Hi Gregor-- Thanks for the followup!
On Sat 2016-09-03 03:58:34 -0400, gregor herrmann wrote: > 1) After the build finishes there are 6 instances of gpg-agent > running. In my cowbuilder setup this doesn't cause any issues and > they time out after some time (1 minute I guess). right, those processes should time out after their temporary home directories are removed. I'm working with upstream on making that timeout happen faster than a 1 minute delay, but it's not done yet. > 2) autopkgtests initially failed with: > > t/30.inline-decrypt.t .... > 1..5 > ok 1 - An object of class 'MIME::Entity' isa 'MIME::Entity' > gpg: keybox > '/tmp/autopkgtest.n6im1C/autopkgtest_tmp/smoke7NpYaR/mgtrYHsk/pubring.kbx' > created > gpg: > /tmp/autopkgtest.n6im1C/autopkgtest_tmp/smoke7NpYaR/mgtrYHsk/trustdb.gpg: > trustdb created > gpg: key 49539D60EFEA4EAD marked as ultimately trusted > gpg: key 49539D60EFEA4EAD: public key "Mail::GnuPG Test Key <m...@gnupg.dom>" > imported > gpg: key 49539D60EFEA4EAD/49539D60EFEA4EAD: error sending to agent: No > pinentry > gpg: error building skey array: No pinentry > [..] Sounds like autopkgtests needs to also use fake-pinentry.pl, as you pointed out in (4) ;) Once this changeset is included upstream, we won't need the "chmod +x" any longer. > 3) This is in schroot-on-lvm. And here unmounting fails because of the > running gpg-agents leaving my schroot/lvm setup in a sad state. right, but this is a different issue, related to gpg-agent not. terminating rapidly enough when its socket is removed (same as (1)). I'm happy to track this as an issue, but it is a different issue than 835075. > Alltogether I think we need to think a bit more about this gpg-agent > thing, currently this seems a bit too fragile to me. > > Another question is if we could have a fake-pinentry in some central > place (gnupg binary package?) to be used from all packages instead of > adding it everywhere? I am happy to ship something like fake-pinentry.pl (a pinentry that always returns "passphrase" and gamely accepts anything else) in a separate package, or even in gnupg as /usr/lib/gnupg/fake-pinentry, but it seems more important for me to get these fixes upstreamed. I could even ship upstream's ./tests/openpgp/fake-pinentry.c there, though i worry that it now has too many features, which might actually encourage people to try to use it in non-dev environments; i think that would be a bad outcome. Also, for language-specific libraries like lib*-perl, upstream will want this stuff to work on all platforms, and we can't guarantee that any gnupg binary package on other platforms will ship a fake-pinentry. So i think we should go ahead with this patch, as well as submitting it upstream. I'm happy to try to replicate it on the other lib*-perl gnupg-related packages too if you're ok with this. Regards, --dkg
signature.asc
Description: PGP signature