apt-key: kill gpg-agent explicitly in cleanup

apt-key has (usually) no secret key material so it doesn't really need
the agent at all, but newer gpgs insist on starting it anyhow. The
agents die off rather quickly after the underlying home-directory is
cleaned up, but that is still not fast enough for tools like sbuild
which want to unmount but can't as the agent is still hanging onto a
non-existent homedir.

Reported-By: Johannes 'josch' Schauer on IRC

diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in
index 511c91c167a1e352bbc711e14bb78d11718f61fa..80aacfa5e42d39ba77580ae1c5702468373dbf4b 100644 (file)
--- a/cmdline/apt-key.in
+++ b/cmdline/apt-key.in
@@ -480,6 +480,14 @@ if [ -z "$command" ]; then
 fi
 shift
 
+cleanup_gpg_home() {
+    if [ -z "$GPGHOMEDIR" ]; then return; fi
+    if command_available 'gpgconf'; then
+       GNUPGHOME="${GPGHOMEDIR}" gpgconf --kill gpg-agent
+    fi
+    rm -rf "$GPGHOMEDIR"
+}
+
 create_gpg_home() {
     # gpg needs (in different versions more or less) files to function correctly,
     # so we give it its own homedir and generate some valid content for it later on
@@ -491,8 +499,12 @@ create_gpg_home() {
        fi
     fi
     GPGHOMEDIR="$(mktemp -d)"
-    CURRENTTRAP="${CURRENTTRAP} rm -rf '$(escape_shell "${GPGHOMEDIR}")';"
+    CURRENTTRAP="${CURRENTTRAP} cleanup_gpg_home;"
     trap "${CURRENTTRAP}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM
+    if [ -z "$GPGHOMEDIR" ]; then
+       echo "ERROR: Could not create temporary gpg home directory in apt-key ($TMPDIR)"
+       exit 28
+    fi
     chmod 700 "$GPGHOMEDIR"
 }