Problems with gpg-agent cleanup in microdnf
Lukáš Hrázký
lhrazky at redhat.com
Fri Nov 15 12:28:32 CET 2019
Hello,
we're having trouble with proper cleanup of the gpg-agent which is
launched by gpgme. There's a bug report, with a (Dockerfile) reproducer
and some more info here:
https://github.com/rpm-software-management/microdnf/issues/50
And the code in question is quite short and isolated here:
https://github.com/rpm-software-management/librepo/blob/master/librepo/gpg.c
The suspiciously hackish kill_gpg_agent() function was added because
strangely enough it makes the gpg-agent clean up its sockets, whereas
if the gpg-agent is left to exit on its own, the sockets aren't cleaned
up. The bug for this is here:
https://bugzilla.redhat.com/show_bug.cgi?id=1650266
TLDR; the sockets couldn't be tar-ed into containers, so we had to
clean them up somehow.
Now the issue with this seems to be there's a race condition, sending
the gpg-agent "KILLAGENT" may or may not cause it to exit before the
gpgme_release() function is called and if it does, the gpgme_release()
will get a SIGPIPE while trying to write to the socket.
So my question is, how to make the gpg-agent clean up its sockets
properly? Are we supposed to delete the sockets ourselves? There are
four of them, I don't think that's really something we should be doing
(listing and manipulating four files in our code whose names are an
implementation detail from a gpgme user's point of view).
Or is it a bug the sockets aren't cleaned up?
Please CC me in replies, thanks.
Cheers,
Lukas
More information about the Gnupg-users
mailing list