Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

More considerate approach to spawning gpg-agent #186

Open
jnpkrn opened this issue Apr 7, 2020 · 2 comments
Open

More considerate approach to spawning gpg-agent #186

jnpkrn opened this issue Apr 7, 2020 · 2 comments

Comments

@jnpkrn
Copy link

jnpkrn commented Apr 7, 2020
edited
Loading

Not exactly sure how, I ended up in a state where there is gpg-agent
process running in my user's session (the parent is the user instance
of systemd, /usr/lib/systemd/systemd --user) and without regaining
superuser privileges agains, there's exactly zero of things I can
do about it, since it's an UID=0 process.
It's basically this very observation:

https://www.reddit.com/r/Fedora/comments/4t90bk/i_found_someting_strange_about_gpg/

although I am at least reasonably sure no dnf nor rpm process
is concurrently running in my case.

Commonly, I log in as my user on VT first, then su -c, then run
the update, if not too intrusive, I continue to start a graphical
session. That might explain the current process parent, otherwise
it would be PID 1.

It doesn't explain, however, why this process keeps running when
there is no dnf/rpm business going on, nor why it is needed
to begin with ... is it to speed up verifications thanks to some
caching? I play a dumb asker since there's hardly any actual
signing going -- the main reason for such an agent in place,
correct?

Personally, I'd prefer as little complexity, incl. spawning as little
external programs, as possible. But I may be missing something.

At the very least, gpg-agent shall be exited the moment it's not
longer actively used?

Thanks!
@jnpkrn
Copy link
Author

jnpkrn commented Apr 7, 2020

Note that with this alleged misbehaviour, problems keep chaining in
hard to anticipate ways!

For instance, for my terminal purposes, I am using urxvt256c-mld for
which I've written a user service file, hence the whole scope underneath
incl. each separate urxvt256c-ml terminal window and, of course,
every command running in these terminals is suddenly of close
interest by the user instance of systemd -- and it seems not be able
(or willing) to kill foreign/UID=0 process on its own.

Which leads to one example pf problem chaining, for UID=0 gpg-agent
not getting terminated properly at dnf finalization -- when this
dnf command was run with terminal in the described arrangement.

@lukash
Copy link
Contributor

lukash commented Apr 8, 2020

This won't be very helpful but...

gpg (in particular gpgme) is used to verify signatures (of e.g. repository metadata, maybe more). This doesn't actually involve working with secrets so the gpg agent is not necessary for this, but gpgme needs it anyway and spawns it. There is a whole heap of issues with this and we would very much like to not have this happening at all.

But at the moment (as far as we know) there is no other usable gpg implementation that we could use, as this is about security, the requirements are also more strict.

I think the gpg agent is supposed to terminate after it is spawned by gpgme, but don't quote me on this, I am actually not sure. It is also dependent on the environment, maybe in your setup, which seems to be quite customized, it behaves weird. That wouldn't be too surprising...

Attempting to replace the gpg implementation with something better is planned, but not in the near future... Sorry, I don't think we can help more with this ☹️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lukash @jnpkrn