Make sure both gpg-agent and dirmngr have picked up new configuration (…

…#1387) @hamidzr wrote #1335, which fixes #1333, a case of a running `gpg-agent` not picking up changes from GPG configuration. When testing, I noticed the configuration issue affects `dirmngr` as well. If there's a running `dirmngr`, provisioning fails when trying to update the keyring. This patch addresses both components. `dirmngr` doesn't seem respond to HUP or `--reload`, so it needs to be killed and restarted. Resolves #1333.
StreisandEffect · Jul 11, 2018 · 0831994 · 0831994
1 parent 03ee366
commit 0831994
Showing 1 changed file with 11 additions and 5 deletions.
diff --git a/playbooks/roles/gpg/tasks/main.yml b/playbooks/roles/gpg/tasks/main.yml
@@ -31,19 +31,25 @@
     group: root
     mode: 0750
 
-- name: "Write the Streisand GPG dirnmgr config"
+- name: "Write the Streisand GPG dirmngr config"
   template:
     src: "dirmngr.conf.j2"
     dest: "{{ root_gpg_dir }}/dirmngr.conf"
     owner: root
     group: root
     mode: 0750
 
-- name: "Start the GPG agent"
-  command: "gpg-agent --homedir {{ root_gpg_dir }} --use-standard-socket --daemon"
+- name: "Ensure a GPG agent is running"
+  command: "gpgconf --launch gpg-agent"
 
-- name: "Start the dirmngr"
-  command: "dirmngr --homedir {{ root_gpg_dir }} --daemon"
+- name: "Reload gpg-agent to pick up configuration changes"
+  command: "gpgconf --reload gpg-agent"
+
+# It turns out that "--reload" doesn't work on dirmngr.
+- name: "Kill any existing dirmngr"
+  command: "gpgconf --kill dirmngr"
+- name: "Start a new dirmngr with our config changes"
+  command: "gpgconf --launch dirmngr"
 
 - name: "Wait for the GPG agent and dirmngr control sockets"
   wait_for: