Problems with gpg-agent cleanup in microdnf

Lukáš Hrázký lhrazky at
Fri Nov 15 12:28:32 CET 2019


we're having trouble with proper cleanup of the gpg-agent which is
launched by gpgme. There's a bug report, with a (Dockerfile) reproducer
and some more info here:

And the code in question is quite short and isolated here:

The suspiciously hackish kill_gpg_agent() function was added because
strangely enough it makes the gpg-agent clean up its sockets, whereas
if the gpg-agent is left to exit on its own, the sockets aren't cleaned
up. The bug for this is here:

TLDR; the sockets couldn't be tar-ed into containers, so we had to
clean them up somehow.

Now the issue with this seems to be there's a race condition, sending
the gpg-agent "KILLAGENT" may or may not cause it to exit before the
gpgme_release() function is called and if it does, the gpgme_release()
will get a SIGPIPE while trying to write to the socket.

So my question is, how to make the gpg-agent clean up its sockets
properly? Are we supposed to delete the sockets ourselves? There are
four of them, I don't think that's really something we should be doing
(listing and manipulating four files in our code whose names are an
implementation detail from a gpgme user's point of view).

Or is it a bug the sockets aren't cleaned up?

Please CC me in replies, thanks.


More information about the Gnupg-users mailing list