Hi, Quoting Daniel Kahn Gillmor (2016-08-04 18:29:03) > One of the main differences is that all access to your secret key will be > handled through gpg-agent, which should be automatically launched as needed.
it might be important to note that gpg launching this gpg-agent process is not optional and that it will automatically be launched and continue running in the background for many gpg operations. This means, that applications that use gpg from within a short-lived container (like during package builds, for example as part of a test suite) should probably add a gpgconf --kill gpg-agent somewhere after they are done with all gpg related operations or otherwise it will be impossible to unmount /dev from the container until gpg-agent died after a timeout. It is also important to note that not all versions of gpgconf have the --kill switch. This command must be run with the same $GNUPGHOME that was used to run gpg. Doing this might be made complicated if your scripts do not call gpg directly but use tools that in turn call gpg. For example apt-key uses a temporary $GNUPGHOME which is removed after apt-key exits and thus it is impossible to use "gpgconf --kill gpg-agent" to kill the gpg-agent process left by apt-key. This was fixed in the apt git, but there might be similar situations around. Thanks! cheers, josch
signature.asc
Description: signature
