Move and increase gpg command timeout

Prior to this commit, settings.SUBPROCESS_TIMEOUT=3 (seconds) was
used as default and also to configure timeouts for any subprocess
spawned via the securesystemslib process interface, including
running the gpg command to sign, export keys and check version.

The small timeout regularly lead to test failures on slow test
runners. Furthermore, configuring the timeout via global is bad
practice and error-prone (see secure-systems-lab#219, secure-systems-lab#345).

This patch defines a custom constant, to be used only for gpg
subprocesses and increases its value to 10 seconds.

To override this default, an optional timeout argument will be
added to relevant gpg interfaces in a subsequent commit.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>

securesystemslib/gpg/constants.py

@@ -24,13 +24,20 @@
 
 log = logging.getLogger(__name__)
 
+GPG_TIMEOUT = 10
+
 
 @functools.lru_cache(maxsize=3)
 def is_available_gnupg(gnupg: str) -> bool:
  """Returns whether gnupg points to a gpg binary."""
  gpg_version_cmd = gnupg + " --version"
  try:
- process.run(gpg_version_cmd, stdout=process.PIPE, stderr=process.PIPE)
+ process.run(
+ gpg_version_cmd,
+ stdout=process.PIPE,
+ stderr=process.PIPE,
+ timeout=GPG_TIMEOUT,
+ )
  return True
  except (OSError, subprocess.TimeoutExpired):
  return False

securesystemslib/gpg/functions.py

@@ -25,6 +25,7 @@
 )
 from securesystemslib.gpg.constants import (
  FULLY_SUPPORTED_MIN_VERSION,
+ GPG_TIMEOUT,
  NO_GPG_MSG,
  SHA256,
  gpg_export_pubkey_command,
@@ -127,6 +128,7 @@ def create_signature(content, keyid=None, homedir=None):
  check=False,
  stdout=process.PIPE,
  stderr=process.PIPE,
+ timeout=GPG_TIMEOUT,
  )
 
  # TODO: It's suggested to take a look at `--status-fd` for proper error
@@ -307,7 +309,9 @@ def export_pubkey(keyid, homedir=None):
  # TODO: Consider adopting command error handling from `create_signature`
  # above, e.g. in a common 'run gpg command' utility function
  command = gpg_export_pubkey_command(keyid=keyid, homearg=homearg)
- gpg_process = process.run(command, stdout=process.PIPE, stderr=process.PIPE)
+ gpg_process = process.run(
+ command, stdout=process.PIPE, stderr=process.PIPE, timeout=GPG_TIMEOUT
+ )
 
  key_packet = gpg_process.stdout
  key_bundle = get_pubkey_bundle(key_packet, keyid)

securesystemslib/gpg/util.py

@@ -380,6 +380,7 @@ def get_version() -> Version:
  stdout=process.PIPE,
  stderr=process.PIPE,
  universal_newlines=True,
+ timeout=constants.GPG_TIMEOUT,
  )
 
  full_version_info = gpg_process.stdout

tests/test_gpg.py

@@ -44,6 +44,7 @@
  parse_signature_packet,
 )
 from securesystemslib.gpg.constants import (
+ GPG_TIMEOUT,
  PACKET_TYPE_PRIMARY_KEY,
  PACKET_TYPE_SUB_KEY,
  PACKET_TYPE_USER_ATTR,
@@ -234,14 +235,18 @@ def setUpClass(self): # pylint: disable=bad-classmethod-argument
  # erroneous gpg data in tests below.
  keyid = "F557D0FF451DEF45372591429EA70BD13D883381"
  cmd = gpg_export_pubkey_command(keyid=keyid, homearg=homearg)
- proc = process.run(cmd, stdout=process.PIPE, stderr=process.PIPE)
+ proc = process.run(
+ cmd, stdout=process.PIPE, stderr=process.PIPE, timeout=GPG_TIMEOUT
+ )
  self.raw_key_data = proc.stdout
  self.raw_key_bundle = parse_pubkey_bundle(self.raw_key_data)
 
  # Export pubkey bundle with expired key for key expiration tests
  keyid = "E8AC80C924116DABB51D4B987CB07D6D2C199C7C"
  cmd = gpg_export_pubkey_command(keyid=keyid, homearg=homearg)
- proc = process.run(cmd, stdout=process.PIPE, stderr=process.PIPE)
+ proc = process.run(
+ cmd, stdout=process.PIPE, stderr=process.PIPE, timeout=GPG_TIMEOUT
+ )
  self.raw_expired_key_bundle = parse_pubkey_bundle(proc.stdout)
 
  def test_parse_pubkey_payload_errors(self):