Re: Issue with pinentry GUI agent
On Fri, 07 Sep 2018 15:19:34 -0400 Daniel Kahn Gillmor wrote: > On Fri 2018-09-07 14:31:16 +0200, Kristian Fiskerstrand wrote: > > On 9/5/18 4:20 PM, Daniel Kahn Gillmor wrote: > >> I'm unable to replicate this. here's a transcript of my session, > >> testing pinentry-qt 1.1.0-1+b1 and gnupg 2.2.10-1 on debian > >> testing/unstable: > > > > which desktop manager / window manager? I can replicate on cleanly > > installed debian testing with Cinnamon selected during install. I've been reproducing that on openbox WM ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Issue with pinentry GUI agent
On 9/7/18 9:19 PM, Daniel Kahn Gillmor wrote: > On Fri 2018-09-07 14:31:16 +0200, Kristian Fiskerstrand wrote: >> On 9/5/18 4:20 PM, Daniel Kahn Gillmor wrote: >>> I'm unable to replicate this. here's a transcript of my session, >>> testing pinentry-qt 1.1.0-1+b1 and gnupg 2.2.10-1 on debian >>> testing/unstable: >> >> which desktop manager / window manager? I can replicate on cleanly >> installed debian testing with Cinnamon selected during install. > > i wasn't testing on a full-blown desktop environment -- my test > environment was openbox, plus a typical dbus-user-session arrangement, > and a systemd --user manager connected to the session. (not that i > think any of that is likely to matter for testing pinentry-qt itself). Well, none of my systems ever touches systemd, so should never say never when it comes to potential conflicts :) But in this case it seems like a broader issue that at least is present in xfce and cinnamon window managers when DISPLAY is not present. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 "We can only see a short distance ahead, but we can see plenty there that needs to be done." (Alan Turing) signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Issue with pinentry GUI agent
On Fri 2018-09-07 14:31:16 +0200, Kristian Fiskerstrand wrote: > On 9/5/18 4:20 PM, Daniel Kahn Gillmor wrote: >> I'm unable to replicate this. here's a transcript of my session, >> testing pinentry-qt 1.1.0-1+b1 and gnupg 2.2.10-1 on debian >> testing/unstable: > > which desktop manager / window manager? I can replicate on cleanly > installed debian testing with Cinnamon selected during install. i wasn't testing on a full-blown desktop environment -- my test environment was openbox, plus a typical dbus-user-session arrangement, and a systemd --user manager connected to the session. (not that i think any of that is likely to matter for testing pinentry-qt itself). --dkg ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Issue with pinentry GUI agent
On 9/7/18 2:31 PM, Kristian Fiskerstrand wrote: > On 9/5/18 4:20 PM, Daniel Kahn Gillmor wrote: >> I'm unable to replicate this. here's a transcript of my session, >> testing pinentry-qt 1.1.0-1+b1 and gnupg 2.2.10-1 on debian >> testing/unstable: > > which desktop manager / window manager? I can replicate on cleanly > installed debian testing with Cinnamon selected during install. > Done some more testing on debian unstable, and it is similar to what we see in Gentoo; 1 Gnome: works 2 xfce: fails 3 KDE: works 4 Cinnamon: fails (the initial bug report prompting my interest was from xfce) -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 "In politics stupidity is not a handicap." (Napoleon Bonaparte) signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Issue with pinentry GUI agent
On 9/5/18 4:20 PM, Daniel Kahn Gillmor wrote: > I'm unable to replicate this. here's a transcript of my session, > testing pinentry-qt 1.1.0-1+b1 and gnupg 2.2.10-1 on debian > testing/unstable: which desktop manager / window manager? I can replicate on cleanly installed debian testing with Cinnamon selected during install. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 "If you cannot convince them, confuse them" (Harry S Truman) signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Issue with pinentry GUI agent
On Wed 2018-09-05 09:39:31 +0200, Kristian Fiskerstrand wrote: > On 9/4/18 6:10 PM, Daniel Kahn Gillmor wrote: >> or do you mean something else? > > without DISPLAY env var, qt version automatically falls back to curses > variant despite the argument > > kristianf@ares ~ $ unset DISPLAY > kristianf@ares ~ $ /usr/bin/pinentry-qt4 --display :0 > > (pinentry-qt4:6370): Gtk-WARNING **: 09:31:41.576: cannot open display: > kristianf@ares ~ $ export DISPLAY=:0 > kristianf@ares ~ $ /usr/bin/pinentry-qt4 --display :0 > OK Pleased to meet you > > throwing in a simple wrapper around pinentry, > #!/bin/bash > env > /tmp/pinentry-log.txt > echo "$@" >> /tmp/pinentry-log.txt > exec /usr/bin/pinentry-qt "$@" > > and diffing the log between keep-display, shows that the difference is > +DISPLAY=:0 > > btw, you say started, but this should also be updated when issuing > UPDATESTARTUPTTY shouldn't it? In any case, it solved the issue for the > user and I replicated it also on pinentry 1.1.0 on gnupg 2.2.10 I'm unable to replicate this. here's a transcript of my session, testing pinentry-qt 1.1.0-1+b1 and gnupg 2.2.10-1 on debian testing/unstable: 0 dkg@alice:~$ DISPLAY= pinentry-qt OK Pleased to meet you getpin D monkey OK 0 dkg@alice:~$ DISPLAY= pinentry-qt --display :0 OK Pleased to meet you getpin D monkey OK 0 dkg@alice:~$ unset DISPLAY 0 dkg@alice:~$ pinentry-qt --display :0 OK Pleased to meet you getpin D abc123 OK 0 dkg@alice:~$ pinentry-qt OK Pleased to meet you getpin D abc123 OK 0 dkg@alice:~$ The two entries with --display caused a graphical display to pop up. the other two caused the curses fallback. if you can sort out a clearer replication, please report it on https://dev.gnupg.org/maniphest/task/edit/form/3/ ! Regards, --dkg signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Issue with pinentry GUI agent
On 9/5/18 9:39 AM, Kristian Fiskerstrand wrote: > without DISPLAY env var, qt version automatically falls back to curses > variant despite the argument Wrote too quickly there; This is actually wrong, it never actually falls back to curses, it just fails. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 Quidquid latine dictum sit, altum videtur. Anything said in Latin sounds profound signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Issue with pinentry GUI agent
On 9/4/18 6:10 PM, Daniel Kahn Gillmor wrote: > or do you mean something else? without DISPLAY env var, qt version automatically falls back to curses variant despite the argument kristianf@ares ~ $ unset DISPLAY kristianf@ares ~ $ /usr/bin/pinentry-qt4 --display :0 (pinentry-qt4:6370): Gtk-WARNING **: 09:31:41.576: cannot open display: kristianf@ares ~ $ export DISPLAY=:0 kristianf@ares ~ $ /usr/bin/pinentry-qt4 --display :0 OK Pleased to meet you throwing in a simple wrapper around pinentry, #!/bin/bash env > /tmp/pinentry-log.txt echo "$@" >> /tmp/pinentry-log.txt exec /usr/bin/pinentry-qt "$@" and diffing the log between keep-display, shows that the difference is +DISPLAY=:0 btw, you say started, but this should also be updated when issuing UPDATESTARTUPTTY shouldn't it? In any case, it solved the issue for the user and I replicated it also on pinentry 1.1.0 on gnupg 2.2.10 -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 Credo quia absurdum I believe it because it is absurd signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Issue with pinentry GUI agent
On Mon 2018-09-03 09:58:24 +0200, Kristian Fiskerstrand wrote: > Just to have it mentioned, turned out this was an issue with missing > keep-display in gpg-agent.conf, without this the Qt4/5 pinentry fail > (although I've been told it is not an issue in KDE environment). to be clear, keep-display means that all requests made to the agent that require interaction with X11 will show up on the original display that the agent was started with. This isn't desirable in all cases (e.g. where an agent is shared across multiple X11 displays) > gpg-agent without keep-display still seems to send display as argument > in --display :0 style, but this does not seem to be honored. i think you're saying that "pinentry-qt --display :124" doesn't honor the "--display :124" argument, but that doesn't seem to be true to me with pinentry 1.1.0: 0 dkg@alice:~$ pinentry-qt --display :124 qt.qpa.screen: QXcbConnection: Could not connect to display :124 Could not connect to any X display. 1 dkg@alice:~$ or do you mean something else? --dkg ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Issue with pinentry GUI agent
On 08/29/2018 12:41 AM, Kristian Fiskerstrand wrote: > On 08/28/2018 08:22 PM, Daniel Kahn Gillmor wrote: >> On Sat 2018-08-25 08:18:48 +0200, sunri...@gmx.com wrote: >>> Hi all, since some days I'm having an issue with pinentry, I've set the >>> default agent as pinentry-qt4 >>> from update-alternatives (I've also tried pinentry-qt and pinentry-gnome) >>> but when I run gpg --decrypt file >>> it's always falling on the cli for prompting the password. In >>> .gnupg/gpg-agent.conf as the first line I have >>> pinentry-program /usr/bin/pinentry-qt4 as well, but I don't get why it's >>> ignoring it. >>> There's a way to debug what's going on? >> >> can you give a little bit more information about your system (OS, >> version, version of gpg, version of pinentry, etc), and how you're >> accessing it (e.g. via ssh, via a graphical environment, etc)? >> >> have you terminated your gpg-agent program ("gpgconf --kill gpg-agent") >> after updating your settings in ~/.gnupg/gpg-agent.conf so that the >> settings would take effect? > > Not sure if it is related, but I'm currently also investigating an issue > with the qt pinentry for Gentoo installations. no similar issues for the > other ones.. I'm able to reproduce failures with the auto-spawned > gpg-agent though, that doesn't materialize when calling the pinentry > application directly in an environment. > > In this case the gtk2 pinentry works as expected though... but something > is possibly off with the handling of DISPLAY (as far as I've gotten in > my debugging that is the only diff in the env vars between the direct > invocation and the bash propmpted one, it might not be ultimately relevant) > Just to have it mentioned, turned out this was an issue with missing keep-display in gpg-agent.conf, without this the Qt4/5 pinentry fail (although I've been told it is not an issue in KDE environment). gpg-agent without keep-display still seems to send display as argument in --display :0 style, but this does not seem to be honored. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 "Strength lies in differences, not in similarities." (Stephen Covey) signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Issue with pinentry GUI agent
On 08/28/2018 08:22 PM, Daniel Kahn Gillmor wrote: > On Sat 2018-08-25 08:18:48 +0200, sunri...@gmx.com wrote: >> Hi all, since some days I'm having an issue with pinentry, I've set the >> default agent as pinentry-qt4 >> from update-alternatives (I've also tried pinentry-qt and pinentry-gnome) >> but when I run gpg --decrypt file >> it's always falling on the cli for prompting the password. In >> .gnupg/gpg-agent.conf as the first line I have >> pinentry-program /usr/bin/pinentry-qt4 as well, but I don't get why it's >> ignoring it. >> There's a way to debug what's going on? > > can you give a little bit more information about your system (OS, > version, version of gpg, version of pinentry, etc), and how you're > accessing it (e.g. via ssh, via a graphical environment, etc)? > > have you terminated your gpg-agent program ("gpgconf --kill gpg-agent") > after updating your settings in ~/.gnupg/gpg-agent.conf so that the > settings would take effect? Not sure if it is related, but I'm currently also investigating an issue with the qt pinentry for Gentoo installations. no similar issues for the other ones.. I'm able to reproduce failures with the auto-spawned gpg-agent though, that doesn't materialize when calling the pinentry application directly in an environment. In this case the gtk2 pinentry works as expected though... but something is possibly off with the handling of DISPLAY (as far as I've gotten in my debugging that is the only diff in the env vars between the direct invocation and the bash propmpted one, it might not be ultimately relevant) -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 "The laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only laws that applies in Australia is the law of Australia." (Malcolm Turnbull, Prime Minister of Australia). ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Issue with pinentry GUI agent
On Sat 2018-08-25 08:18:48 +0200, sunri...@gmx.com wrote: > Hi all, since some days I'm having an issue with pinentry, I've set the > default agent as pinentry-qt4 > from update-alternatives (I've also tried pinentry-qt and pinentry-gnome) but > when I run gpg --decrypt file > it's always falling on the cli for prompting the password. In > .gnupg/gpg-agent.conf as the first line I have > pinentry-program /usr/bin/pinentry-qt4 as well, but I don't get why it's > ignoring it. > There's a way to debug what's going on? can you give a little bit more information about your system (OS, version, version of gpg, version of pinentry, etc), and how you're accessing it (e.g. via ssh, via a graphical environment, etc)? have you terminated your gpg-agent program ("gpgconf --kill gpg-agent") after updating your settings in ~/.gnupg/gpg-agent.conf so that the settings would take effect? --dkg ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Issue with pinentry GUI agent
Hi all, since some days I'm having an issue with pinentry, I've set the default agent as pinentry-qt4 from update-alternatives (I've also tried pinentry-qt and pinentry-gnome) but when I run gpg --decrypt file it's always falling on the cli for prompting the password. In .gnupg/gpg-agent.conf as the first line I have pinentry-program /usr/bin/pinentry-qt4 as well, but I don't get why it's ignoring it. There's a way to debug what's going on? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users