On Sun, 3 Mar 2024 20:38, Matěj Cepl said: > 1. Could you please explain why it is racy? Why from all services
Because all components of gnupg will start gpg-agent and the other daemons oin the fly and make sure that only one is started. Systemd does not know about this specific start mechanism and thus you might see two daemon processes for some time until their self-check detects this situation. In most cases this is just a annoying but it may very well happen that the two processes receove different information and are not abale to properly handle the caching. With smartcards you may also run into lockups becuase only one process may hold access to a smartcard. With keyboxd we even didn't implement the systemd start thingy because keyboxd acquires a process lifetime lock on the database and thus a second process won't be abale to get that lock and timeout after some time. > 2. When running on MicroOS system (or Fedora Atomic) how could > you guarantee that there is only one gpg-agent and gpg > doesn't try to run it inside of a container, thus making it I have no idea what this is about. In case you need to play interesting games with the sockets, the gpgconf.ctl mechanism might be helpful. Using no-autostart in the common.conf might be useful. We use it always when running a remote gpg. > What? You know there is a vulnerability in gpg (actually, > couldn't the particularly modified environment be abused for some Please read again what I wrote: An empty string for the value is simply invalid syntax. That is different from not giving a value which is specified as removing the envvar (cf. "" vs. NULL). > I have Wayland-only system (based on sway), so whole XAUTH* > variables are nonsensical here. Others might be: $ gpg-connect-agent 'getinfo std_env_names' /bye D GPG_TTY D TERM D DISPLAY D XAUTHORITY D XMODIFIERS D WAYLAND_DISPLAY D XDG_SESSION_TYPE D QT_QPA_PLATFORM D GTK_IM_MODULE D DBUS_SESSION_BUS_ADDRESS D QT_IM_MODULE D INSIDE_EMACS D PINENTRY_USER_DATA D PINENTRY_GEOM_HINT Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein
openpgp-digital-signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
