Your message dated Wed, 18 Jan 2017 20:49:52 +0000 with message-id <[email protected]> and subject line Bug#851298: fixed in gnupg2 2.1.17-6 has caused the Debian Bug report #851298, regarding 10 second delay on first ssh use (sleeps in agent_libgcrypt_progress_cb) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 851298: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851298 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: gnupg-agent Version: 2.1.17-2 Severity: normal I am using gpg-agent as my ssh agent. When I do my first ssh connection on a newly started agent, then after having entered the passphrase into a pinentry, there is about a 10 second delay. It turns out, gpg-agent is "busy" collecting randomness: > [pid 2378] select(9, [8], NULL, NULL, {tv_sec=0, tv_usec=100000}) = 1 (in > [8], left {tv_sec=0, tv_usec=99990}) > [pid 2378] > getrandom("\257A\325\337\206\370\35\201[\305\212\241s\2$\262\306\347\232\201\n\377\25hmq\251_\227\217\343\371"..., > 90, 0) = 90 > [pid 2378] nanosleep({tv_sec=0, tv_nsec=114131000}, NULL) = 0 > [pid 2378] nanosleep({tv_sec=0, tv_nsec=114131000}, NULL) = 0 > [pid 2378] select(9, [8], NULL, NULL, {tv_sec=0, tv_usec=100000}) = 1 (in > [8], left {tv_sec=0, tv_usec=99998}) > [pid 2378] > getrandom("u\314\v\272\361\3625\3\232?MJ\22\347\271Rv\357\335\fT\246\207\23m\2511Z\32Q\2\334"..., > 90, 0) = 90 > [pid 2378] nanosleep({tv_sec=0, tv_nsec=114131000}, NULL) = 0 > [pid 2378] nanosleep({tv_sec=0, tv_nsec=114131000}, NULL) = 0 > [pid 2378] select(9, [8], NULL, NULL, {tv_sec=0, tv_usec=100000}) = 1 (in > [8], left {tv_sec=0, tv_usec=99998}) So it's nanosleeping in 100ms increments for about 10 seconds. The thing that does the sleeping is agent_libgcrypt_progress_cb() in agent/gpg-agent.c: > /* Libgcrypt < 1.8 does not know about nPth and thus when it reads > * from /dev/random this will block the process. To mitigate this > * problem we take a short nap when Libgcrypt tells us that it needs > * more entropy. This way other threads have chance to run. */ > #if GCRYPT_VERSION_NUMBER < 0x010800 /* 1.8.0 */ > if (what && !strcmp (what, "need_entropy")) > npth_usleep (114131); /* 100ms */ > #endif [the original code has 100000 there instead of 114131 -- I made that change to verify it's this code that does the sleeping.] I would expect my ssh and thus my gpg-agent to be fast, not spend 10 seconds in sleeps when I want things to happen. Commenting out these 2-4 lines makes my first ssh connection as fast as I can provide the passphrase to pinentry, as it should be. I suspect the callback shouldn't try to sleep if the entropy is being read from a non-blocking source, or maybe the callback shouldn't be called in such cases in the first place. Another option, if the sleep is considered important, is to maybe cut it down by an order of magnitude or two. Cheers, weasel -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `- https://www.debian.org/
--- End Message ---
--- Begin Message ---Source: gnupg2 Source-Version: 2.1.17-6 We believe that the bug you reported is fixed in the latest version of gnupg2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Daniel Kahn Gillmor <[email protected]> (supplier of updated gnupg2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 18 Jan 2017 14:40:41 -0500 Source: gnupg2 Binary: gnupg-agent scdaemon gpgsm gnupg gnupg2 gpgv gpgv2 dirmngr gpgv-udeb gpgv-static gpgv-win32 gnupg-l10n Architecture: source Version: 2.1.17-6 Distribution: unstable Urgency: medium Maintainer: Debian GnuPG Maintainers <[email protected]> Changed-By: Daniel Kahn Gillmor <[email protected]> Description: dirmngr - GNU privacy guard - network certificate management service gnupg - GNU privacy guard - a free PGP replacement gnupg-agent - GNU privacy guard - cryptographic agent gnupg-l10n - GNU privacy guard - localization files gnupg2 - GNU privacy guard - a free PGP replacement (dummy transitional pa gpgsm - GNU privacy guard - S/MIME version gpgv - GNU privacy guard - signature verification tool gpgv-static - minimal signature verification tool (static build) gpgv-udeb - minimal signature verification tool (udeb) gpgv-win32 - GNU privacy guard - signature verification tool (win32 build) gpgv2 - GNU privacy guard - signature verification tool (dummy transition scdaemon - GNU privacy guard - smart card support Closes: 841143 850982 851298 Changes: gnupg2 (2.1.17-6) unstable; urgency=medium . * Upstream patches, fixing unnecessary delay in gpg-agent (Closes: #851298) * gpg-agent: avoid race in shutdown (Closes: #841143) * improve dirmngr, gpg-agent README.Debian (Closes: #850982) * clean up gpg-agent-idling patch Checksums-Sha1: 252e704d5b41cd5b54ad72c6cb63c0c3e1813cd6 3148 gnupg2_2.1.17-6.dsc 3f9ce66d92e61cac21d8793a92620621e72543c1 89230 gnupg2_2.1.17-6.debian.tar.bz2 Checksums-Sha256: ca5f80121a9e49cdba2add4cc7c42e6b4aca8c5e8e692169070017512d454f75 3148 gnupg2_2.1.17-6.dsc efd12c68a13022d57013ad5615720fbc003786db83d7dc3ec3c00b5f6e091e09 89230 gnupg2_2.1.17-6.debian.tar.bz2 Files: 80ddfa88d83a70062c14e19e2ffc910c 3148 utils optional gnupg2_2.1.17-6.dsc de83bde24782b397f82e5105aa46d28a 89230 utils optional gnupg2_2.1.17-6.debian.tar.bz2 -----BEGIN PGP SIGNATURE----- iQJKBAEBCgA0FiEEOCdgUepHf6PklTkyFJitxsGSMjcFAlh/zRYWHGRrZ0BmaWZ0 aGhvcnNlbWFuLm5ldAAKCRAUmK3GwZIyNzAUD/4j6LuvtykcqMdJ44dp5Ztx7AFs TByPiucWKzlKM0rhxdoyhkhJgzutDwtpu7mRj/jFgmEgsdH4NgI3gIZ7pzxKPRbB GlUSOY0/I8sQsRL0xecJI6nTMAnWfpjDvntZ4+oT24oxDsuuNrGixa/tRQBxszXS E9LZmPEnAvFj7A3k/xWx2DtxxVTdwuU6sXs7+vPI99Ll4r6N4BJjCh/D6b1CMBBv xvNsuUgU+QyT4DcVTgRsbwRNQluQ+8g9z82RIIKmSAzXuDhnejQ+EJgj1RKKGIG7 btcNCULyUfHSaugblX5BOCG0CTwyhDU6ZtV7QtPz6PPRExko45580aztMVhOfm9Q SMmx9qG/+sufxP45MWMgGdeMN1b3R4PrrY+l9sbEbGoYvl2HQRx1Mhvq+CuFJS6K XMCvd0ll+CdWy5FE3L0HK//ibDT8j9Q4QmquGjmBUvGuXW7ngOFwj39RCHtcAwMb /XQw1jb7hUbN5qUjDnlEFyDC+9MA/BHyiDQn97gl2D6IK1TAxJbc+ZMfL+DlDKbo o4v/eHw55nProdWH+rGZXD3U4NrTzxeLo9VqEu33U0F4EdyOrkyBmT7Kqba2OxLZ ZA1FwAhrX08nqaK8P2eRXQadJpLHZL3nSGG8+iRKdWCJBuThh9N1BwKc7HE0k+nx RR6Svs7ExsXkxJ45ww== =52V+ -----END PGP SIGNATURE-----
--- End Message ---

