move gpg tmp home to system temp dir

test: Put gpg temp home directory in system temp directory, not filesystem being tested. Since I've found indications gpg can fail talking to the agent when the socket ends up on eg, fat. And to hopefully fix this bug report I've followed up on. The main risk in using the system temp dir is that TMPDIR could be set to a long directory path, which is too long to put a unix socket in. To partially amelorate that risk, it uses either an absolute or a relative path, whichever is shorter. (Hopefully gpg will not convert it to a longer form of the path..) If the user sets TMPDIR to something so long a path to it + "S.gpg-agent" is too long, I suppose that's their issue to deal with. Sponsored-by: Dartmouth College's Datalad project
2021-10-12 13:22:46 -04:00 · 2021-10-12 13:22:46 -04:00 · c2a44eab50
commit c2a44eab50
parent b7d5d54b06
3 changed files with 74 additions and 7 deletions
--- a/2
+++ b/2
@ -7,6 +7,8 @@ git-annex (8.20211012) UNRELEASED; urgency=medium
  * Negotiate P2P protocol version with tor remotes, allowing
    use of protocol version 1. This negotiation is not supported
    by versions of git-annex older than 6.20180312.
+  * test: Put gpg temp home directory in system temp directory,
+    not filesystem being tested.

 -- Joey Hess <id@joeyh.name>  Mon, 11 Oct 2021 14:09:13 -0400

--- a/Test.hs
+++ b/Test.hs
@ -1821,13 +1821,20 @@ test_crypto = do
 	testscheme "pubkey"
  where
 	gpgcmd = Utility.Gpg.mkGpgCmd Nothing
-	testscheme scheme = do
-		abstmp <- fromRawFilePath <$> absPath (toRawFilePath tmpdir)
-		testscheme' scheme abstmp
-	testscheme' scheme abstmp = intmpclonerepo $ do
-		gpgtmp <- (</> "gpgtmp") . fromRawFilePath
-			<$> relPathCwdToFile (toRawFilePath abstmp)
-		createDirectoryIfMissing False gpgtmp
+	testscheme scheme = Utility.Tmp.Dir.withTmpDir "gpgtmp" $ \gpgtmp -> do
+		-- Use the system temp directory as gpg temp directory because 
+		-- it needs to be able to store the agent socket there,
+		-- which can be problimatic when testing some filesystems.
+		absgpgtmp <- fromRawFilePath <$> absPath (toRawFilePath gpgtmp)
+		testscheme' scheme absgpgtmp
+	testscheme' scheme absgpgtmp = intmpclonerepo $ do
+		-- Since gpg uses a unix socket, which is limited to a
+		-- short path, use whichever is shorter of absolute
+		-- or relative path.
+		relgpgtmp <- fromRawFilePath <$> relPathCwdToFile (toRawFilePath absgpgtmp)
+		let gpgtmp = if length relgpgtmp < length absgpgtmp
+			then relgpgtmp 
+			else absgpgtmp
 		Utility.Gpg.testTestHarness gpgtmp gpgcmd
 			@? "test harness self-test failed"
 		void $ Utility.Gpg.testHarness gpgtmp gpgcmd $ do
--- a/doc/bugs/gpgconf58_invalid_option_34--kill34_40gpg_2.0.2241_/comment_3_d3a478e3f7da91ab14c9b1e24d3e07d6._comment
+++ b/doc/bugs/gpgconf58_invalid_option_34--kill34_40gpg_2.0.2241_/comment_3_d3a478e3f7da91ab14c9b1e24d3e07d6._comment
@ -0,0 +1,58 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 3"""
+ date="2021-10-12T16:42:02Z"
+ content="""
+From the log:
+
+	    crypto:                                               gpgconf: invalid option "--kill"
+	gpgconf: invalid option "--kill"
+	FAIL (22.13s)
+	      ./Test/Framework.hs:57:
+	      copy --to encrypted remote failed (transcript follows)
+	      copy foo (to foo...)
+	      gpg: can't connect to the agent: Invalid value passed to IPC
+	      gpg: problem with the agent: No agent running
+
+That is not really be a problem with gpgconf --kill, but a problem
+talking to gpg-agent.
+
+The same crypto test fails a couple more times in that log, like this:
+
+	    crypto:                                               gpgconf: invalid option "--kill"
+	gpgconf: invalid option "--kill"
+	FAIL (12.00s)
+	      ./Test/Framework.hs:57:
+	      get of file failed (transcript follows)
+	      get foo (not available) 
+	        No other repository is known to contain the file.
+	      failed
+	      get: 1 failed
+
+That is also not a problem with gpgconf --kill, it's actually due to an
+earlier test failure, unrelated to this. That earlier failure was
+the one [the other issue](https://git-annex.branchable.com/bugs/__34__357_out_of_984_tests_failed__34___on_NFS_lustre_mount/)
+was about, which has since been fixed. So we can ignore these I think,
+leaving only the one above as an unexplained failure.
+
+"gpg: can't connect to the agent: Invalid value passed to IPC" could 
+be some kind of gpg bug. I found some other instances of gpg failing that way.
+One involved using --homedir (similar to the test suite's
+use of GNUPGHOME) but on windows.
+<https://lists.gnupg.org/pipermail/gnupg-users/2016-October/056817.html>
+And here's another one, in WSL when apt runs
+gpg. <https://github.com/microsoft/WSL/issues/5125>
+
+Perhaps this is a problem with the location of the gpg agent socket in the
+filesystem that git-annex test is running in. That somehow messes up not
+creation of that socket, but later use of it. It seems that the earlier
+self-test of the test harness did not trigger the problem though, which is
+odd because it sets up a gpg private key and I'd think would use the agent
+too.
+
+In [[!commit b426ff682570d8600dc8025bbcd20aa95819a7e4]] I considered
+putting the gpg directory inside the system temp dir, which would perhaps
+avoid the problem here. I've made that change.
+
+Please test a fresh build on this system again, if you can..
+"""]]