Christian Hesse <list@xxxxxxxx> writes: > Kousik Sanagavarapu <five231003@xxxxxxxxx> on Tue, 2023/08/22 13:24: >> Christian Hesse <list@xxxxxxxx> wrote: >> >> > From: Christian Hesse <mail@xxxxxxxx> >> > >> > Running the tests in a build environment makes gnupg print a warning: >> > >> > gpg: Warning: using insecure memory! >> > >> > This warning breaks the match, as `head` misses one line. Let's strip >> > the line, make `head` return what is expected and fix the match. >> > >> > Signed-off-by: Christian Hesse <mail@xxxxxxxx> >> >> I think a bit of an explanation about why this warning is showing up in the >> commit message would be good. >> >> "man gpg" gives me <stripped> >> >> So it seems that this warning will pop up if gpg is writing memory pages to >> disk which is bad because as stated above we don't want these pages written >> to disk which is a security risk. > > The Arch Linux packages are built inside a clean container, started via > systemd-nspawn. Within the container the system call @memlock is not allowed > by default, for security reasons. Thanks for Kousik and Christian for discussing this. The phrase "in a build environment" in the proposed log message puzzled me, as the program does not seem to print such warning in my build environment. And environments where memlock is disabled are probably not limited to containers used to build Arch's packages. "in a build environment" -> "in an enviornment where memlock is disabled" would have avoided puzzling readers.
