ingo may have tested on linux where we never actually used gpgtar.

No. I only noticed a difference of the behavior between gpgtar on the cli and Kleo. Ingo said the behavior in Kleo has always been the same, gpgtar an Kleo differ in that. Case was therefore closed for me.

Left is the old behavior after "save all" right is the new behavior after "save all"

In T6336#166815, @werner wrote:

Actually, the entire systemd based launching is deprecated and thus the logged warning is on purpose.

The problem with the systemd launched gpg-agent is that it creates a race: gpg launches gpg-agent as needed and to avoid concurrent launching by other gpg or gpgsm processes, it takes a file system lock during the launch process. systemd does not know about this and we end up with sometimes end up with two gpg-agent processes. Eventually one of those processes detects that it does not own the socket and terminates itself. No real harm here but you may see smart card lockups or a flushed password cache.

I consider the entire idea of receiving a passphrase and data on the same channel to be a bad for security and robust coding. The whole thing is a historical oddity which we kept for the sake of mutt(1)'s legacy way of invoking pgp. Thus I won't consider 3) the best option.

To summarize, here is the situation:

• Ideally, it would be good to modify GnuPG and Emacs EasyPG to implement status handling and input handling in better way.

Ah, I see https://dev.gnupg.org/rG2f872fa68c6576724b9dabee9fb0844266f55d0d applies cleanly. I guess can go with that, although would prefer it if on the 2.4 branch.

Is there a commit we could backport downstream to 2.4.x? We've had quite a few reports of this.

Mh, let me check where the size hint should come from and why it might be missing in my windows test. That is indeed strange then.

For me this does work also when decrypting:

With my fixes I now get this:

Actually two bugs. Easy to test on Unix with a small (e.g. 10MiB partition).

Of course, those are different controllers. :-)

btw. this does not work on the decrypting side because kleopatra there apparently does not provide a size hint. So it goes:

As I already had my testsetup open I recompiled with your change and I tested manually cancelling and letting it run into the disk full error. In both cases the temporary file was deleted and the job was cancelled :)

Seems to be gnupg 2.4. ec 112 is ERROR_DISK_FULL.

The processes should now be killed properly.

Oh my, so I have not really tested this for nearly three months and had my head in the send when reviewing it. I really need to apologize for that. The performance improvement is _not_ what I hoped for if it is even there.

Please note that my test was not on an USB Device. I will keep this issue with your analysis and reopen a different one with my error and details on how to reproduce that one. Pretty sure it was disk full.

I don't think this is a regression or something we can do anything about. Note that we see the same thing also on the command line. Actually I have seen the very same thing pretty often with USB devices. Thus lowering priority.

Just as a background. This issue and others basically ended a project where dan and me worked on with a customer (you know who) to make Kontact from KDE 4 usable for them back in the day. The calendar was just too unreliable and this was one of the causes we identified. This does not mean that it will fix the unreliableness that we see with our calendars at work, but it is an issue that should be fixed.

We have seen this problem in the QA this week and could identify that this was a ERROR_FILE_INVALID (ec=1006,"The volume for a file has been externally altered so that the opened file is no longer valid"). We also noticed disk errors in the event logger but did not recorded them. The USB stick was not unplugged but merely used with VirtualBox.

Yes thinking about this a bit more the checkbox is as redundant as any warning. The user interface clearly indicates that if you want to encrypt for others that you have to enter a name or email in this group. If the user does not notice that then a warning message or other explicit action will not help but make the user experience for most other users (requiring a click to check the checkbox) worse.

If I understand you correctly, you want to remove the checkbox before "Encrypt to others"?

Ah, I was not even thinking about the checkbox, yes you are both right. The encrypt to others should not be a checkbox but can be implicit regarding the selection of keys in the group "Encrypt to others."

I don't think a different foldername there would make a difference. When this is not updated it shows wrong information so I have changed this to T6525

If you only want to encrypt to one key you could do this without warning if you remove the check before "encrypt to others".

Maybe there just shouldn't be an "encrypt to others" checkbox. I mean, either you add keys of others or you don't. What's the point of the checkbox? Okay. I guess now you could encrypt to others but not to yourself. But that would still be possible. What wouldn't be possible is to add keys of others and then decide "Nah. I'll just encrypt to myself/with password."

We can do an added status line "Note: Only your key will be able to decrypt this file". But I don't think that will be very accessible.

works (at least for small directories)

High priority because I a fear that we will soon start to receive support questions related to this.

I guess kleo does a directory listing and then sorts hat listing the view Using the name by default but you can change this. Passing this list down to gpgtar is likely the original list as received from the OS. I also guess it will be easy to sort this but I'll give it a low priority.

Well, it Just Works(tm). You should make sure that a /run/user/NNNN direcory exists so GnuPG is able to create its subdir for the socket files.

I'm going to add selftest of EdDSA with test vectors from RFC 8032.

With the fix of T6523, make check goes all well (on Wine emulation and on Windows, for i686 and for x86_64).

Fixed in master.

I modified ffi.c, to have renamed process-spawn-io function doing I/O by C.