gpg-agent self-termination when private-keys-v1.d goes away

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Jun 13 06:47:12 CEST 2017


hey folks--

gpg-agent currently knows to terminate itself when its socket is
unlinked from the filesystem.

to work around the sun_path length constraint, though, we're often
putting the sockets in the /run/user/$(id -u) directory.

This means that the workflow of:

    export GNUPGHOME=$(mktemp -d)
    # do some experiments
    rm -rf $GNUPGHOME

Actually leaves any associated gpg-agents running in the background.

Do this as a part of an automated test suite, and you could easily end
up with hundreds of agents or more that are still active.

I propose to add private-keys-v1.d/ to the gpg-agent's inotify
watchlist, and to have the agent terminate if it notices that directory
being deleted as well.  I think that will fix the concern described
above on GNU/Linux at least.

any objections or concerns about this approach?

    --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20170613/27dab447/attachment.sig>


More information about the Gnupg-devel mailing list