We use gpg extensively, particularly as a part of salt-ssh. Lately, salt-ssh runs against multiple instances have begun to fail in rendering gpg-encrypted data. Looking into it, I learned that running one gpg -d at a time works without any problem, but several runs in parallel fail.
1. I create a file encrypted to myself. (I'm the default recipient.) $ gpg -qeo junk <<< junk 2. I can decrypt the file if it's in a single run. $ gpg -qd junk junk 3. I cannot decrypt the junk with 10 runs in parallel. (Pinentry opens during this run.) $ yes junk | head -n10 | xargs -n1 -P10 gpg -qd gpg: decryption failed: No secret key gpg: decryption failed: No secret key gpg: decryption failed: No secret key gpg: decryption failed: No secret key gpg: decryption failed: No secret key gpg: decryption failed: No secret key gpg: decryption failed: No secret key gpg: decryption failed: No secret key gpg: decryption failed: No secret key gpg: decryption failed: No secret key 4. gpg-agent is no longer running So... I threw these options into ~/.gnupg/gpg-agent.log: debug-pinentry debug-level guru log-file /tmp/agent.log debug 1024 verbose And tried the above again. This bit caught my eye: 2017-03-22 21:25:13 gpg-agent[3624] Warning: using insecure memory! 56ab56... 2017-03-22 21:25:14 gpg-agent[3624] DBG: rsa_decrypt res: [out of core] 2017-03-22 21:25:14 gpg-agent[3624] Ohhhh jeeee: ... this is a bug (sexp.c:1433:do_vsexp_sscan) I searched for that output online and came across this message: https://lists.gnutls.org/pipermail/gnupg-devel/2017-January/032489.html The description there matches my experience, but that particular double free seems to have been resolved already in 2.1.18, so I guess I'm seeing a new bug. Has anyone come across this? $ gpg --version gpg (GnuPG) 2.1.19 libgcrypt 1.7.6 - Michael A. Smith _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
