[Bug 589994] New: gpg incurs problem at encryption, returns error code 2, breaks scripts
http://bugzilla.novell.com/show_bug.cgi?id=589994 http://bugzilla.novell.com/show_bug.cgi?id=589994#c0 Summary: gpg incurs problem at encryption, returns error code 2, breaks scripts Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: Other OS/Version: openSUSE 11.2 Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: alext@novell.com QAContact: qa@suse.de Found By: --- Blocker: --- Just noticed on my updated 11.2 system. Probably introduced with a recent update to either gpg or gpg-agent. When symmetrically encrypting a file, gpg outputs the string "gpg: problem with the agent: Not implemented" and returns error code 2 after completion. The file does get successfully encrypted; however, since gpg returns error code 2, any scripts that use gpg will assume that the gpg failed (since the return code was not zero) and fail themselves. Transcript follows: [zuul:~]$ echo "hello there" > tstfile [zuul:~]$ cat tstfile | gpg --sign --symmetric > tstfile.gpg You need a passphrase to unlock the secret key for user: "Alex Tsariounov <XXX@XXX.XXX.net>" 1024-bit DSA key, ID EC21BF7F, created 2003-06-30 gpg: 3DES encryption will be used gpg: problem with the agent: Not implemented [zuul:~]$ echo $? 2 [zuul:~]$ cat tstfile.gpg | gpg gpg: 3DES encrypted data gpg: encrypted with 1 passphrase hello there gpg: Signature made Sat 20 Mar 2010 11:24:16 AM MDT using DSA key ID EC21BF7F gpg: Good signature from "Alex Tsariounov <XXX@XXX.XXX.net>" gpg: WARNING: message was not integrity protected [zuul:~]$ -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=589994 http://bugzilla.novell.com/show_bug.cgi?id=589994#c yang xiaoyu <xyyang@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |xyyang@novell.com AssignedTo|bnc-team-screening@forge.pr |puzel@novell.com |ovo.novell.com | -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=589994 http://bugzilla.novell.com/show_bug.cgi?id=589994#c Petr Uzel <puzel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|NEW |ASSIGNED -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=589994 http://bugzilla.novell.com/show_bug.cgi?id=589994#c1 Petr Uzel <puzel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |alext@novell.com --- Comment #1 from Petr Uzel <puzel@novell.com> 2010-03-25 11:39:37 UTC --- I can not reproduce it. Do you have anything nonstandard in ~/.gnupg/gpg-agent.conf ? What pinentry gets executed? (-qt, -qt4, -gtk-2 or -curses) ? Please do the following: unset GPG_AGENT_INFO killall -9 gpg-agent eval $(gpg-agent --daemon --debug-all --log-file=gpg-agent.log) echo "hello there" > tstfile cat tstfile | gpg --sign --symmetric > tstfile.gpg echo $? Then please post content of gpg-agent.log Thanks. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=589994 http://bugzilla.novell.com/show_bug.cgi?id=589994#c2 Alex Tsariounov <alext@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|alext@novell.com | --- Comment #2 from Alex Tsariounov <alext@novell.com> 2010-03-25 17:51:53 UTC --- Created an attachment (id=350630) --> (http://bugzilla.novell.com/attachment.cgi?id=350630) Log file of gpg-agent while encrypting Hmm, maybe something is wrong with my setup. I do not have a gpg-agend.conf in ~/.gnupg; however, I followed your instructions, and in doing so do not get the error return code: [zuul:~]$ unset GPG_AGENT_INFO [zuul:~]$ killall -9 gpg-agent gpg-agent: no process found [zuul:~]$ ps -ef |grep agent alext 4439 1 0 08:55 ? 00:00:00 /usr/bin/seahorse-agent --variables alext 4541 4352 0 08:55 ? 00:00:00 /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1 alext 7197 5121 0 09:33 pts/1 00:00:00 grep agent [zuul:~]$ killall -9 seahorse-agent [zuul:~]$ ps -ef |grep agent alext 4541 4352 0 08:55 ? 00:00:00 /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1 alext 7212 5121 0 09:33 pts/1 00:00:00 grep agent [zuul:~]$ eval $(gpg-agent --daemon --debug-all --log-file=gpg-agent.log) gpg-agent[7226]: NOTE: no default option file `/home/alext/.gnupg/gpg-agent.conf' gpg-agent[7226]: enabled debug flags: command mpi crypto memory cache memstat hashing assuan [zuul:~]$ echo "hello there" > tstfile [zuul:~]$ cat tstfile | gpg --sign --symmetric > tstfile.gpg You need a passphrase to unlock the secret key for user: "Alex Tsariounov <XXX@XXX.net>" 1024-bit DSA key, ID EC21BF7F, created 2003-06-30 gpg: 3DES encryption will be used [zuul:~]$ echo $? 0 The log file is attached. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=589994 http://bugzilla.novell.com/show_bug.cgi?id=589994#c3 Petr Uzel <puzel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |alext@novell.com --- Comment #3 from Petr Uzel <puzel@novell.com> 2010-03-26 10:01:37 UTC --- (In reply to comment #2)
Hmm, maybe something is wrong with my setup. I do not have a gpg-agend.conf in ~/.gnupg; This shouldn't matter.
however, I followed your instructions, and in doing so do not get the error return code: I have no idea why it works now. Is the original issue reproducible? Are you running gpg in X or on tty? What if you create some testing user account and try the same procedure as different user?
Please provide output of 'rpm -qa | grep gpg | grep -v pubkey'. Also please answer the question about pinentry from comment #2. Thanks. You can also try setting up gpg-agent as described e.g. in gpg-agent(1), 'EXAMPLES' section. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=589994 http://bugzilla.novell.com/show_bug.cgi?id=589994#c4 Alex Tsariounov <alext@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|alext@novell.com | --- Comment #4 from Alex Tsariounov <alext@novell.com> 2010-03-26 17:13:09 UTC --- (In reply to comment #3)
I have no idea why it works now. Is the original issue reproducible? Are you running gpg in X or on tty? What if you create some testing user account and try the same procedure as different user?
It is reproducible. I think this may be interference from seahorse-agent. By default, I don't run gpg-agent. After I log in and try to encrypt something, I do not get the pinentry double dialogs for the passphrase, instead I get a dialog with the title "Passphrase" which has two entries for the phrase. (Pinentry comes up twice for the two phrases and has a title of "pinentry-gtk2".) So, right after login, with this dual phrase entry dialog, I get the error. The error happens before the phrase entry dialog comes up. And the resulting error code from gpg is always 2. Now, if I run [eval $(gpg-agent --daemon)], I get the pinetry dialog and zero return code. Additionally, if I then kill the gpg-agent, I still get the pinentry dialog and the zero return code from gpg (it just says it can't connect to the gpg-agent). Perhaps running gpg-agent somehow makes gpg stop trying to connect to seahorse-agent, and it doesn't try to connect even after gpg-agent is killed? Also, if I create a different account, the behavior is exactly the same.
Please provide output of 'rpm -qa | grep gpg | grep -v pubkey'. Also please answer the question about pinentry from comment #2. Thanks.
[zuul:Desktop]$ rpm -qa | grep gpg | grep -v pubkey gpg2-2.0.14-3.1.x86_64 libgpg-error0-1.7-3.2.x86_64 gpgme-1.2.0-2.5.x86_64 kgpg-4.3.5-0.1.1.x86_64 gpg2-lang-2.0.14-3.1.noarch libgpgme11-1.2.0-2.5.x86_64 libgpg-error-devel-1.7-3.2.x86_64 libgpg-error0-32bit-1.7-3.2.x86_64 [zuul:Desktop]$ which pinentry /usr/bin/pinentry [zuul:Desktop]$ rpm -q pinentry pinentry-0.7.6-5.5.x86_64 [zuul:Desktop]$ rpm -qf `which seahorse-agent` seahorse-plugins-2.28.1-0.1.1.x86_64
You can also try setting up gpg-agent as described e.g. in gpg-agent(1), 'EXAMPLES' section.
Actually, I'd rather not run the gpg-agent since it caches my phrases, and I'd rather type them in every time. Thanks. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=589994 http://bugzilla.novell.com/show_bug.cgi?id=589994#c5 --- Comment #5 from Petr Uzel <puzel@novell.com> 2010-04-01 15:48:54 UTC --- (In reply to comment #4)
It is reproducible. I think this may be interference from seahorse-agent. It is. Seahorse-agent does not fully implement the gpg-agent interface.
Perhaps running gpg-agent somehow makes gpg stop trying to connect to seahorse-agent, and it doesn't try to connect even after gpg-agent is killed? Yes, that's how gpg-agent works. See echo $GPG_AGENT_INFO - this is set both by gpg-agent and seahorse-agent.
gpg2-2.0.14-3.1.x86_64 This is not gpg2 version included in 'official 11.2' repositories. Please try to install gpg2-2.0.12 - with this version, I was no longer able to reproduce the issue.
I'll have a look into what has changed between gpg-2.0.{12,14} and if it is gpg2 bug or if seahorse-agent should be adjusted instead. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=589994 http://bugzilla.novell.com/show_bug.cgi?id=589994#c6 --- Comment #6 from Alex Tsariounov <alext@novell.com> 2010-04-01 16:00:33 UTC --- (In reply to comment #5)
(In reply to comment #4)
It is reproducible. I think this may be interference from seahorse-agent. It is. Seahorse-agent does not fully implement the gpg-agent interface.
Perhaps running gpg-agent somehow makes gpg stop trying to connect to seahorse-agent, and it doesn't try to connect even after gpg-agent is killed? Yes, that's how gpg-agent works. See echo $GPG_AGENT_INFO - this is set both by gpg-agent and seahorse-agent.
Makes sense.
gpg2-2.0.14-3.1.x86_64 This is not gpg2 version included in 'official 11.2' repositories. Please try to install gpg2-2.0.12 - with this version, I was no longer able to reproduce the issue.
Strange, I've not installed gpg2 specifically, just got it via the 11.2 repos and updates. Perhaps one of the other repos slid this in somehow. Aha, looks like it came from openSUSE:Tools: [zuul:Desktop]$ s zypper info gpg2 Loading repository data... Reading installed packages... Information for package gpg2: Repository: @System Name: gpg2 Version: 2.0.14-3.1 Arch: x86_64 Vendor: obs://build.opensuse.org/openSUSE:Tools I get the latest osc from Tools. Is there a way to set that specific packages only get installed from specific repos? Thanks. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=589994 http://bugzilla.novell.com/show_bug.cgi?id=589994#c7 Petr Uzel <puzel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |jkupec@novell.com --- Comment #7 from Petr Uzel <puzel@novell.com> 2010-04-01 16:11:16 UTC --- (In reply to comment #6)
I get the latest osc from Tools. Is there a way to set that specific packages only get installed from specific repos?
Jano, is that (^^^) possible? Thansk. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=589994 http://bugzilla.novell.com/show_bug.cgi?id=589994#c8 Ján Kupec <jkupec@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|jkupec@novell.com | --- Comment #8 from Ján Kupec <jkupec@novell.com> 2010-04-01 16:44:04 UTC --- Yes, use: $ zypper in --from <repo> packagename Make sure you have zypper>=1.2.8. Another possibility is to specify the exact version you want: $ zypper in packagename-version -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=589994 http://bugzilla.novell.com/show_bug.cgi?id=589994#c9 --- Comment #9 from Alex Tsariounov <alext@novell.com> 2010-04-01 16:50:14 UTC --- Ok, thanks, I'll do that. BTW, the way that the Tools gpg2 got installed is I did a dist-upgrade after adding Tools. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=589994 http://bugzilla.novell.com/show_bug.cgi?id=589994#c10 --- Comment #10 from Alex Tsariounov <alext@novell.com> 2010-04-01 16:54:21 UTC --- I reinstalled gpg2 from the openSUSE:11.2 repo and no longer see the problem described in this report. Thanks. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=589994 http://bugzilla.novell.com/show_bug.cgi?id=589994#c11 Petr Uzel <puzel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |FIXED --- Comment #11 from Petr Uzel <puzel@novell.com> 2010-04-07 14:26:55 UTC --- I've modified gpg2 in Factory so that it prints the 'Not implemented' warning, but returns 0. This is fine, because gpg does the same with older gpg-agent that also does not support the s2k_count command. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=589994 http://bugzilla.novell.com/show_bug.cgi?id=589994#c12 --- Comment #12 from Bernhard Wiedemann <bwiedemann@suse.com> --- This is an autogenerated message for OBS integration: This bug (589994) was mentioned in https://build.opensuse.org/request/show/37232 Factory / gpg2 -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com