[Bug 589994] New: gpg incurs problem at encryption, returns error code 2, breaks scripts
http://bugzilla.novell.com/show_bug.cgi?id=589994
http://bugzilla.novell.com/show_bug.cgi?id=589994#c0
Summary: gpg incurs problem at encryption, returns error code
2, breaks scripts
Classification: openSUSE
Product: openSUSE 11.2
Version: Final
Platform: Other
OS/Version: openSUSE 11.2
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Other
AssignedTo: bnc-team-screening@forge.provo.novell.com
ReportedBy: alext@novell.com
QAContact: qa@suse.de
Found By: ---
Blocker: ---
Just noticed on my updated 11.2 system. Probably introduced with a recent
update to either gpg or gpg-agent. When symmetrically encrypting a file, gpg
outputs the string "gpg: problem with the agent: Not implemented" and returns
error code 2 after completion.
The file does get successfully encrypted; however, since gpg returns error code
2, any scripts that use gpg will assume that the gpg failed (since the return
code was not zero) and fail themselves.
Transcript follows:
[zuul:~]$ echo "hello there" > tstfile
[zuul:~]$ cat tstfile | gpg --sign --symmetric > tstfile.gpg
You need a passphrase to unlock the secret key for
user: "Alex Tsariounov
http://bugzilla.novell.com/show_bug.cgi?id=589994
http://bugzilla.novell.com/show_bug.cgi?id=589994#c
yang xiaoyu
http://bugzilla.novell.com/show_bug.cgi?id=589994
http://bugzilla.novell.com/show_bug.cgi?id=589994#c
Petr Uzel
http://bugzilla.novell.com/show_bug.cgi?id=589994
http://bugzilla.novell.com/show_bug.cgi?id=589994#c1
Petr Uzel
http://bugzilla.novell.com/show_bug.cgi?id=589994
http://bugzilla.novell.com/show_bug.cgi?id=589994#c2
Alex Tsariounov
http://bugzilla.novell.com/show_bug.cgi?id=589994
http://bugzilla.novell.com/show_bug.cgi?id=589994#c3
Petr Uzel
Hmm, maybe something is wrong with my setup. I do not have a gpg-agend.conf in ~/.gnupg; This shouldn't matter.
however, I followed your instructions, and in doing so do not get the error return code: I have no idea why it works now. Is the original issue reproducible? Are you running gpg in X or on tty? What if you create some testing user account and try the same procedure as different user?
Please provide output of 'rpm -qa | grep gpg | grep -v pubkey'. Also please answer the question about pinentry from comment #2. Thanks. You can also try setting up gpg-agent as described e.g. in gpg-agent(1), 'EXAMPLES' section. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=589994
http://bugzilla.novell.com/show_bug.cgi?id=589994#c4
Alex Tsariounov
I have no idea why it works now. Is the original issue reproducible? Are you running gpg in X or on tty? What if you create some testing user account and try the same procedure as different user?
It is reproducible. I think this may be interference from seahorse-agent. By default, I don't run gpg-agent. After I log in and try to encrypt something, I do not get the pinentry double dialogs for the passphrase, instead I get a dialog with the title "Passphrase" which has two entries for the phrase. (Pinentry comes up twice for the two phrases and has a title of "pinentry-gtk2".) So, right after login, with this dual phrase entry dialog, I get the error. The error happens before the phrase entry dialog comes up. And the resulting error code from gpg is always 2. Now, if I run [eval $(gpg-agent --daemon)], I get the pinetry dialog and zero return code. Additionally, if I then kill the gpg-agent, I still get the pinentry dialog and the zero return code from gpg (it just says it can't connect to the gpg-agent). Perhaps running gpg-agent somehow makes gpg stop trying to connect to seahorse-agent, and it doesn't try to connect even after gpg-agent is killed? Also, if I create a different account, the behavior is exactly the same.
Please provide output of 'rpm -qa | grep gpg | grep -v pubkey'. Also please answer the question about pinentry from comment #2. Thanks.
[zuul:Desktop]$ rpm -qa | grep gpg | grep -v pubkey gpg2-2.0.14-3.1.x86_64 libgpg-error0-1.7-3.2.x86_64 gpgme-1.2.0-2.5.x86_64 kgpg-4.3.5-0.1.1.x86_64 gpg2-lang-2.0.14-3.1.noarch libgpgme11-1.2.0-2.5.x86_64 libgpg-error-devel-1.7-3.2.x86_64 libgpg-error0-32bit-1.7-3.2.x86_64 [zuul:Desktop]$ which pinentry /usr/bin/pinentry [zuul:Desktop]$ rpm -q pinentry pinentry-0.7.6-5.5.x86_64 [zuul:Desktop]$ rpm -qf `which seahorse-agent` seahorse-plugins-2.28.1-0.1.1.x86_64
You can also try setting up gpg-agent as described e.g. in gpg-agent(1), 'EXAMPLES' section.
Actually, I'd rather not run the gpg-agent since it caches my phrases, and I'd rather type them in every time. Thanks. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=589994
http://bugzilla.novell.com/show_bug.cgi?id=589994#c5
--- Comment #5 from Petr Uzel
It is reproducible. I think this may be interference from seahorse-agent. It is. Seahorse-agent does not fully implement the gpg-agent interface.
Perhaps running gpg-agent somehow makes gpg stop trying to connect to seahorse-agent, and it doesn't try to connect even after gpg-agent is killed? Yes, that's how gpg-agent works. See echo $GPG_AGENT_INFO - this is set both by gpg-agent and seahorse-agent.
gpg2-2.0.14-3.1.x86_64 This is not gpg2 version included in 'official 11.2' repositories. Please try to install gpg2-2.0.12 - with this version, I was no longer able to reproduce the issue.
I'll have a look into what has changed between gpg-2.0.{12,14} and if it is gpg2 bug or if seahorse-agent should be adjusted instead. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=589994
http://bugzilla.novell.com/show_bug.cgi?id=589994#c6
--- Comment #6 from Alex Tsariounov
(In reply to comment #4)
It is reproducible. I think this may be interference from seahorse-agent. It is. Seahorse-agent does not fully implement the gpg-agent interface.
Perhaps running gpg-agent somehow makes gpg stop trying to connect to seahorse-agent, and it doesn't try to connect even after gpg-agent is killed? Yes, that's how gpg-agent works. See echo $GPG_AGENT_INFO - this is set both by gpg-agent and seahorse-agent.
Makes sense.
gpg2-2.0.14-3.1.x86_64 This is not gpg2 version included in 'official 11.2' repositories. Please try to install gpg2-2.0.12 - with this version, I was no longer able to reproduce the issue.
Strange, I've not installed gpg2 specifically, just got it via the 11.2 repos and updates. Perhaps one of the other repos slid this in somehow. Aha, looks like it came from openSUSE:Tools: [zuul:Desktop]$ s zypper info gpg2 Loading repository data... Reading installed packages... Information for package gpg2: Repository: @System Name: gpg2 Version: 2.0.14-3.1 Arch: x86_64 Vendor: obs://build.opensuse.org/openSUSE:Tools I get the latest osc from Tools. Is there a way to set that specific packages only get installed from specific repos? Thanks. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=589994
http://bugzilla.novell.com/show_bug.cgi?id=589994#c7
Petr Uzel
I get the latest osc from Tools. Is there a way to set that specific packages only get installed from specific repos?
Jano, is that (^^^) possible? Thansk. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=589994
http://bugzilla.novell.com/show_bug.cgi?id=589994#c8
Ján Kupec
http://bugzilla.novell.com/show_bug.cgi?id=589994
http://bugzilla.novell.com/show_bug.cgi?id=589994#c9
--- Comment #9 from Alex Tsariounov
http://bugzilla.novell.com/show_bug.cgi?id=589994
http://bugzilla.novell.com/show_bug.cgi?id=589994#c10
--- Comment #10 from Alex Tsariounov
http://bugzilla.novell.com/show_bug.cgi?id=589994
http://bugzilla.novell.com/show_bug.cgi?id=589994#c11
Petr Uzel
http://bugzilla.novell.com/show_bug.cgi?id=589994
http://bugzilla.novell.com/show_bug.cgi?id=589994#c12
--- Comment #12 from Bernhard Wiedemann
participants (1)
-
bugzilla_noreply@novell.com