Page MenuHome GnuPG

Kleopatra: Kwatchgnupg must not modify conf files
Open, NormalPublic

Description

Kwatchgnupg (which is only available in Kleopatra on Linux) does log debug output to a socket.
When the log is started, it will write the log-socket to all conf files in GNUPGHOME and won't remove those entries again. This does cause at least warnings on the command line when kwatchgnupg is no longer running, but may also result in no verification results shown there, like in this case here:

https://forum.gnupg.org/t/problem-with-socket-connection-refused/4669/9

How do we want to solve this?
For one thing writing to all config files is overkill and for another the entries should be deleted again when logging is stopped.
But even it they are to be deleted it still might happen that something crashes and the entry is not deleted sometimes, I guess.
Would it be possible to only create a temporary log socket somehow, which will automatically disappear?

Event Timeline

I would say this could be treated as a duplicate or subtask of T7147: Kleopatra: Add debug information / Log handling KWatchGnuPG is in my opinion not very useful, since as a developer debugging things the command line and "watchgnupg" without the K are more then enough, KWatchGnuPG is basically just a qprocess output viewer of watchgnupg. IMO it would be similar if we would just execute CMD or Konsole with "watchgnupg" and show that window. Logging to a socket has the advantage that the entries are displayed in the order they come in while with files there is an issue of io synchronization and not all components can log in the same file. But you could use same QProcess / watchgnupg to "sync" the log entires and then write them to a file.

Watchgnupg is not built when compiling for windows ( gnupg/tools/watchgnupg.c ) I am not totally sure why it is not using a similar socket abstraction / w32-io that we use in other places. But there was never a big need for that, as we as cross platform developers can run watchgnupg on a linux machine to watch a windows process.
We should consider ourself as the people providing support for Kleopatra as the target audience. "What information do we sometimes need from clients and how can we make the interface so that they don't have to follow very long explanations." There could be another Target Audience and that would be "evaluators" who want to watch what GnuPG does but who are not technical enough to modify the configuration files themself? I am not sure what the history for that is, but I think that would be on linux better solved by "Open GnuPG command line" (since it is otherwise not intutitive how you start the AppImage as a command line environment and start watchgnupg and kleopatra in the same AppImage environment).

My experience was that I rarely needed the logs of multiple components and their interactions because you see IPC requests and answers anyway. So I usually need something like "Please provide me with the dirmngr log" for a network issue or an "scdaemon log" for a smartcard issue. Additionally the GPGME logs are often more helpful then component logs (at least when I do support for GpgOL or Kleopatra)

So tl;dr; for this ticket is that KWatchGnuPG modifies the config files, and not removes the entries when it is shut down?
And there I would say, that we should rather not fix this by modifying KWatchGnuPG but by adding a debugging tab to Kleopatra where you could log the output in the same file and could enter sockets there. And then removing KWatchGnuPG would be my vote.

I am linking it in the priorty to the ticket around the debug tab in kleopatra.

werner raised the priority of this task from Wishlist to Normal.Aug 21 2024, 9:10 AM
werner edited projects, added Bug Report; removed Restricted Project.
werner added a subscriber: werner.

Please remove the any configuration file changes from kwatchgnupg. That is not a good idea. Launching kwatchgnupg is
a debugging aid and not a regular operation and thus the user can also enable debugging selectively with kleopatra.
kwatchgnupg should listen on the standard socket socket:// - for Windows we don't yet need it because there we don't have sockets anyway. Or well, eventually we will have same but that requires work in watchgnupg and gpgrt for the logging stuff.

A bonus would be an option to enable and disable logging for the daemons - that can be best done in the new common.conf file.

werner renamed this task from Draft: Kleopatra: Kwatchgnupg issue to Kleopatra: Kwatchgnupg must not modify conf files.Aug 21 2024, 9:11 AM
ebo added a project: Restricted Project.Fri, Oct 4, 2:29 PM