I am seeing random failures with gnupg more frequently than I used to. I have an Ansible plugin that invokes gpg in a very straightforward manner:
https://dotat.at/cgi/git/regpg.git/blob/HEAD:/ansible/filter.py In the situation I use this plugin, I am typically decrypting and installing secrets on 15 servers in parallel. This happens several times during an Ansible run, for a different kind of secret each time. Usually one of these decryptions will randomly fail during the run, like this: TASK [ssh : ssh host private keys] gpg: decryption failed: No secret key failed: [rnb-a.dns.cam.ac.uk] (item=ssh_host_ed25519_key) => {"failed": true, "item": "ssh_host_ed25519_key", "msg": "gpg --decrypt /home/fanf2/work/dns/ipreg/ansible/roles/ssh/files/rec/ssh_host_ed25519_key.asc failed: "} The agent is pre-loaded with the passphrase at the start of the run, so there is no user interaction while it is in progress. The random failures are becoming more frequent as the number of servers increases. I'm using gnupg 2.1.18-8~deb9u3 on Debian Stretch. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Dover, Wight, Portland, Plymouth: Southwest backing south 4 or 5, occasionally 3 at first, increasing 6 at times later in Plymouth. Slight or moderate, becoming rough in west Plymouth. Fair. Good.
