diff --git a/n/gpa/gpa-0.9.10-fix-tofu-deadlock.patch b/n/gpa/gpa-0.9.10-fix-tofu-deadlock.patch new file mode 100644 index 00000000..696d04a2 --- /dev/null +++ b/n/gpa/gpa-0.9.10-fix-tofu-deadlock.patch @@ -0,0 +1,57 @@ +From 108d9d26cd41e63d38557bbe440f9a369c71e9a1 Mon Sep 17 00:00:00 2001 +From: Damien Goutte-Gattat +Date: Sun, 18 Feb 2018 23:10:52 +0000 +Subject: [PATCH gpa] Load the secret keyring before the public one. +To: gnupg-devel@gnupg.org + +* src/keylist.c (gpa_keylist_init): Forcefully load the secret +keyring before attempting to load the public keys. +-- + +Gpa loads the private keyring in a kind of "lazy mode", in that +the private keyring is only loaded the first time Gpa needs to +lookup a private key. This normally happens during the loading +of the public keyring, since for each public key Gpa must lookup +in the private keyring to check whether a private counterpart is +available. + +The result is that a Gpg process is spawn to list the secret keys +while another Gpg process is still listing the public keys. If +the trust model happens to be TOFU or TOFU+PGP, this can cause +some problems with regard to the locking of the TOFU database. + +To avoid that, this patch makes sure the private keyring is +actively and synchronously loaded before we fetch the public keys +(no more lazy loading). + +GnuPG-bug-id: 3748 +Signed-off-by: Damien Goutte-Gattat +--- + src/keylist.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/src/keylist.c b/src/keylist.c +index 442da08..2c8e7e8 100644 +--- a/src/keylist.c ++++ b/src/keylist.c +@@ -231,7 +231,16 @@ gpa_keylist_init (GTypeInstance *instance, void *class_ptr) + } + else + { +- /* Initialize from the global keytable. */ ++ /* Initialize from the global keytable. ++ * ++ * We must forcefully load the secret keytable first to ++ * prevent concurrent access to the TOFU database. */ ++ gpa_keytable_force_reload (gpa_keytable_get_secret_instance (), ++ NULL, (GpaKeyTableEndFunc) gtk_main_quit, ++ NULL); ++ gtk_main (); ++ ++ /* Now we can load the public keyring. */ + gpa_keytable_list_keys (gpa_keytable_get_public_instance(), + gpa_keylist_next, gpa_keylist_end, list); + } +-- +2.14.1 + diff --git a/n/gpa/gpa.SlackBuild b/n/gpa/gpa.SlackBuild index 484802c2..b0303888 100755 --- a/n/gpa/gpa.SlackBuild +++ b/n/gpa/gpa.SlackBuild @@ -1,6 +1,6 @@ #!/bin/bash # Build script for Slackware -# Copyright (C) 2016 Damien Goutte-Gattat +# Copyright (C) 2016,2018 Damien Goutte-Gattat # # Redistribution and use of this script, with or without modifications, # is permitted provided that the following conditions are met: @@ -34,7 +34,7 @@ WGET=${WGET:-https://www.gnupg.org/ftp/gcrypt/gpa/$ARCHIVE} # Build infos NAMEPKG=${NAMEPKG:-gpa} -BUILD=${BUILD:-1GGD} +BUILD=${BUILD:-2GGD} ARCH=${ARCH:-$(uname -m | sed 's/^i.86$/i486/;s/^arm.*/arm/')} JOBS=${JOBS:-1} EXT=${EXT:-txz} @@ -85,6 +85,9 @@ cd $TMP echo "Building $ARCHIVE..." tar xf $CWD/$ARCHIVE cd $NAME +# Fix https://dev.gnupg.org/T3748 +# https://lists.gnupg.org/pipermail/gnupg-devel/2018-February/033453.html +patch -p 1 < $CWD/gpa-0.9.10-fix-tofu-deadlock.patch CFLAGS=$CPUOPT \ CXXFLAGS=$CPUOPT \ ./configure \