Summary: | app-crypt/monkeysphere: processes left after installation at hardened | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Toralf Förster <toralf> |
Component: | Current packages | Assignee: | Kristian Fiskerstrand (RETIRED) <k_f> |
Status: | RESOLVED UPSTREAM | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Toralf Förster
2015-10-10 20:53:42 UTC
(In reply to Toralf Förster from comment #0) > At my tinderbox (hardened amd64 host) I'm wondering about those processes : > > > tor-relay ~ # ps -efla | grep gpg-agent > Warning: /usr/src/linux/System.map not parseable as a System.map > 1 S root 12416 1 0 90 10 - 41781 - 11:53 ? 00:00:00 > gpg-agent --homedir /var/lib/monkeysphere/authentication/core > --use-standard-socket --daemon > 1 S 193 12726 1 0 90 10 - 41780 - 11:53 ? 00:00:00 > gpg-agent --homedir /var/lib/monkeysphere/authentication/sphere > --use-standard-socket --daemon > 4 S root 16056 24470 0 80 0 - 2257 - 22:47 pts/6 00:00:00 > grep --colour=auto gpg-agent > 1 S root 20246 1 0 90 10 - 41781 - 15:16 ? 00:00:00 > gpg-agent --homedir /var/lib/monkeysphere/authentication/core > --use-standard-socket --daemon > 1 S 157 20289 1 0 90 10 - 41780 - 15:16 ? 00:00:00 > gpg-agent --homedir /var/lib/monkeysphere/authentication/sphere > --use-standard-socket --daemon > Yup, monkeysphere-authenticate setup generates a new key used for certification as part of this setup procedure, in particular for gnupg 2.1 this requires an agent (as all secret key operations are performed by the agent). Gnupg 2.1 will auto-spawn the agent as needed for OpenPGP operation. The only thing I wonder about is actually the number of running agents, as it is using standard sockets the same one should be used for the respective --homedir locations. > > > > I do wonder if there's something in the ebuild which could kill those > processes or if there's no chance to do it and therefore it would be my > tasks (via cron or so) ? It is not something I'd like to do in ebuild, first of all because there wouldn't be a way to track whether it is actually started by an action in the ebuild or using an existing agent instance. > > And BTW: it is ok to be filed as a bug or is there another preferred way for > such issues ? Bug is preferred way as it allows for separation of threads and transparency, although in this particular case I wonder if it isn't more a question of upstream behavior than our packaging. (In reply to Kristian Fiskerstrand from comment #1) > The only thing I wonder about is actually the number of running agents, as > it is using standard sockets the same one should be used for the respective > --homedir locations. Well, 7 different chroot images at a hardened host - they shouldn't see the other IMO, or ? Ok, so the gpg-agent is spawned up but not finished after the setup - maybe really an upstream topic. ok, bot a bug, it is a feature (In reply to Toralf Förster from comment #3) > ok, bot a bug, it is a feature https://labs.riseup.net/code/issues/10465 |