[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Beware of leftover gpg-agent processes

Ian Jackson writes:
> Johannes Schauer writes ("Beware of leftover gpg-agent processes (was: Re: Changes for GnuPG in debian)"):
>> Quoting Daniel Kahn Gillmor (2016-08-04 18:29:03)
>> > One of the main differences is that all access to your secret key
>> > will be handled through gpg-agent, which should be automatically
>> > launched as needed.
>> it might be important to note that gpg launching this gpg-agent
>> process is not optional and that it will automatically be launched
>> and continue running in the background for many gpg operations.
> This is rather alarming.  As a longtime gpg1 user I hadn't appreciated
> this.
> Could we not have gpg2 not only automatically launch the agent, but
> also automatically terminate it.  This would provide the same UI and
> same persistence properties as gpg1.

There are good reasons to want to have the agent running over time and
not terminating with the individual invocations of gpg1.  In particular,
passphrase caching and smartcard management are useful features.

The UI of gpg1 (where the user is expected to reveal the secret key
material and any passphrase to unlock it directly to the running
process) is not a feature we want to emulate.

GnuPG upstream hasn't designed any automated agent teardown process that
i can see simply integrating into debian's typical session-oriented
workflow (though i'd happily take patches that don't break common use

On desktop systems (where i'd expect the majority of secret key access
happens), for folks who are running systemd, i recommend enabling the
systemd user services, as documented in
/usr/share/doc/{gnupg-agent,dirmngr}/README.Debian :

  systemctl --user enable gpg-agent
  systemctl --user enable dirmngr

This should handle teardown at session termination cleanly.

> I don't think a general change to a timeout-based persistence model is
> a good idea in itself; and of course there are the practical problems
> Johannes mentions.

I agree, which is why i provided the systemd user services.  I'm hoping
to enable them (on systems which use systemd) by default after they've
had a bit more testing in the real world.

(relevant bugs that need work, if anyone is inclined to help:





PS Please keep me or at least pkg-gnupg-maint in Cc, i'm not subscribed
   to debian-devel.

Attachment: signature.asc
Description: PGP signature

Reply to: