Bug#972525: buildd: sbuild randomly fails to sign changes file despite valid signature keys

Wed, 21 Oct 2020 20:15:59 -0700 

Hello,

IIUC, it is likely a bug of GnuPG.

When a server with higher load, it takes time for a process of gpg-agent
to start listen(2)ing the connection than the value of
SECS_TO_WAIT_FOR_AGENT.  It's five seconds, hard-coded.

Last year, I pushed a change to remove possible race condition around
the initial connect to gpg-agent.

I don't know if this patch fixes the particular problem of sbuild, but,
it should improve the situation, hopefully, much.

-- 


commit b1c56cf9e2bb51abfd47747128bd2a6285ed1623
Author: NIIBE Yutaka <[email protected]>
Date:   Wed Jul 24 15:15:32 2019 +0900

    common: Use gnupg_spawn_process_fd to invoke gpg-agent/dirmngr.
    
    * common/asshelp.c (start_new_gpg_agent): Call gnupg_spawn_process_fd
    and gnupg_wait_process.
    (start_new_dirmngr): Likewise.
    
    --
    
    With --daemon option, gpg-agent/dirmngr detaches by itself.
    
    Signed-off-by: NIIBE Yutaka <[email protected]>

diff --git a/common/asshelp.c b/common/asshelp.c
index 5209ea6cf..600774330 100644
--- a/common/asshelp.c
+++ b/common/asshelp.c
@@ -492,8 +492,13 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
       if (!(err = lock_spawning (&lock, gnupg_homedir (), "agent", verbose))
           && assuan_socket_connect (ctx, sockname, 0, 0))
         {
-          err = gnupg_spawn_process_detached (program? program : agent_program,
-                                              argv, NULL);
+          pid_t pid;
+
+          err = gnupg_spawn_process_fd (program? program : agent_program,
+                                        argv, -1, -1, -1, &pid);
+          if (!err)
+            err = gnupg_wait_process (program? program : agent_program,
+                                      pid, 1, NULL);
           if (err)
             log_error ("failed to start agent '%s': %s\n",
                        agent_program, gpg_strerror (err));
@@ -627,7 +632,12 @@ start_new_dirmngr (assuan_context_t *r_ctx,
       if (!(err = lock_spawning (&lock, gnupg_homedir (), "dirmngr", verbose))
           && assuan_socket_connect (ctx, sockname, 0, 0))
         {
-          err = gnupg_spawn_process_detached (dirmngr_program, argv, NULL);
+          pid_t pid;
+
+          err = gnupg_spawn_process_fd (dirmngr_program, argv,
+                                        -1, -1, -1, &pid);
+          if (!err)
+            err = gnupg_wait_process (dirmngr_program, pid, 1, NULL);
           if (err)
             log_error ("failed to start the dirmngr '%s': %s\n",
                        dirmngr_program, gpg_strerror (err));

Reply via email to