Found the following logs (reverse order): Jul 24 14:35:20 xyz gpg-agent[847628]: listening on: std=3 extra=-1 browser=-1 ssh=-1 Jul 24 14:35:20 xyz gpg-agent[847628]: using fd 3 for std socket (/run/user/0/gnupg/S.gpg-agent) Jul 24 14:35:20 xyz gpg-agent[847628]: gpg-agent (GnuPG) 2.3.8 starting in supervised mode. Jul 24 14:35:20 xyz gpg-agent[847628]: gpg-agent[847628]: WARNING: "--supervised" is a deprecated option Jul 24 14:35:20 xyz systemd[1]: Started session-c42.scope. Jul 24 14:35:20 xyz systemd[1]: Started session-c41.scope. Jul 24 14:35:20 xyz systemd[847618]: Startup finished in 87ms. Jul 24 14:35:20 xyz systemd[847618]: Reached target default.target. Jul 24 14:35:20 xyz systemd[847618]: Started gpg-agent.service. Jul 24 14:35:20 xyz systemd[1]: Started user@0.service. Jul 24 14:35:20 xyz systemd[847618]: Reached target basic.target. Jul 24 14:35:20 xyz systemd[847618]: Reached target sockets.target. Jul 24 14:35:20 xyz systemd[847618]: Listening on dbus.socket. Jul 24 14:35:20 xyz systemd[847618]: Listening on gpg-agent.socket. Jul 24 14:35:20 xyz systemd[847618]: Starting dbus.socket... Jul 24 14:35:20 xyz systemd[847618]: Reached target timers.target. Jul 24 14:35:20 xyz systemd[847618]: Reached target paths.target. Jul 24 14:35:20 xyz systemd[847618]: Created slice app.slice. Jul 24 14:35:20 xyz systemd[847618]: Queued start job for default target default.target. Jul 24 14:35:20 xyz systemd-logind[1137]: New session c42 of user root. Jul 24 14:35:20 xyz systemd[1]: Starting user@0.service... Jul 24 14:35:20 xyz systemd[1]: Finished user-runtime-dir@0.service. Jul 24 14:35:20 xyz systemd[1]: Starting user-runtime-dir@0.service... Jul 24 14:35:20 xyz systemd[1]: Created slice user-0.slice. Jul 24 14:35:20 xyz systemd-logind[1137]: New session c41 of user root. Jul 24 14:35:02 xyz systemd[1]: user-0.slice: Consumed 3min 22.248s CPU time. Jul 24 14:35:02 xyz systemd[1]: Removed slice user-0.slice. Jul 24 14:35:02 xyz systemd[1]: Stopped user-runtime-dir@0.service. Jul 24 14:35:02 xyz systemd[1]: user-runtime-dir@0.service: Deactivated successfully. Jul 24 14:35:02 xyz systemd[1]: run-user-0.mount: Deactivated successfully. Jul 24 14:35:02 xyz systemd[1]: Stopping user-runtime-dir@0.service... Jul 24 14:35:02 xyz systemd[1]: user@0.service: Consumed 1.537s CPU time. Jul 24 14:35:02 xyz systemd[1]: Stopped user@0.service. Jul 24 14:35:02 xyz systemd[1]: user@0.service: Deactivated successfully. Jul 24 14:35:02 xyz systemd[775985]: Reached target exit.target. Jul 24 14:35:02 xyz systemd[775985]: Finished systemd-exit.service. Jul 24 14:35:02 xyz systemd[775985]: Reached target shutdown.target. Jul 24 14:35:02 xyz systemd[775985]: app.slice: Consumed 1.437s CPU time. Jul 24 14:35:02 xyz systemd[775985]: Removed slice app.slice. Jul 24 14:35:02 xyz systemd[775985]: Closed gpg-agent.socket. Jul 24 14:35:02 xyz systemd[775985]: Closed dbus.socket. Jul 24 14:35:02 xyz systemd[775985]: Stopped target timers.target. Jul 24 14:35:02 xyz systemd[775985]: Stopped target sockets.target. Jul 24 14:35:02 xyz systemd[775985]: Stopped target paths.target. Jul 24 14:35:02 xyz systemd[775985]: Stopped target basic.target. Jul 24 14:35:02 xyz systemd[775985]: gpg-agent.service: Consumed 1.431s CPU time. Jul 24 14:35:02 xyz systemd[775985]: Stopped gpg-agent.service. Jul 24 14:35:02 xyz systemd[775985]: Stopping gpg-agent.service... Jul 24 14:35:02 xyz gpg-agent[775995]: gpg-agent (GnuPG) 2.3.8 stopped Jul 24 14:35:02 xyz gpg-agent[775995]: SIGTERM received - shutting down ... Jul 24 14:35:02 xyz systemd[775985]: Stopped target default.target. Jul 24 14:35:02 xyz systemd[775985]: Activating special unit exit.target... Jul 24 14:35:02 xyz systemd[1]: Stopping user@0.service... This is on a server instance, where I encountered database errors. My interpretation: - gpg is installed in order to encrypt (automated) backups - gpg-agent is never used, and "activated". Due to lying in /etc/systemd/user/default.target.wants/gpg-agent.service it is started on any root-ssh - in case gpg-agent is terminated, it causes systemd to fire exit.target "systemd will start this unit when it receives the SIGTERM or SIGINT signal when running as user service daemon. Normally, this (indirectly) pulls in shutdown.target, which in turn should be conflicted by all units that want to be scheduled for shutdown when the service manager starts to exit." => gpg-agent should not be added as /etc/systemd/user/ => I guess the "supervised" flag in gpg-agent, even is not a good idea => debian installes e.g. user/sockets.target.wants/gpg-agent.socket
You must have an old installation. At some point gpg-agent.service was enabled globally by default, but it's not the case anymore since https://svnweb.mageia.org/packages?view=revision&revision=1654247. You can use the following to reset to the current default. It removes "/etc/systemd/user/default.target.wants/gpg-agent.service" symlink. # systemctl --no-reload preset --global gpg-agent
CC: (none) => jani.valimaa
Since https://svnweb.mageia.org/packages?view=revision&revision=1654247 gpg-agent is socket activated, and enabling it is up to user. $ systemctl enable --user gpg-agent.socket Globally gpg-agent can be enabled for all users with # systemctl enable --global gpg-agent.socket
sure. This is a server - it gets updates. I'm not sure, if it was created with mandriva or it was renewed when mageia was found. But the change was only 3 years ago - most of my systems are way older. The rpm should have removed the global systemd file.
Thanks again Jani for your expert explanations. @Marc: wha
CC: (none) => lewyssmith
@Marc: what package are we talking about? These look the most likely: lib64gpg-error0 lib64gpgme11 lib64gpgmepp6 lib64qgpgme15 There is no gpg-agent. @Jani: "The rpm should have removed the global systemd file" Is this possible & reasonable?
It is gnupg2:/usr/bin/gpg-agent The installation of gnupg2 in mga7/8 ? registered the service as global. So each user session started the gpg-agent. As it was decided to add the registration in user via sockets, the old file should have been removed. I guess other people which only do updates will have the service beeing started every time, and maybe having some wired trouble because of it. (e.g. most backup programs require gpg)
(In reply to Lewis Smith from comment #5) > @Jani: "The rpm should have removed the global systemd file" > Is this possible & reasonable? It's possible, for example, with %triggerpostun scriptlet. https://svnweb.mageia.org/packages?view=revision&revision=1700387 It was removed in next revision. Unfortunately I can't remember the reason for it. https://svnweb.mageia.org/packages?view=revision&revision=1700388
The origin: Revision 1654247 Mon Dec 7 16:54:56 2020 joequant "move activation to user to avoid needing systemd" which looks to be what Marc is asking for. The first change noted above is commented: Revision 1700387 Sun Mar 7 11:39:04 2021 "reset global gpg-agent user service setting to system preset (disable) after change in r1654247" and the second above: Revision 1700388 Sun Mar 7 11:42:22 2021 "revert r1700387 to not force changes in users' systems (SILENT)" that is, the previous change was immediately reverted. So what do we ask the packagers to do? I prefer to forward this with a +ve recommendation.
I have no idea what is 'a +ve recommendation'. Anyhow I guess we want to force the change/removal anyway as otherwise there can be problems.
Comment just says "revert r1700387 to not force changes in users' systems" which I usally agree, but it was set by the package; so resetting a dumb decission should be ok. And it makes trouble. So, if you're ok with it; I will just (re-)add the patch and build the package for mga9
I don't think the famous nobody, gnupg2's maintainer, will object.
Suggested advisory: ======================== Updated gnupg2 package to remove gpg-agent startup on each user session (even for ssh-root sessions). This behaviour was introduced by an older version of gnupg2 and is now corrected. The old behaviour can cause global services to be restarted (e.g. databases, webserver) by systemd, when gnupg2 crashes. Updated packages in core/updates_testing: ======================== gnupg2-debugsource-2.3.8-1.1.mga9 gnupg2-2.3.8-1.1.mga9 gnupg2-debuginfo-2.3.8-1.1.mga9 SRPM: gnupg2-2.3.8-1.1.mga9.src.rpm
Assignee: bugsquad => qa-bugs
Source RPM: gpg-agent => gnupg2
I had to fix %%triggerpostun scriptlet version to trigger also with latest pkgs in mga9 and cauldron. Updated RPMS/SRPMS to test in mga9 core/updates_testing: gnupg2-2.3.8-1.2.mga10
Isn't it better to just trigger it everytime? I was not familiar with that syntax on triggerpostun
Keywords: (none) => advisory
RH mageia 9 x86_64 LC_ALL=C urpmi --auto --auto-update medium "QA Testing (32-bit)" is up-to-date medium "QA Testing (64-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing gnupg2-2.3.8-1.2.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/1: gnupg2 ################################################################################################## 1/1: removing gnupg2-2.3.8-1.mga9.x86_64 ################################################################################################## gpg --list-keys gpg --list-secret-keys Shows me the same information produced before the update (information about the key used to sign packages in blogdrake's repository) sign a few packages without issue Encrypt text file with gpg --symmetric Decrypt the file with gpg --decrypt file.gpg > newfile diff -s original newfile says the files are identical OK for me for functionalities not related to the bug and tested in previous rounds If Marc or Jani can confirm that fix the issue, I'll put the OK
To properly test the upgrade symlink /etc/systemd/user/default.target.wants/gpg-agent.service -> /usr/lib/systemd/user/gpg-agent.service must exist. Steps: # mkdir -p /etc/systemd/user/default.target.wants/ # ln -sf /usr/lib/systemd/user/gpg-agent.service /etc/systemd/user/default.target.wants/gpg-agent.service # urpmi gnupg2 installing gnupg2-2.3.8-1.2.mga9.x86_64.rpm from /var/cache/urpmi/rpms Preparing... ############################################# 1/1: gnupg2 ############################################# 1/1: removing gnupg2-2.3.8-1.mga9.x86_64 ############################################# Removed "/etc/systemd/user/default.target.wants/gpg-agent.service".
(In reply to Jani Välimaa from comment #16) > To properly test the upgrade symlink > /etc/systemd/user/default.target.wants/gpg-agent.service -> > /usr/lib/systemd/user/gpg-agent.service must exist. > > Steps: > # mkdir -p /etc/systemd/user/default.target.wants/ > # ln -sf /usr/lib/systemd/user/gpg-agent.service > /etc/systemd/user/default.target.wants/gpg-agent.service > # urpmi gnupg2 > installing gnupg2-2.3.8-1.2.mga9.x86_64.rpm from /var/cache/urpmi/rpms > > Preparing... > ############################################# > 1/1: gnupg2 > ############################################# > 1/1: removing gnupg2-2.3.8-1.mga9.x86_64 > > ############################################# > Removed "/etc/systemd/user/default.target.wants/gpg-agent.service". Downgrade the package make the steps Update again and see the line Removed "/etc/systemd/user/default.target.wants/gpg-agent.service"
CC: (none) => andrewsfarmWhiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGAA-2024-0175.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED