From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7003745943754375168 X-Received: by 2002:adf:dc8a:: with SMTP id r10mr171991wrj.371.1630690212942; Fri, 03 Sep 2021 10:30:12 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a5d:6251:: with SMTP id m17ls57544wrv.1.gmail; Fri, 03 Sep 2021 10:30:12 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxt+PPxIUVvOcfQOR87VpSROg+/WZZcaKYNH1vbbILJptAEt1gnFqZJRzpgQRyOHNKvYHKG X-Received: by 2002:a5d:44ca:: with SMTP id z10mr206350wrr.298.1630690212021; Fri, 03 Sep 2021 10:30:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1630690212; cv=none; d=google.com; s=arc-20160816; b=s2VBlNS1QwAN+TdLgNsNAQzLnChrkK+1kC+UMp4GnXuTFi0hTNFhUPl35D3hcO6vLS jZ+KvPAqo1fqwHrlpvyLav+sRTznfPeweeebH/GJYQJoP9/dgeadRWnVTSi5GfzuOSfg pYM72n8Ic6ubF1RotC14sAPVi//8CtswJCBKd/cuv8sVYxVRVlXd4aI3194BNQ6RjaN2 i2bJBnxig7s/ZvI9Fq91OMLZo/VnMeVJTR57HaVTcb9DhkKClDrW6A5rLEDLBT8NYUaD zGMPHOn3Uzw5tbLEfEjvgGG66Eqo3+qFjmYYIz8KCyq8yuH8OvRWm5hzKlBjqTHo90la p3Lg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date; bh=yuKLMZXA8NEaopodFYU0rqGaQKpKFyznR+UP238rYc8=; b=m3FtDNXHY8BX8xyWjkx7FqNeTzmAqWnA8VmHwAyL5BawrJxHqZRg98AIjhchIqOFyT x7kYx9qXyyl/21b6S3ecKLDcyNfbPc5mqRJt7m1HiopZtqdETf/FzrB7e/a3r/xyo8C9 oFvKVidlaqABVNAdFM/hr83NZHXQ32whp7ySK/R21rRF7InfH7BqmVf/CY3n/O/PC2kX TyeRdK8rSiRWu54CD5v3JCM6qOcgPsoOnuv47uMrTl9jhC0D4e5Y843TsNIMmF7zwEWr +7ylE7Nka5WgVW4iTdeRTxBZnxvA6tw1WlwAtrbRqZdufNkPMhD6voBXDsEthA86BE7E Zf1Q== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 194.138.37.39 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from lizzard.sbs.de (lizzard.sbs.de. [194.138.37.39]) by gmr-mx.google.com with ESMTPS id u2si397556wro.0.2021.09.03.10.30.11 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 03 Sep 2021 10:30:11 -0700 (PDT) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 194.138.37.39 as permitted sender) client-ip=194.138.37.39; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 194.138.37.39 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by lizzard.sbs.de (8.15.2/8.15.2) with ESMTPS id 183HUBgA010973 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 3 Sep 2021 19:30:11 +0200 Received: from md1za8fc.ad001.siemens.net ([139.25.0.59]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id 183HUBNM015342; Fri, 3 Sep 2021 19:30:11 +0200 Date: Fri, 3 Sep 2021 19:30:10 +0200 From: Henning Schild To: Anton Mikanovich Cc: isar-users@googlegroups.com, Subject: Re: [PATCH 2/2] isar-bootstrap: Do not let gpg-agent to stay running Message-ID: <20210903193010.65525070@md1za8fc.ad001.siemens.net> In-Reply-To: <20210903163105.54003-3-amikan@ilbers.de> References: <20210903163105.54003-1-amikan@ilbers.de> <20210903163105.54003-3-amikan@ilbers.de> X-Mailer: Claws Mail 3.18.0 (GTK+ 2.24.33; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-TUID: BnKBuLWEgiYH Am Fri, 3 Sep 2021 19:31:05 +0300 schrieb Anton Mikanovich : > If running gpg-agent as a daemon we make it to run apt-key as a child > of gpg-agent. After the finish of apt-key parent gpg-agent will be > also finished in that mode. > This will allow us not to control start-stop of gpg-agent (which was > actually broken before this commit) and get rid of any possible issues > caused by left gpg-agent processes. > > Signed-off-by: Anton Mikanovich > --- > meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 8 +++----- > 1 file changed, 3 insertions(+), 5 deletions(-) > > diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc > b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc index > e87c091..5f87f10 100644 --- > a/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc +++ > b/meta/recipes-core/isar-bootstrap/isar-bootstrap.inc @@ -335,20 > +335,18 @@ do_bootstrap() { MY_GPGHOME="$(chroot "${ROOTFSDIR}" > mktemp -d /tmp/gpghomeXXXXXXXXXX)" echo "Created temporary directory > ${MY_GPGHOME} for gpg-agent" export GNUPGHOME="${MY_GPGHOME}" > - chroot "${ROOTFSDIR}" gpg-agent --daemon > APT_KEY_APPEND="--homedir ${MY_GPGHOME}" > fi > find ${APT_KEYS_DIR}/ -type f | while read keyfile > do > kfn="$(basename $keyfile)" > cp $keyfile "${ROOTFSDIR}/tmp/$kfn" > - chroot "${ROOTFSDIR}" /usr/bin/apt-key \ > + chroot "${ROOTFSDIR}" /usr/bin/gpg-agent --daemon -- > /usr/bin/apt-key \ --keyring ${THIRD_PARTY_APT_KEYRING} > ${APT_KEY_APPEND} add "/tmp/$kfn" rm "${ROOTFSDIR}/tmp/$kfn" > done > - if [ -d "${MY_GPGHOME}" ]; then > - echo "Killing gpg-agent for ${MY_GPGHOME}" > - chroot "${ROOTFSDIR}" gpgconf --kill gpg-agent && > /bin/rm -rf "${MY_GPGHOME}" Venkata found that /tmp/gpghomeXXXXXXX to be part of the rootfs. It not being deleted had the same reason the agent was never killed. > + if [ "${@get_distro_needs_gpg_support(d)}" = "gnupg" -a -d > "${ROOTFSDIR}${MY_GPGHOME}" ]; then Why that new condition on get_distr_needs_gpg_support? I think this can go away. In fact i think the whole if can go since the rm has a -f. If the condition needs to stay ... i think -n "${@get_distro_needs_gpg_support(d)}" would be better than "= gnupg" And in fact we can probably keep using daemon mode and pull that kill out of the if as well chroot "${ROOTFSDIR}" gpgconf --kill gpg-agent || true rm -rf "${ROOTFSDIR}${MY_GPGHOME}" Could be a little more efficient, but probably not worth too much investigation. Just choose what seems more readable and maintainable. Henning > + rm -rf "${ROOTFSDIR}${MY_GPGHOME}" > fi > > if [ "${@get_distro_suite(d)}" = "stretch" ] && [ > "${@get_host_release().split('.')[0]}" -lt "4" ]; then