[Bug 647655] New: pinentry not falling back to curses although no DISPLAY set
https://bugzilla.novell.com/show_bug.cgi?id=647655 https://bugzilla.novell.com/show_bug.cgi?id=647655#c0 Summary: pinentry not falling back to curses although no DISPLAY set Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: All OS/Version: openSUSE 11.3 Status: NEW Severity: Normal Priority: P5 - None Component: X11 Applications AssignedTo: puzel@novell.com ReportedBy: wolfgang@rosenauer.org QAContact: qa@suse.de Found By: Community User Blocker: --- I usually login remotely to my workstation at home when on the road via SSH (-X). If I need to use GnuPG on the console I'm supposed to get a pinentry dialog. This dialog never comes up in its gtk or qt version for some reason I never analyzed (while other X apps do (slowly)). Because of that I always used "unset DISPLAY" before using gpg which worked up to openSUSE 11.2. Now since 11.3 I don't get the curses dialog but apparently it tries to use the gtk (or qt) version always. Easy to reproduce locally: - unset DISPLAY - use gpg -> you still get the gtk or qt dialog wolfi@Hygiea:~> rpm -qa | grep pinentry pinentry-gtk2-0.8.0-3.2.x86_64 pinentry-qt4-0.8.0-3.2.x86_64 pinentry-0.8.0-3.2.x86_64 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=647655
https://bugzilla.novell.com/show_bug.cgi?id=647655#c1
--- Comment #1 from Wolfgang Rosenauer
https://bugzilla.novell.com/show_bug.cgi?id=647655
https://bugzilla.novell.com/show_bug.cgi?id=647655#c2
Petr Uzel
https://bugzilla.novell.com/show_bug.cgi?id=647655
https://bugzilla.novell.com/show_bug.cgi?id=647655#c
Petr Uzel
https://bugzilla.novell.com/show_bug.cgi?id=647655
https://bugzilla.novell.com/show_bug.cgi?id=647655#c3
Wolfgang Rosenauer
Do you use gpg-agent? Does it make any difference if you enable/disable it?
Hmm, I use gpg which is gpg2 which is pretty much bound to gpg-agent AFAIK. I can see no gpg-agent running though on server or client. And I'm not sure how to enable gpg-agent on 11.3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=647655
https://bugzilla.novell.com/show_bug.cgi?id=647655#c
Petr Uzel
https://bugzilla.novell.com/show_bug.cgi?id=647655
https://bugzilla.novell.com/show_bug.cgi?id=647655#c4
Petr Uzel
Hmm, I use gpg which is gpg2 which is pretty much bound to gpg-agent AFAIK.
Yes, you are right. If there is no gpg-agent running, gpg2 starts it temporarily in order to get passphrase. So the question was if gpg-agent was running before. Sorry for not being clear.
I can see no gpg-agent running though on server or client.
This answers the question :)
And I'm not sure how to enable gpg-agent on 11.3.
If you use X, it should be started automatically if you have ~/.gnupg - see /etc/X11/xdm/sys.xsession. (however, AFAIU this gpg-agent is not usable for clients connected via ssh). If you don't use X on the machine, take a look here: http://www.gnupg.org/documentation/manuals/gnupg/Invoking-GPG_002dAGENT.html But let's not mess with gpg-agent for now and try the following instead. Could you please: 1/ ssh -X your_machine 2/ verify that DISPLAY is set 3/ killall gpg-agent, unset GPG_AGENT_INFO and GPG_TTY (if set) 4/ make sure gpg-agent is not running (pgrep gpg-agent) 5/ pinentry --version (which pinentry is chosen by /usr/bin/pinentry ?) 6/ issue "pinentry --lc-ctype=UTF-8" 7/ type "GETPIN<enter>" -> does it display any GUI pinenetry? 8/ logout 9/ ssh -x your_machine 10/ verify DISPLAY is not set 11/ repeat 4-8 (7 should display curses pinentry) TIA, Petr. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=647655
https://bugzilla.novell.com/show_bug.cgi?id=647655#c5
Wolfgang Rosenauer
But let's not mess with gpg-agent for now and try the following instead. Could you please:
1/ ssh -X your_machine 2/ verify that DISPLAY is set 3/ killall gpg-agent, unset GPG_AGENT_INFO and GPG_TTY (if set) 4/ make sure gpg-agent is not running (pgrep gpg-agent) 5/ pinentry --version (which pinentry is chosen by /usr/bin/pinentry ?)
wolfi@Hygiea:~> pinentry --version Gtk-Message: Failed to load module "canberra-gtk-module": libcanberra-gtk-module.so: Kann die Shared-Object-Datei nicht öffnen: Datei oder Verzeichnis nicht gefunden Gtk-Message: Failed to load module "gnomebreakpad": libgnomebreakpad.so: Kann die Shared-Object-Datei nicht öffnen: Datei oder Verzeichnis nicht gefunden pinentry-gtk2 0.8.0
6/ issue "pinentry --lc-ctype=UTF-8" 7/ type "GETPIN<enter>" -> does it display any GUI pinenetry?
Yes, the Gtk one as expected.
9/ ssh -x your_machine 10/ verify DISPLAY is not set 11/ repeat 4-8 (7 should display curses pinentry)
wolfi@Hygiea:~> echo $DISPLAY wolfi@Hygiea:~> pinentry --version pinentry-gtk2 0.8.0 Issueing GETPIN brings up a console passphrase prompt. So this combination works and it seems to be only an issue when it's used with GPG. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=647655
https://bugzilla.novell.com/show_bug.cgi?id=647655#c6
Petr Uzel
https://bugzilla.novell.com/show_bug.cgi?id=647655
https://bugzilla.novell.com/show_bug.cgi?id=647655#c7
--- Comment #7 from Wolfgang Rosenauer
https://bugzilla.novell.com/show_bug.cgi?id=647655
https://bugzilla.novell.com/show_bug.cgi?id=647655#c8
Wolfgang Rosenauer
https://bugzilla.novell.com/show_bug.cgi?id=647655
https://bugzilla.novell.com/show_bug.cgi?id=647655#c9
Petr Uzel
But actual testcase is opening a gpg encrypted file with vim using some vim magic to decrypt it while opening it. Similar how it's described here: http://vim.wikia.com/wiki/Edit_gpg_encrypted_files
Please try to: ssh machine.example.com export GPG_TTY=$(tty) <==== !!! vim file.gpg Does it work if you set the GPG_TTY ? (man 1 gpg-agent) I tried with both ssh -x and ssh -X and it works in both cases (in the first case pinentry-curses shows up, in the latter case pinentry-gtk2).
Not sure why and how that is a difference compared to commandline usage.
Because gpg is invoked without terminal attached -> pinentry-curses does not know where to display itself.
So this gets a rather special issue in the end. Sorry for that.
No problem. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=647655
https://bugzilla.novell.com/show_bug.cgi?id=647655#c10
Wolfgang Rosenauer
Please try to:
ssh machine.example.com export GPG_TTY=$(tty) <==== !!! vim file.gpg
Does it work if you set the GPG_TTY ? (man 1 gpg-agent)
Yes, it works!
I tried with both ssh -x and ssh -X and it works in both cases (in the first case pinentry-curses shows up, in the latter case pinentry-gtk2).
That is expected. The initial report was that it doesn't work when connected with X forwarding but unset DISPLAY. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=647655
https://bugzilla.novell.com/show_bug.cgi?id=647655#c11
Petr Uzel
Does it work if you set the GPG_TTY ? (man 1 gpg-agent)
Yes, it works!
Thanks. So after all it is a duplicate of bug #619295 *** This bug has been marked as a duplicate of bug 619295 *** http://bugzilla.novell.com/show_bug.cgi?id=619295 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com