See the FIXME FIXME comment in tests added by containers/image#1776 .

• GPGME_DEBUG=9 shows that a gpgme_op_verify hangs permanently polling on an already closed file descriptor
• That polling never terminates apparently because a _gpgme_io_close of that file descriptor does not call a close handler.
• It’s not clear why that close handler is not called, or not found.
• Curiously, a previous gpgme_op_sign operation supplying a passphrase (which succeeds just fine!) leaves around an entry in GPGME’s notify_table for that file descriptor. That doesn’t quite explain things (it might cause the wrong handler to be called, but there is no log to that effect either).

I wasn’t able to track this down further within a few hours: the GPGME file descriptor tracking / state handling code is very newbie-unfriendly. It might go much better with full debug info…