New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tests spawn unlimited gpg-agents #1928
Comments
Thank you for reporting the problem! @petermax2 Is it possible that the gpg commands during the tests spawn up gpg-agents? |
Ooops I thought that gpg would always connect to the same agent. I will investigate. |
@markus2330 this is also the reason why there are so many gpg agents on v2 reported with your userid, as the docker container runs with 1000:1000. but the problem is not restricted to docker: debian-stretch-minimal has > 250 of them as well |
some nodes are not affected because they are setup to spawn a gpg-agent for jenkins which gets used by the tests (probably, have to confirm) |
Thank you both for looking into this!
If we cannot find a way to kill the agents we start, we can simply require that the environment already has a gpg-agent (#1888). |
Maybe the gpg agent is not required to start at all and we can suppress it during the tests. But I have to have a look at it in the evening. |
mh usually @petermax2 the tests that require gpg-agent (found by renaming gpg-agent to gpg-agent.bak ;)):
|
|
@petermax2 probably yes. in the environment where i tested there was no botan installed. it is running however here and probably also spawning agents. |
It's not that simple. I tried to invoke
Could we give this a shot? |
Or have a cron-job like
or something similar on the build servers/containers? |
I would have the test check if an agent is available, if not start it and retain it's pid. in the test cleanup stop the agent. everything else is a hack. |
You are right, the only question is where the start and stop should happen. Doing this within our agents/dockers seems to be easier than in our unit tests written in C. |
Here is what I learned so far: It is possible to suppress the auto-start of the It is also possible to fork I will try to fork and execv |
Much easier, I guess :-) |
I think your decision was right to simply use the default-way of gpg to connect to agents. As alternative to starting/stopping gpg-agent, we can also disable the "use-agent" in .gnupg/gpg.conf |
i have no problem with one agent autostarting (and even have it running). I have a problem with subsequent tests starting a new one |
In a production environment it is the better option. On my machine in our test environments we mus keep a single instance of the agent up and running before starting the tests. I think the problem is that we clear the environemnt, as @ingwinlu mentioned before. |
we shouldn't anymore. but the issue persists |
If gpg-agent tries to communicate via environment it obviously cannot work, the next test run would never get the environment set by a test run before. I like following two options best:
A setup, where daemons get started on-demand without a global way to know if the daemon has been started already (and env vars are not global but process-specific), seems to be broken. We should not try to fix this within the tests. |
|
We do not use the homedir option. And https://dev.gnupg.org/T3218 describes the workaround of stackoverflow as "a (very awkward) workaround". Maybe simply starting the gpg-agent is the most future-proof variant (in a controlled way within our environment). Seems like they in recent versions the startup of gpg-agent is not optional anymore. (which makes my option 2. above nonsensical) |
Yeah I have not found where it comes from but it matches the problem (see op) as all the agents spawned with a different one. |
It was a good hint, I learned that startup of gpg-agent is not optional anymore. Which makes it very clear that we need to start and stop it. And not try to avoid the starting. |
We don't use the |
https://wiki.archlinux.org/index.php/GnuPG
|
also interesting https://www.gnupg.org/documentation/manuals/gnupg/Ephemeral-home-directories.html:
Tested this in my container and it cleaned up the process automatically as promised. |
Yes,
|
OK so something in the test suite is overriding HOME into a tmp directory (which is good). If that is still available during cleanup it should just be removed to stop the agent. That would be an ideal fix. |
If we simply set With I think this is the simplest solution. |
keep in mind that if you share your home directory you might not be able to run tests parallely. And what would happen if the target system relays on GNUPGHOME, so you would need to save existing env and restore it manually after tests. I would appreciate if we could take a step back and look at how those tests might influence user machines, not just the test server environment. |
I ran the script:
without any problems. GPG should handle locking, etc.
This is the way I tried to
|
I was more thinking about you want to separate gpg-agents that should not influence each other. i.e. you only want agent a to have key of test a, and agent b to have key for test b. If that is not needed then a hardcoded tmp home is ok.
When first investigating the issue I came across a website (linked above) that stated that the expected way to shut down a temp gpg-agent is to delete its gpg home directory. So if you set GNUPGHOME to |
It works! I will integrate this fix into the |
I have a working prototype. PR is coming tomorrow. |
See ElektraInitiative#1928 for discussion.
See ElektraInitiative#1928 for discussion.
Should be fixed with #2056 . Please re-open if the problem still occurs. |
Steps to Reproduce the Problem
make run_nokdbtests
ps -ef
make run_nokdbtests
ps -ef
Expected Result
tests should stop gpg-agents after they are finished
Actual Result
each test run spawns more gpg-agents
System Information
Further Log Files and Output
The text was updated successfully, but these errors were encountered: