Release GnuPG 2.2.43.Tue, Apr 16, 9:47 AM