Hide Forgot
Description of problem: At any time I'm looking into the list of processes running on my F25 alpha machine, I'm seeing a bunch of gpg-agents hanging around: Version-Release number of selected component (if applicable): gnupg2-2.1.13-2.fc25.x86_64 PackageKit-1.1.4-1.fc25.x86_64 gnome-software-3.22.0-1.fc25.x86_64 How reproducible: I don't know Steps to Reproduce: 1. have some repositories disabled, so they have .repo files in /etc/yum.repos.d/, but don't show up in `dnf repolist` 2. have a look at `ps -aux | grep gpg-agent` Actual results: $ ps -aux | grep gpg-agent root 8217 0.0 0.0 167832 612 ? Ss 11:18 0:00 gpg-agent --homedir /var/cache/PackageKit/25/metadata/mildew-usbguard.tmp/gpgdir --use-standard-socket --daemon root 8770 0.0 0.0 167832 552 ? Ss 13:34 0:00 gpg-agent --homedir /var/cache/PackageKit/25/metadata/rpmfusion-free-updates.tmp/gpgdir --use-standard-socket --daemon root 9497 0.0 0.0 167832 556 ? Ss 13:34 0:00 gpg-agent --homedir /var/cache/PackageKit/25/metadata/rpmfusion-nonfree-updates.tmp/gpgdir --use-standard-socket --daemon root 9758 0.0 0.0 167832 680 ? Ss 13:34 0:00 gpg-agent --homedir /var/cache/PackageKit/25/metadata/mangelajo-kicad.tmp/gpgdir --use-standard-socket --daemon root 10789 0.0 0.0 167832 552 ? Ss 13:34 0:00 gpg-agent --homedir /var/cache/PackageKit/25/metadata/fabiand-rust-binary.tmp/gpgdir --use-standard-socket --daemon root 11571 0.0 0.0 167832 620 ? Ss 13:34 0:00 gpg-agent --homedir /var/cache/PackageKit/25/metadata/timlau-yumex-dnf.tmp/gpgdir --use-standard-socket --daemon christi+ 17795 0.0 0.0 119388 944 pts/1 S+ 13:36 0:00 grep --color=auto gpg-agent christi+ 22603 0.0 0.0 276184 880 ? Ss 13:33 0:00 gpg-agent --homedir /home/christian/.gnupg --use-standard-socket --daemon Expected results: gpg agents don't have to run all the time. For disabled yum repositories there shouldn't be any gpg agent running. There is no need to ever do this. Additional info: this bug seems to affect disabled repositories only. The processes are child to PID 1.
This heppens to me too: ......... 2662 ? Ss 0:00 gpg-agent --homedir /var/cache/PackageKit/25/metadata/updates.tmp/gpgdir --use-standard-socket --daemon 2843 ? Ss 0:00 gpg-agent --homedir /var/cache/PackageKit/25/metadata/zyga-snapcore.tmp/gpgdir --use-standard-socket --da [eRadical@me ~]$ sudo strace -p 2843 strace: Process 2843 attached pselect6(4, [3], NULL, NULL, {tv_sec=1, tv_nsec=606607385}, {[], 8}) = 0 (Timeout) pselect6(4, [3], NULL, NULL, {tv_sec=2, tv_nsec=1014}, {[], 8}) = 0 (Timeout) clone(child_stack=0x7ff5470bcff0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7ff5470bd9d0, tls=0x7ff5470bd700, child_tidptr=0x7ff5470bd9d0) = 3916 futex(0x7ff547ab8060, FUTEX_WAKE_PRIVATE, 1) = 1 pselect6(4, [3], NULL, NULL, {tv_sec=2, tv_nsec=91591}, {[], 8}) = 1 (in [3], left {tv_sec=2, tv_nsec=89314}) accept(3, {sa_family=AF_UNIX}, [110->2]) = 5 clone(child_stack=0x7ff5468bbff0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7ff5468bc9d0, tls=0x7ff5468bc700, child_tidptr=0x7ff5468bc9d0) = 3917 futex(0x7ff547ab8060, FUTEX_WAKE_PRIVATE, 1) = 1 pselect6(4, [3], NULL, NULL, {tv_sec=1, tv_nsec=999802436}, {[], 8}) = 0 (Timeout) pselect6(4, [3], NULL, NULL, {tv_sec=2, tv_nsec=926}, {[], 8}) = 0 (Timeout) pselect6(4, [3], NULL, NULL, {tv_sec=2, tv_nsec=747}, {[], 8}) = 0 (Timeout) pselect6(4, [3], NULL, NULL, {tv_sec=2, tv_nsec=570}, {[], 8}) = 0 (Timeout) pselect6(4, [3], NULL, NULL, {tv_sec=2, tv_nsec=673}, {[], 8}^Cstrace: Process 2843 detached <detached ...> PackageKit.x86_64 1.1.4-2.fc25
We hit this composing branched Fedora https://pagure.io/fedora-kickstarts/c/1c70356e936a8535ebd94d02a5cf3370b410f5df?branch=f26 is the workaround we had to do to get livecds working again PackageKit has to ensure it cleans up gpg-agent after itself
On Fedora 26, this issue also affects dnf, which shares just a few libraries (librepo, libsolv) with PackageKit. As strace reveals, the `gpg-agent` processes are started from gpg2, running with this command line: > execve("/usr/bin/gpg2", ["gpg2", "--enable-special-filenames", "--batch", "--no-sk-comments", "--status-fd", "38", "--no-tty", "--charset", "utf8", "--enable-progress-filter", "--exit-on-status-write-error", "--import", "--", "-&39"], [/* 25 vars */] <unfinished ...> which, in turn, starts gpg-agent: > execve("/usr/bin/gpg-agent", ["gpg-agent", "--homedir", "/tmp/tmpc5mct44v", "--use-standard-socket", "--daemon"], [/* 25 vars */]) = 0 So it looks like the issue is actually in gpg2, not PackageKit. Reassinging then. Steps to reproduce for dnf: 1. run `dnf upgrade` 2. after dnf finished, have a look at the list of running processes. Steps to reproduce for gnome-software (using PackageKit): 1. open gnome-software 2. on "Updates" page, press the refresh button 3. exit gnome-software 4. have a look at the list of running processes. Steps to reproduce for pkcon (the PackageKit command line utility): 1. run $ pkcon --cache-age=10 get-updates 2. after pkcon finished, have a look at the list of running processes. What happens: A list of gpg-agent processes is still running and gets more and more on every of the "Steps to reproduce" options above. Those processes are never terminated, even though they finished their work.
I do not see any ways around it than killing the gpg-agent from the process that runs the gpg with the different homedir. The gpg-agent is kept running by gpg because it would be used for subsequent gpg runs with the same homedir. If the homedir is just temporary and there won't be any subsequent gpg runs the gpg-agent must be explicitly killed. The agent can be killed with: gpgconf --kill gpg-agent
This message is a reminder that Fedora 26 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 26. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '26'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 26 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
This issue is not present any more on Fedora 28.