[Bug 647655] New: pinentry not falling back to curses although no DISPLAY set
https://bugzilla.novell.com/show_bug.cgi?id=647655 https://bugzilla.novell.com/show_bug.cgi?id=647655#c0 Summary: pinentry not falling back to curses although no DISPLAY set Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: All OS/Version: openSUSE 11.3 Status: NEW Severity: Normal Priority: P5 - None Component: X11 Applications AssignedTo: puzel@novell.com ReportedBy: wolfgang@rosenauer.org QAContact: qa@suse.de Found By: Community User Blocker: --- I usually login remotely to my workstation at home when on the road via SSH (-X). If I need to use GnuPG on the console I'm supposed to get a pinentry dialog. This dialog never comes up in its gtk or qt version for some reason I never analyzed (while other X apps do (slowly)). Because of that I always used "unset DISPLAY" before using gpg which worked up to openSUSE 11.2. Now since 11.3 I don't get the curses dialog but apparently it tries to use the gtk (or qt) version always. Easy to reproduce locally: - unset DISPLAY - use gpg -> you still get the gtk or qt dialog wolfi@Hygiea:~> rpm -qa | grep pinentry pinentry-gtk2-0.8.0-3.2.x86_64 pinentry-qt4-0.8.0-3.2.x86_64 pinentry-0.8.0-3.2.x86_64 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=647655 https://bugzilla.novell.com/show_bug.cgi?id=647655#c1 --- Comment #1 from Wolfgang Rosenauer <wolfgang@rosenauer.org> 2010-10-21 09:04:29 UTC --- It's even worse. SSH access w/o X forwarding (ssh -x) and still no curses interface from pinentry :-( -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=647655 https://bugzilla.novell.com/show_bug.cgi?id=647655#c2 Petr Uzel <puzel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |wolfgang@rosenauer.org Status Whiteboard| |pinentry --- Comment #2 from Petr Uzel <puzel@novell.com> 2010-10-27 08:16:56 UTC --- Do you use gpg-agent? Does it make any difference if you enable/disable it? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=647655 https://bugzilla.novell.com/show_bug.cgi?id=647655#c Petr Uzel <puzel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=647655 https://bugzilla.novell.com/show_bug.cgi?id=647655#c3 Wolfgang Rosenauer <wolfgang@rosenauer.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|wolfgang@rosenauer.org | --- Comment #3 from Wolfgang Rosenauer <wolfgang@rosenauer.org> 2010-10-27 08:25:49 UTC --- (In reply to comment #2)
Do you use gpg-agent? Does it make any difference if you enable/disable it?
Hmm, I use gpg which is gpg2 which is pretty much bound to gpg-agent AFAIK. I can see no gpg-agent running though on server or client. And I'm not sure how to enable gpg-agent on 11.3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=647655 https://bugzilla.novell.com/show_bug.cgi?id=647655#c Petr Uzel <puzel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=647655 https://bugzilla.novell.com/show_bug.cgi?id=647655#c4 Petr Uzel <puzel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |wolfgang@rosenauer.org --- Comment #4 from Petr Uzel <puzel@novell.com> 2010-11-15 17:56:40 UTC --- (In reply to comment #3)
Hmm, I use gpg which is gpg2 which is pretty much bound to gpg-agent AFAIK.
Yes, you are right. If there is no gpg-agent running, gpg2 starts it temporarily in order to get passphrase. So the question was if gpg-agent was running before. Sorry for not being clear.
I can see no gpg-agent running though on server or client.
This answers the question :)
And I'm not sure how to enable gpg-agent on 11.3.
If you use X, it should be started automatically if you have ~/.gnupg - see /etc/X11/xdm/sys.xsession. (however, AFAIU this gpg-agent is not usable for clients connected via ssh). If you don't use X on the machine, take a look here: http://www.gnupg.org/documentation/manuals/gnupg/Invoking-GPG_002dAGENT.html But let's not mess with gpg-agent for now and try the following instead. Could you please: 1/ ssh -X your_machine 2/ verify that DISPLAY is set 3/ killall gpg-agent, unset GPG_AGENT_INFO and GPG_TTY (if set) 4/ make sure gpg-agent is not running (pgrep gpg-agent) 5/ pinentry --version (which pinentry is chosen by /usr/bin/pinentry ?) 6/ issue "pinentry --lc-ctype=UTF-8" 7/ type "GETPIN<enter>" -> does it display any GUI pinenetry? 8/ logout 9/ ssh -x your_machine 10/ verify DISPLAY is not set 11/ repeat 4-8 (7 should display curses pinentry) TIA, Petr. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=647655 https://bugzilla.novell.com/show_bug.cgi?id=647655#c5 Wolfgang Rosenauer <wolfgang@rosenauer.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|wolfgang@rosenauer.org | --- Comment #5 from Wolfgang Rosenauer <wolfgang@rosenauer.org> 2010-11-15 20:45:04 UTC --- (In reply to comment #4)
But let's not mess with gpg-agent for now and try the following instead. Could you please:
1/ ssh -X your_machine 2/ verify that DISPLAY is set 3/ killall gpg-agent, unset GPG_AGENT_INFO and GPG_TTY (if set) 4/ make sure gpg-agent is not running (pgrep gpg-agent) 5/ pinentry --version (which pinentry is chosen by /usr/bin/pinentry ?)
wolfi@Hygiea:~> pinentry --version Gtk-Message: Failed to load module "canberra-gtk-module": libcanberra-gtk-module.so: Kann die Shared-Object-Datei nicht öffnen: Datei oder Verzeichnis nicht gefunden Gtk-Message: Failed to load module "gnomebreakpad": libgnomebreakpad.so: Kann die Shared-Object-Datei nicht öffnen: Datei oder Verzeichnis nicht gefunden pinentry-gtk2 0.8.0
6/ issue "pinentry --lc-ctype=UTF-8" 7/ type "GETPIN<enter>" -> does it display any GUI pinenetry?
Yes, the Gtk one as expected.
9/ ssh -x your_machine 10/ verify DISPLAY is not set 11/ repeat 4-8 (7 should display curses pinentry)
wolfi@Hygiea:~> echo $DISPLAY wolfi@Hygiea:~> pinentry --version pinentry-gtk2 0.8.0 Issueing GETPIN brings up a console passphrase prompt. So this combination works and it seems to be only an issue when it's used with GPG. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=647655 https://bugzilla.novell.com/show_bug.cgi?id=647655#c6 Petr Uzel <puzel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |wolfgang@rosenauer.org --- Comment #6 from Petr Uzel <puzel@novell.com> 2010-11-25 10:11:45 UTC --- Thanks for the info (apologies for late answer - I'll try to be more responsive from now on). So it seems there is no problem with pinentry itself, but something is wrong with the gpg2->gpg-agent->pinentry chain. Could you please attach your ~/.gnupg/gpg.conf and ~/.gnupg/gpg-agent.conf (from your home workstation; pls check there are no sensitive data) Next, please try: 1/ ssh -x workstation 2/ killall gpg-agent, unset GPG_AGENT_INFO and GPG_TTY (if set) [as it is easier to understand what's going on without previously running gpg-agent] 3/ gpg --verbose --debug-level advanced -s <somefile> - post the output here 4/ the same with ssh -X TIA -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=647655 https://bugzilla.novell.com/show_bug.cgi?id=647655#c7 --- Comment #7 from Wolfgang Rosenauer <wolfgang@rosenauer.org> 2010-11-30 15:20:12 UTC --- wolfi@Hygiea:~/.gnupg> egrep -v "#|^$" gpg.conf default-key 3EDE742E require-cross-certification keyserver hkp://keys.gnupg.net I don't have a gpg-agent.conf file. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=647655 https://bugzilla.novell.com/show_bug.cgi?id=647655#c8 Wolfgang Rosenauer <wolfgang@rosenauer.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|wolfgang@rosenauer.org | --- Comment #8 from Wolfgang Rosenauer <wolfgang@rosenauer.org> 2010-11-30 15:35:14 UTC --- While testing the stuff you wrote I found that it doesn't appear to be an issue when I use gpg on the commandline. I can still reproduce with my testcase and my claim that it worked in the past is still valid though. But actual testcase is opening a gpg encrypted file with vim using some vim magic to decrypt it while opening it. Similar how it's described here: http://vim.wikia.com/wiki/Edit_gpg_encrypted_files Not sure why and how that is a difference compared to commandline usage. So this gets a rather special issue in the end. Sorry for that. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=647655 https://bugzilla.novell.com/show_bug.cgi?id=647655#c9 Petr Uzel <puzel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |wolfgang@rosenauer.org --- Comment #9 from Petr Uzel <puzel@novell.com> 2010-12-01 11:52:55 UTC --- (In reply to comment #8)
But actual testcase is opening a gpg encrypted file with vim using some vim magic to decrypt it while opening it. Similar how it's described here: http://vim.wikia.com/wiki/Edit_gpg_encrypted_files
Please try to: ssh machine.example.com export GPG_TTY=$(tty) <==== !!! vim file.gpg Does it work if you set the GPG_TTY ? (man 1 gpg-agent) I tried with both ssh -x and ssh -X and it works in both cases (in the first case pinentry-curses shows up, in the latter case pinentry-gtk2).
Not sure why and how that is a difference compared to commandline usage.
Because gpg is invoked without terminal attached -> pinentry-curses does not know where to display itself.
So this gets a rather special issue in the end. Sorry for that.
No problem. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=647655 https://bugzilla.novell.com/show_bug.cgi?id=647655#c10 Wolfgang Rosenauer <wolfgang@rosenauer.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|wolfgang@rosenauer.org | --- Comment #10 from Wolfgang Rosenauer <wolfgang@rosenauer.org> 2010-12-01 12:25:59 UTC --- (In reply to comment #9)
Please try to:
ssh machine.example.com export GPG_TTY=$(tty) <==== !!! vim file.gpg
Does it work if you set the GPG_TTY ? (man 1 gpg-agent)
Yes, it works!
I tried with both ssh -x and ssh -X and it works in both cases (in the first case pinentry-curses shows up, in the latter case pinentry-gtk2).
That is expected. The initial report was that it doesn't work when connected with X forwarding but unset DISPLAY. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=647655 https://bugzilla.novell.com/show_bug.cgi?id=647655#c11 Petr Uzel <puzel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |DUPLICATE --- Comment #11 from Petr Uzel <puzel@novell.com> 2010-12-01 13:22:07 UTC --- (In reply to comment #10)
Does it work if you set the GPG_TTY ? (man 1 gpg-agent)
Yes, it works!
Thanks. So after all it is a duplicate of bug #619295 *** This bug has been marked as a duplicate of bug 619295 *** http://bugzilla.novell.com/show_bug.cgi?id=619295 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com