gpg-agent self-termination when private-keys-v1.d goes away

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

gpg-agent self-termination when private-keys-v1.d goes away

Daniel Kahn Gillmor-7
hey folks--

gpg-agent currently knows to terminate itself when its socket is
unlinked from the filesystem.

to work around the sun_path length constraint, though, we're often
putting the sockets in the /run/user/$(id -u) directory.

This means that the workflow of:

    export GNUPGHOME=$(mktemp -d)
    # do some experiments
    rm -rf $GNUPGHOME

Actually leaves any associated gpg-agents running in the background.

Do this as a part of an automated test suite, and you could easily end
up with hundreds of agents or more that are still active.

I propose to add private-keys-v1.d/ to the gpg-agent's inotify
watchlist, and to have the agent terminate if it notices that directory
being deleted as well.  I think that will fix the concern described
above on GNU/Linux at least.

any objections or concerns about this approach?

    --dkg

_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

signature.asc (847 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: gpg-agent self-termination when private-keys-v1.d goes away

Justus Winter
Daniel Kahn Gillmor <[hidden email]> writes:

> I propose to add private-keys-v1.d/ to the gpg-agent's inotify
> watchlist, and to have the agent terminate if it notices that directory
> being deleted as well.

Why not watch the $GNUPGHOME itself?

> I think that will fix the concern described above on GNU/Linux at
> least.

For the other platforms, we can periodically stat the directory in the
thread that manually watches the sockets.

> any objections or concerns about this approach?

I'm concerned that we are still cleaning up after the socketdir "fix".


Cheers,
Justus

_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

signature.asc (497 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: gpg-agent self-termination when private-keys-v1.d goes away

Werner Koch
On Tue, 13 Jun 2017 12:45, [hidden email] said:

> For the other platforms, we can periodically stat the directory in the
> thread that manually watches the sockets.

Which I think is anyway the better solution than the non-portable
inotify.  But we also need to consider the implications that we need to
use stat in contrast to fstat; the directory entry might have already
gone while gpg-agent still has a connection and is working fine on the
inode.

Anyway, nothing we should change for 2.2.


Salam-Shalom,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

attachment0 (233 bytes) Download Attachment
Loading...