From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7003745943754375168 X-Received: by 2002:a17:906:e104:: with SMTP id gj4mr12638224ejb.306.1630920927155; Mon, 06 Sep 2021 02:35:27 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a17:906:7047:: with SMTP id r7ls2814641ejj.5.gmail; Mon, 06 Sep 2021 02:35:26 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwWfA0pKQFivUteIbMoWtti4baRWL6+Y1Ubo9tA5T73593KBy046LLZ8szO/CCqCbo+DKNq X-Received: by 2002:a17:906:584:: with SMTP id 4mr12747344ejn.56.1630920926271; Mon, 06 Sep 2021 02:35:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1630920926; cv=none; d=google.com; s=arc-20160816; b=dV4uShp1F3+hlwSq8Bg5pOQG/1KgCxj6JGjDGd8Fqx1Xz+qTE2a4v+wEeNi6Najlxx xdPH1LXQ18J8aYm9Wt5ukdnChuVnMIehbpnnhZCdUc/eCeGqUyi/f6VAoh+kjmz58+UQ PNQ4sljetZ/u+t/J7CglY27Rg16z2AXeFstpwjbGt9pc6Mt7pSSCKszfEtTibzq3CF/f JvvUJKrJ5MCSxEQJsHPm/Y3/7nRyn0bQd+gxKc/eTQC9wVXlY2bynznbgKoKMlhJKIdK c64XV6E5S3f1bqm7nfTtnm/DCTCQj+vOO/RhQz6BJK0Iafux+l3N5Z6qEmekokOrl691 OGFQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date; bh=gt+iNu0QNIXWxm1ZIJvpnnywRAZ970IhQc1DHBzEbnI=; b=wdmNuKhG96KSMRpOsbty9yAnhdubXvXltH5+cI1X9o24d4b7Dp5a7pHCcSSlGSmDu5 eIC27bQzH5WFOJusBiu3eC2Pfzj/pGsAjetqWa46jyrqA02FucSJ3nT34CVwaLvGpHjy ivGEs90VJ+PByzDWZKsEjyFtU5HuDoxF30XEAxa95KqeUURyLJnFVNipKyNE+6HN6F6H DEKi13WDqbSq702K49ldjaSWc+mYCJ86m706YJJShINrxBgQ85vVXoyvV9FRi5S1UF4M xgJuMF8W8NCy4LCX0Oe+MhLcMn5NLnWgpvsCn452qb2tb2EruF4EuYi5dRIARpMjEeEs Q9vA== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from gecko.sbs.de (gecko.sbs.de. [194.138.37.40]) by gmr-mx.google.com with ESMTPS id w12si478018edj.5.2021.09.06.02.35.26 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 06 Sep 2021 02:35:26 -0700 (PDT) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 194.138.37.40 as permitted sender) client-ip=194.138.37.40; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by gecko.sbs.de (8.15.2/8.15.2) with ESMTPS id 1869ZPm6006203 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 6 Sep 2021 11:35:25 +0200 Received: from md1za8fc.ad001.siemens.net ([139.25.0.59]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id 1869ZPqi029073; Mon, 6 Sep 2021 11:35:25 +0200 Date: Mon, 6 Sep 2021 11:35:25 +0200 From: Henning Schild To: Anton Mikanovich Cc: , Subject: Re: [PATCH 2/2] isar-bootstrap: Do not let gpg-agent to stay running Message-ID: <20210906113525.4e4e9120@md1za8fc.ad001.siemens.net> In-Reply-To: <9e132cae-982f-dca5-4ee8-acd7c291abb7@ilbers.de> References: <20210903163105.54003-1-amikan@ilbers.de> <20210903163105.54003-3-amikan@ilbers.de> <20210903193010.65525070@md1za8fc.ad001.siemens.net> <9e132cae-982f-dca5-4ee8-acd7c291abb7@ilbers.de> X-Mailer: Claws Mail 3.18.0 (GTK+ 2.24.33; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-TUID: RWs+QX6tPhcr Am Mon, 6 Sep 2021 12:07:09 +0300 schrieb Anton Mikanovich : > 03.09.2021 20:30, Henning Schild wrote: > > Venkata found that /tmp/gpghomeXXXXXXX to be part of the rootfs. It > > not being deleted had the same reason the agent was never killed. > Even if incorrect check will not fail and gpg-agent will be killed, > the second part of the original line > >chroot "${ROOTFSDIR}" gpgconf --kill gpg-agent && /bin/rm -rf > "${MY_GPGHOME}" > will be executed outside the chroot, so /tmp/gpghome* will not be > removed because of wrong path. > Executing rm outside the chroot with corrected path (`rm -rf > "${ROOTFSDIR}${MY_GPGHOME}"`) is more efficient and will fix the > issue. > > >> + if [ "${@get_distro_needs_gpg_support(d)}" = "gnupg" -a -d > >> "${ROOTFSDIR}${MY_GPGHOME}" ]; then > > Why that new condition on get_distr_needs_gpg_support? I think this > > can go away. In fact i think the whole if can go since the rm has a > > -f. > > > > If the condition needs to stay ... i think > > > > -n "${@get_distro_needs_gpg_support(d)}" > > > > would be better than "= gnupg" > This one is needed because original `if [ -d > "${ROOTFSDIR}${MY_GPGHOME}" ]` will be true in case there is no need > in gpg-agent (MY_GPGHOME empty, but ROOTFSDIR exists). And that's why > we also can't leave just `rm -rf "${ROOTFSDIR}${MY_GPGHOME}"` there. > The check `= gnupg` was already used above, but yes I can rebuild > previous check also. In fact we really need a [ -n MY_GPGHOME] before we "rm -rf". Otherwise we could delete ${ROOTFSDIR}. Because otherwise we assume that when get_distro_needs_gpg_support is true that variable is filled for sure. So i would say. chroot "${ROOTFSDIR}" gpgconf --kill gpg-agent || true if [ -n "${MY_GPGHOME}" ]; then rm -rf "${ROOTFSDIR}" fi Henning > > > And in fact we can probably keep using daemon mode and pull that > > kill out of the if as well > > > > chroot "${ROOTFSDIR}" gpgconf --kill gpg-agent || true > > rm -rf "${ROOTFSDIR}" > > > > Could be a little more efficient, but probably not worth too much > > investigation. Just choose what seems more readable and > > maintainable. > In the original code the number of chroot executions was > 2+[keys_number], the number of gpg-agent executions was 1. Now it is > just [keys_number] for both. I don't think there will be critical > performance drop. > The first priority of this rebuild was it's stability. gpg-agent > should not stays running even in case apt-key fails. > It is also possible to move the loop code inside gpg-agent run > command, but that will be much less readable.