From 434763e19ced152d79a355859505bbc83105f140 Mon Sep 17 00:00:00 2001
From: Evangelos Foutras <evangelos@foutrelis.com>
Date: Thu, 25 Aug 2022 05:50:30 +0300
Subject: [PATCH] misc/vault-keyring-client.sh: explain flock usage

Fixes: 511b6ca4e127 ("misc/vault-keyring-client.sh: add flock workaround")
---
 misc/vault-keyring-client.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/misc/vault-keyring-client.sh b/misc/vault-keyring-client.sh
index 4f24f9023..3f2fe0f82 100755
--- a/misc/vault-keyring-client.sh
+++ b/misc/vault-keyring-client.sh
@@ -2,7 +2,7 @@
 
 readonly vault_password_file_encrypted="$(dirname $0)/vault-$2-password.gpg"
 
-# often getting "gpg: decryption failed: No secret key" in tf-stage2
-# seems to work with flock (issue last reproduced with gnupg 2.2.35)
+# flock used to work around "gpg: decryption failed: No secret key" in tf-stage2
+# would otherwise need 'auto-expand-secmem' (https://dev.gnupg.org/T3530#106174)
 flock "$vault_password_file_encrypted" \
   gpg --batch --decrypt --quiet "$vault_password_file_encrypted"
-- 
GitLab