Hi Gregor-- Thanks for the followup!
On Sat 2016-09-03 03:58:34 -0400, gregor herrmann wrote:
> 1) After the build finishes there are 6 instances of gpg-agent
> running. In my cowbuilder setup this doesn't cause any issues and
> they time out after some time (1 minute I guess).
right, those processes should time out after their temporary home
directories are removed. I'm working with upstream on making that
timeout happen faster than a 1 minute delay, but it's not done yet.
> 2) autopkgtests initially failed with:
>
> t/30.inline-decrypt.t ....
> 1..5
> ok 1 - An object of class 'MIME::Entity' isa 'MIME::Entity'
> gpg: keybox
> '/tmp/autopkgtest.n6im1C/autopkgtest_tmp/smoke7NpYaR/mgtrYHsk/pubring.kbx'
> created
> gpg:
> /tmp/autopkgtest.n6im1C/autopkgtest_tmp/smoke7NpYaR/mgtrYHsk/trustdb.gpg:
> trustdb created
> gpg: key 49539D60EFEA4EAD marked as ultimately trusted
> gpg: key 49539D60EFEA4EAD: public key "Mail::GnuPG Test Key <m...@gnupg.dom>"
> imported
> gpg: key 49539D60EFEA4EAD/49539D60EFEA4EAD: error sending to agent: No
> pinentry
> gpg: error building skey array: No pinentry
> [..]
Sounds like autopkgtests needs to also use fake-pinentry.pl, as you
pointed out in (4) ;)
Once this changeset is included upstream, we won't need the "chmod +x" any
longer.
> 3) This is in schroot-on-lvm. And here unmounting fails because of the
> running gpg-agents leaving my schroot/lvm setup in a sad state.
right, but this is a different issue, related to gpg-agent not.
terminating rapidly enough when its socket is removed (same as (1)).
I'm happy to track this as an issue, but it is a different issue than
835075.
> Alltogether I think we need to think a bit more about this gpg-agent
> thing, currently this seems a bit too fragile to me.
>
> Another question is if we could have a fake-pinentry in some central
> place (gnupg binary package?) to be used from all packages instead of
> adding it everywhere?
I am happy to ship something like fake-pinentry.pl (a pinentry that
always returns "passphrase" and gamely accepts anything else) in a
separate package, or even in gnupg as /usr/lib/gnupg/fake-pinentry, but
it seems more important for me to get these fixes upstreamed.
I could even ship upstream's ./tests/openpgp/fake-pinentry.c there,
though i worry that it now has too many features, which might actually
encourage people to try to use it in non-dev environments; i think that
would be a bad outcome.
Also, for language-specific libraries like lib*-perl, upstream will want
this stuff to work on all platforms, and we can't guarantee that any
gnupg binary package on other platforms will ship a fake-pinentry.
So i think we should go ahead with this patch, as well as submitting it
upstream. I'm happy to try to replicate it on the other lib*-perl
gnupg-related packages too if you're ok with this.
Regards,
--dkg
signature.asc
Description: PGP signature
