Re: Bug#842291: notmuch processes frequently stuck in select()

Subject: Re: Bug#842291: notmuch processes frequently stuck in select()

Date: Wed, 23 Nov 2016 18:57:38 -0400

To: Daniel Kahn Gillmor, Brian May, 842291@bugs.debian.org, Robbie Harwood

Cc: notmuch@notmuchmail.org, Debian GnuPG packaging

Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes:
>
>  0) turn off CRL updates entirely during s/mime signature verification
>
>  1) do s/mime signature verification without CRL updates, but schedule
>     CRL checks to happen in the background for dirmngr, so that future
>     verifications will reflect the cert validity
>
>  2) have dirmngr avoid checking CRLs that it knows it has already
>     updated recently
>
>  3) tell dirmngr to use much shorter CRL fetch timeouts
>

>
> Any thoughts on the best way to pursue this?
>
>     --dkg

Maybe the issue is in gmime's usage of gpgme. If I understand correctly
(which is far from a sure thing), pkcs7_verify calls gpgme_op_verify
which is synchronous, and (apparently) does not support timeouts. An
alternate strategy would be to call gpgme_op_verify_start, and then call
gpgme_wait, which has a nonblocking mode. I don't really understand the
S/MIME model, but naively it seems OK for signature verification to fail
if the CRL check doesn't finish quickly.

d

Previous message (by thread): Re: [pkg-gnupg-maint] Bug#842291: notmuch processes frequently stuck in select()

Thread:

David Bremner—Re: Bug#842291: notmuch processes frequently stuck in select() [attachment, inbox, unread]
- Daniel Kahn Gillmor—Re: Bug#842291: notmuch processes frequently stuck in select() [inbox, signed, unread]
  - David Bremner—Re: Bug#842291: notmuch processes frequently stuck in select() [inbox, unread]
  - Werner Koch—Re: [pkg-gnupg-maint] Bug#842291: notmuch processes frequently stuck in select() [inbox, signed, unread]
    - David Bremner—Re: [pkg-gnupg-maint] Bug#842291: notmuch processes frequently stuck in select() [inbox, unread]