Your message dated Mon, 24 Aug 2009 01:17:11 +0000
with message-id <[email protected]>
and subject line Bug#499569: fixed in gnupg2 2.0.12-1
has caused the Debian Bug report #499569,
regarding gnupg-agent: modifies SigBlk mask of all processes spawned in the X
session breaking unrelated software [i386 only?]
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
499569: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499569
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: gnupg-agent
Version: 2.0.9-3
Severity: critical
gnupg-agent somehow manages to change the SigBlk mask causing all child
processes that are spawned part of the X session to have the SigBlk
mask set causing real-time signals to be blocked. This breaks all
applications spawned in that X session that rely on
real-time signals.
As this breaks unrelated software I set the severity to critical.
Here the summary of my full investigation:
About 2 months ago I started to suffer from an issue that first looked
like a bug in Mono's threading implementation. The test-case to
reproduce it looks like this:
Attachment:
test-thread-abort.cs
Compile:
mcs test-thread-abort.cs
Run:
mono test-thread-abort.exe
My output:
thread.Start()
Worker(): thread started
Worker(): working... 0
Worker(): working... 1
Worker(): working... 2
Worker(): working... 3
Worker(): working... 4
thread.Abort()
press enter to quit!
Worker(): working... 5
Worker(): working... 6
Worker(): working... 7
Worker(): working... 8
Worker(): working... 9
Worker(): working... 10
Worker(): working... 11
Worker(): working... 12
(continuing forever -> killed using ^C)
The expected output:
thread.Start()
Worker(): thread started
Worker(): working... 0
Worker(): working... 1
Worker(): working... 2
Worker(): working... 3
Worker(): working... 4
thread.Abort()
press enter to quit!
Worker(): thread aborted!
Worker(): thread ended
The thread was never aborted and thus forever continued on my system.
After more investigation in Mono's threading implementation I found
that it uses real-time signals to control the threads. A strace then
showed that the signal (SIGRT1) was send but never received.... This
made me really curious.
So I wrote a C test-case for this issue, which looks like this:
Attachment:
test-signal.c
Compile:
gcc test-signal.c -o test-signal
Run:
./test-signal
My Output:
SIGRTMIN: 34
sigismember(): 1
SIGRTMIN is blocked, trying to unblock...done.
sigismember(): 0
SIGRT_1 received
SIGRT_2 received
SIGQUIT received
The expected output:
SIGRTMIN: 34
sigismember(): 0
SIGRT_1 received
SIGRT_2 received
SIGQUIT received
And that proved the signal (SIGRT) is indeed already blocked when the
application is started.
Then I found out / learned that blocking signals is a feature and the
SigBlk mask is inherited to child processes. So something was setting
this mask, and I could not find out what it was till today.
I reinstalled my system (1 week ago) after I could not find the exact
cause of this issue (after 3 continuous days of investigation)
and today it started to happen again, after I was sponsoring a package
upload, for which I had to install pscd and gnupg-agent to get my
crypto card working again (after the reinstall).
Then I disabled the gpg-agent in my ~/.gnupg/gpg.conf, restarted my X
session and viola SigBlk mask is back to normal and all my lovely
applications work again like they should.
Enabling the gpg-agent in ~/.gnupg/gpg.conf again brings the issue back.
I noticed the gpg-agent is started in /etc/X11/Xsession.d/90gpg-agent,
but I no have no idea how it manages to change (or rather inherits) the
SigBlk mask of other processes spawned in the X session....
Here also a little detection script I wrote to identify processes with
that set SigBlk mask (it also finds some "false-positives" as some apps
really need that mask, but not _all_ processes launched under the X
session!)
Attachment:
proc-sigblk.sh:
My output:
Name: x-session-manag
Pid: 21699
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
Name: dbus-launch
Pid: 21757
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
Name: dbus-daemon
Pid: 21758
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
Name: seahorse-agent
Pid: 21764
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
Name: gnome-settings-
Pid: 21769
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
Name: metacity
Pid: 21781
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
Name: gnome-panel
Pid: 21782
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
Name: nautilus
Pid: 21783
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
Name: gnome-screensav
Pid: 21786
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
Name: gnome-vfs-daemo
Pid: 21795
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
Name: bluetooth-apple
Pid: 21798
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
Name: gnome-do
Pid: 21799
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
Name: update-notifier
Pid: 21803
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
Name: gnome-do
Pid: 21804
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
Name: system-config-p
Pid: 21811
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
Name: kerneloops-appl
Pid: 21815
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
Name: gnome-volume-ma
Pid: 21817
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
Name: nm-applet
Pid: 21819
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
Name: gnome-power-man
Pid: 21827
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
Name: multiload-apple
Pid: 21849
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
Name: mixer_applet2
Pid: 21852
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
Name: gweather-applet
Pid: 21855
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
Name: locate
Pid: 21862
Uid: 1000 1000 1000 1000
Gid: 1000 105 105 105
Name: locate
Pid: 21863
Uid: 1000 1000 1000 1000
Gid: 1000 105 105 105
Name: mapping-daemon
Pid: 21866
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
Name: gnome-terminal
Pid: 21868
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
Name: gnome-pty-helpe
Pid: 21871
Uid: 1000 1000 1000 1000
Gid: 1000 43 43 43
Name: bonobo-activati
Pid: 3878
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
Name: egrep
Pid: 22046
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
The expected output:
(none or a very small set of applications like gconfd-2 or some
gnome applets)
--
Regards,
Mirco 'meebey' Bauer
PGP-Key ID: 0xEEF946C8
FOSS Developer [email protected] http://www.meebey.net/
PEAR Developer [email protected] http://pear.php.net/
Debian Developer [email protected] http://www.debian.org/
#include <stdio.h>
#include <signal.h>
void sigint_handler(void);
void sigquit_handler(void);
void sigrt1_handler(void);
void sigrt2_handler(void);
void sigrt3_handler(void);
void sigpwr_handler(void);
main()
{
printf("SIGRTMIN: %i\n", SIGRTMIN);
sigset_t set, old_set, new_set;
int ismember;
if (sigprocmask(SIG_SETMASK, NULL, &old_set) != 0)
printf("sigprocmask() failed!\n");
ismember = sigismember(&old_set, SIGRTMIN);
printf("sigismember(): %i\n", ismember);
if (ismember) {
printf("SIGRTMIN is blocked, trying to unblock...");
sigemptyset(&new_set);
sigaddset(&new_set, SIGRTMIN);
sigaddset(&new_set, SIGRTMIN+1);
if (sigprocmask(SIG_UNBLOCK, &new_set, NULL) != 0) {
printf("failed!\n");
exit(1);
}
printf("done.\n");
sigemptyset(&set);
ismember = sigismember(&set, SIGRTMIN);
printf("sigismember(): %i\n", ismember);
}
signal(SIGINT, sigint_handler);
signal(SIGQUIT, sigquit_handler);
signal(SIGRTMIN, sigrt1_handler);
signal(SIGRTMIN+1, sigrt2_handler);
signal(SIGRTMIN+2, sigrt3_handler);
signal(SIGPWR, sigpwr_handler);
kill(getpid(), SIGRTMIN);
kill(getpid(), SIGRTMIN+1);
kill(getpid(), SIGQUIT);
for(;;); /* infinite loop */
}
void sigint_handler(void)
{
signal(SIGINT, sigint_handler);
/* NOTE some versions of UNIX will reset signal to default
after each call. So for portability reset signal each time */
printf("SIGINT received\n");
}
void sigquit_handler(void)
{
printf("SIGQUIT received\n");
exit(0); /* normal exit status */
}
void sigrt1_handler(void)
{
printf("SIGRT_1 received\n");
}
void sigrt2_handler(void)
{
printf("SIGRT_2 received\n");
}
void sigrt3_handler(void)
{
printf("SIGRT_3 received\n");
}
void sigpwr_handler(void)
{
printf("SIGPWR received\n");
}
using System;
using System.Threading;
using System.Runtime.InteropServices;
class MainClass
{
static int loopCount;
static void Main()
{
Thread thread = new Thread(new ThreadStart(Worker));
Console.WriteLine("thread.Start()");
thread.IsBackground = true;
thread.Start();
// give the thread some time to spawn
Thread.Sleep(5000);
Console.WriteLine("thread.Abort()");
thread.Abort();
Console.WriteLine("press enter to quit!");
Console.ReadLine();
}
static void Worker()
{
Console.WriteLine("Worker(): thread started");
try {
while (true) {
Console.WriteLine("Worker(): working... " + loopCount++); Thread.Sleep(1000);
}
} catch (ThreadAbortException) {
Thread.ResetAbort();
Console.WriteLine("Worker(): thread aborted!");
}
Console.WriteLine("Worker(): thread ended");
}
}
proc-sigblk.sh
Description: application/shellscript
--- End Message ---
--- Begin Message ---
Source: gnupg2
Source-Version: 2.0.12-1
We believe that the bug you reported is fixed in the latest version of
gnupg2, which is due to be installed in the Debian FTP archive:
gnupg-agent_2.0.12-1_amd64.deb
to pool/main/g/gnupg2/gnupg-agent_2.0.12-1_amd64.deb
gnupg2_2.0.12-1.diff.gz
to pool/main/g/gnupg2/gnupg2_2.0.12-1.diff.gz
gnupg2_2.0.12-1.dsc
to pool/main/g/gnupg2/gnupg2_2.0.12-1.dsc
gnupg2_2.0.12-1_amd64.deb
to pool/main/g/gnupg2/gnupg2_2.0.12-1_amd64.deb
gnupg2_2.0.12.orig.tar.gz
to pool/main/g/gnupg2/gnupg2_2.0.12.orig.tar.gz
gpgsm_2.0.12-1_amd64.deb
to pool/main/g/gnupg2/gpgsm_2.0.12-1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Eric Dorland <[email protected]> (supplier of updated gnupg2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 23 Aug 2009 20:48:11 -0400
Source: gnupg2
Binary: gnupg-agent gpgsm gnupg2
Architecture: source amd64
Version: 2.0.12-1
Distribution: unstable
Urgency: low
Maintainer: Eric Dorland <[email protected]>
Changed-By: Eric Dorland <[email protected]>
Description:
gnupg-agent - GNU privacy guard - password agent
gnupg2 - GNU privacy guard - a free PGP replacement (new v2.x)
gpgsm - GNU privacy guard - S/MIME version
Closes: 314068 446494 463270 499569 514587 519375 528734
Changes:
gnupg2 (2.0.12-1) unstable; urgency=low
.
* New upstream release. (Closes: #499569, #463270, #446494, #314068,
#519375, #514587)
* debian/control: Change build dependency on gs to ghoscript, since
ghoscript has been replaced.
* debian/compat: Use debhelper v7.
* debian/control: Update Standards-Version to 3.8.2.
* debian/control: Use ${misc:Depends}.
* configure.ac: Override pkgdatadir so that it points to
/usr/share/gnupg2. (Closes: #528734)
* debian/rules: No longer need to specify pkgdatadir at make install
time.
Checksums-Sha1:
f4a5c78e93f54bde191989e37fd945dc6ed3748a 1363 gnupg2_2.0.12-1.dsc
af39fac30404fc74e14cfe01b4f31d2377ceb09e 5395559 gnupg2_2.0.12.orig.tar.gz
266d424f8f64d38a0bc5624358d2fca680885496 292731 gnupg2_2.0.12-1.diff.gz
5064adad26de8ead59605818568a67a5ad6125bf 314506 gnupg-agent_2.0.12-1_amd64.deb
6efa85e9d707e39db579ce1074f3276105add82f 497398 gpgsm_2.0.12-1_amd64.deb
a0769200addfcf26b630e4217a45f2aa040faef3 2206528 gnupg2_2.0.12-1_amd64.deb
Checksums-Sha256:
495c751bf95354648288627d1debad60e5fa7386be69f6108f3dace11ed5b0b4 1363
gnupg2_2.0.12-1.dsc
cfdaac208836698208bc234d0d14e0630c577a78859924851b53f2f28682f8f5 5395559
gnupg2_2.0.12.orig.tar.gz
f6bf79899b46ab39e694dba4e811c78f5f5749f35194948c163d4602730c9282 292731
gnupg2_2.0.12-1.diff.gz
bde6989d48e944b213160349aae55529df98de44182436e0e4aeff0b21223d3f 314506
gnupg-agent_2.0.12-1_amd64.deb
a5d3bef74af08647542d11c20b207976927fa440a210239dc4a9ce6a8a6c8661 497398
gpgsm_2.0.12-1_amd64.deb
59cd22178407d7eddd297e6cc45c0320bd8375f8c20e3c65bf677ebf90b9875d 2206528
gnupg2_2.0.12-1_amd64.deb
Files:
e7be6d0f63f96a8a5256f4d9f020edb5 1363 utils optional gnupg2_2.0.12-1.dsc
47484129e46fbc422d33021be78da323 5395559 utils optional
gnupg2_2.0.12.orig.tar.gz
10f627cab531c7487cb880315acb2284 292731 utils optional gnupg2_2.0.12-1.diff.gz
05bf8c2d9eff9c6ae6dc571e3ddc7752 314506 utils optional
gnupg-agent_2.0.12-1_amd64.deb
cc9c45bedfe158345a8e733e9b2afa21 497398 utils optional gpgsm_2.0.12-1_amd64.deb
fb99bd87b196956944eb41aa8cdd601d 2206528 utils optional
gnupg2_2.0.12-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKkeksYemOzxbZcMYRAuRuAKCgRs5K4AIM+Zm4DoJiFoIj2TogfACcCEk8
LZyA1GPwEVmYC8NSruDKk94=
=1AEm
-----END PGP SIGNATURE-----
--- End Message ---
