Bug#854376: [pkg-gnupg-maint] Bug#854376: gnupg-agent: Broken with systemd

2017-02-06 Thread Daniel Kahn Gillmor 
Hi Mark--

On Mon 2017-02-06 08:35:47 -0500, Mark Brown  wrote:
> I've got:
>
>   SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent
>
> (this is manually forced since gnome-keyring appears to be managing to
> force itself as the SSH agent, I've filed a separate bug about that).

This isn't gpg-agent's ssh authentication socket.  You're trying to talk
to the normal gpg-agent socket, which likes to respond with "OK Pleased
to meet you" -- definitely not valid ssh-agent communication :)

Please try it with:

 SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)

instead.  Or, place "enable-ssh-support" in ~/.gnupg/gpg-agent.conf and
let /etc/X11/Xsession.d/90gpg-agent set that variable for you.

> When I try to list keys I get:
>
>$ ssh-add -L
>error fetching identities for protocol 2: invalid format
>The agent has no identities.
>
> Similarly attempting to SSH result in:
>
>debug1: pubkey_prepare: ssh_fetch_identitylist: invalid format
>
> in the SSH verbose output.  If I manually disable all the systemd based
> activation and start gpg-agent from the command line with --daemon then
> the problem is resolved and I can happily authenticate.

using the same $SSH_AUTH_SOCK?  I'd be very surprised at this!!

> Severity important since this is preventing me logging into remote
> systems (including in my case kernel.org which is preventing me doing
> upstream kernel work right now).

Please let me know if using the ssh socket works for you.

Thanks,

--dkg


signature.asc
Description: PGP signature

Bug#854376: gnupg-agent: Broken with systemd

2017-02-06 Thread Mark Brown 
Package: gnupg-agent
Version: 2.1.18-4
Severity: important

I've got:

  SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent

(this is manually forced since gnome-keyring appears to be managing to
force itself as the SSH agent, I've filed a separate bug about that).
When I try to list keys I get:

   $ ssh-add -L
   error fetching identities for protocol 2: invalid format
   The agent has no identities.

Similarly attempting to SSH result in:

   debug1: pubkey_prepare: ssh_fetch_identitylist: invalid format

in the SSH verbose output.  If I manually disable all the systemd based
activation and start gpg-agent from the command line with --daemon then
the problem is resolved and I can happily authenticate.

Severity important since this is preventing me logging into remote
systems (including in my case kernel.org which is preventing me doing
upstream kernel work right now).

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnupg-agent depends on:
ii  libassuan0  2.4.3-2
ii  libc6   2.24-9
ii  libgcrypt20 1.7.6-1
ii  libgpg-error0   1.26-2
ii  libnpth01.3-1
ii  libreadline77.0-2
ii  pinentry-gnome3 [pinentry]  1.0.0-1
ii  pinentry-gtk2 [pinentry]1.0.0-1

Versions of packages gnupg-agent recommends:
ii  gnupg  2.1.18-4

Versions of packages gnupg-agent suggests:
ii  dbus-user-session  1.10.14-1
ii  libpam-systemd 232-15
ii  pinentry-gnome31.0.0-1
ii  scdaemon   2.1.18-4

-- no debconf information