Bug#577737: [pinentry-qt4] Re: gpg command won't use agent if the agent is configured to use pinentry-qt4
On 15/10/16 01:45, Daniel Kahn Gillmor wrote: > On Fri 2016-10-14 16:56:37 -0400, OmegaPhil wrote: >> On 14/10/16 00:28, Daniel Kahn Gillmor wrote: >>> On Thu 2016-10-13 14:09:16 -0400, OmegaPhil wrote: As soon as I did a killall to have gpg-agent load the new configuration and try again, it worked - I know that gpg2 stuff has updated recently, and my uptime is ~11d, so perhaps the update scripts don't kill off gpg-agent when theres some incompatible change? >>> >>> That's right, the package upgrade scripts make no attempt to restart >>> long-running user processes, for reasons i suspect you can imagine :) >>> >>> Can you review /var/log/dpkg.log to see what versions of gpg-agent you >>> might have been running initially? I'm glad it's working for you now, >>> anyway, though i'm still in the dark as to why it wasn't working for you >>> before. >> >> Latest mentions of gnupg-agent: >> >> = >> >> /var/log/dpkg.log:2016-10-02 08:11:27 upgrade gnupg-agent:amd64 2.1.11-7 >> 2.1.15-3 > > You wrote ~11d on the 13th. This upgrade is from the 2nd, ~11d before > the report. Can you tell me whether this upgrade happend before or > after the boot that led you into the 11d uptime? If it happened after > then yes, you were most likely running the older gpg-agent without > restarting it, which would explain the failures you saw. > > fwiw, gpg should provide warning messages to stderr if it discovers it's > talking to an older agent, but if you only accessed it through enigmail > maybe those warning messages weren't propagated through to where you > could easily see them. > >--dkg No, 'old gpg-agent was running' doesn't seem to be the right explanation for this. The upgrade happened at 2016-10-02 08:11:27, however October the 2nd looks like monthly reboot day, since there was a reboot from a v4.5 kernel into v4.6 at 19:35:49, and then v4.7 at 19:40:19 (I'm running v4.7.5-1 atm). I'd like to say that any complaints from gpg-agent would cause that Enigmail dialog to pop up, e.g. the 4 repeats of the dialog originally suggestively match the 4 lines reported to .xsession-errors. signature.asc Description: OpenPGP digital signature
Bug#577737: [pinentry-qt4] Re: gpg command won't use agent if the agent is configured to use pinentry-qt4
On Fri 2016-10-14 16:56:37 -0400, OmegaPhil wrote: > On 14/10/16 00:28, Daniel Kahn Gillmor wrote: >> On Thu 2016-10-13 14:09:16 -0400, OmegaPhil wrote: >>> As soon as I did a killall to have gpg-agent load the new >>> configuration and try again, it worked - I know that gpg2 stuff has >>> updated recently, and my uptime is ~11d, so perhaps the update scripts >>> don't kill off gpg-agent when theres some incompatible change? >> >> That's right, the package upgrade scripts make no attempt to restart >> long-running user processes, for reasons i suspect you can imagine :) >> >> Can you review /var/log/dpkg.log to see what versions of gpg-agent you >> might have been running initially? I'm glad it's working for you now, >> anyway, though i'm still in the dark as to why it wasn't working for you >> before. > > Latest mentions of gnupg-agent: > > = > > /var/log/dpkg.log:2016-10-02 08:11:27 upgrade gnupg-agent:amd64 2.1.11-7 > 2.1.15-3 You wrote ~11d on the 13th. This upgrade is from the 2nd, ~11d before the report. Can you tell me whether this upgrade happend before or after the boot that led you into the 11d uptime? If it happened after then yes, you were most likely running the older gpg-agent without restarting it, which would explain the failures you saw. fwiw, gpg should provide warning messages to stderr if it discovers it's talking to an older agent, but if you only accessed it through enigmail maybe those warning messages weren't propagated through to where you could easily see them. --dkg signature.asc Description: PGP signature
Bug#577737: [pinentry-qt4] Re: gpg command won't use agent if the agent is configured to use pinentry-qt4
On 14/10/16 00:28, Daniel Kahn Gillmor wrote: > On Thu 2016-10-13 14:09:16 -0400, OmegaPhil wrote: >> Enigmail is v1.9.5 via Get Addons (rather than the Debian package). >> >> I started playing with dirmngr.conf but then I realised you meant >> gpg-agent.conf ;). > > thanks, yes, you are correct :) > >> As soon as I did a killall to have gpg-agent load the new >> configuration and try again, it worked - I know that gpg2 stuff has >> updated recently, and my uptime is ~11d, so perhaps the update scripts >> don't kill off gpg-agent when theres some incompatible change? > > That's right, the package upgrade scripts make no attempt to restart > long-running user processes, for reasons i suspect you can imagine :) > > Can you review /var/log/dpkg.log to see what versions of gpg-agent you > might have been running initially? I'm glad it's working for you now, > anyway, though i'm still in the dark as to why it wasn't working for you > before. > > --dkg Latest mentions of gnupg-agent: = /var/log/dpkg.log:2016-10-02 08:11:27 upgrade gnupg-agent:amd64 2.1.11-7 2.1.15-3 /var/log/dpkg.log:2016-10-02 08:11:27 status half-configured gnupg-agent:amd64 2.1.11-7 /var/log/dpkg.log:2016-10-02 08:11:27 status unpacked gnupg-agent:amd64 2.1.11-7 /var/log/dpkg.log:2016-10-02 08:11:27 status half-installed gnupg-agent:amd64 2.1.11-7 /var/log/dpkg.log:2016-10-02 08:11:27 status half-installed gnupg-agent:amd64 2.1.11-7 /var/log/dpkg.log:2016-10-02 08:11:27 status unpacked gnupg-agent:amd64 2.1.15-3 /var/log/dpkg.log:2016-10-02 08:11:27 status unpacked gnupg-agent:amd64 2.1.15-3 /var/log/dpkg.log:2016-10-02 08:12:41 configure gnupg-agent:amd64 2.1.15-3 /var/log/dpkg.log:2016-10-02 08:12:41 status unpacked gnupg-agent:amd64 2.1.15-3 /var/log/dpkg.log:2016-10-02 08:12:41 status unpacked gnupg-agent:amd64 2.1.15-3 /var/log/dpkg.log:2016-10-02 08:12:41 status half-configured gnupg-agent:amd64 2.1.15-3 /var/log/dpkg.log:2016-10-02 08:12:41 status installed gnupg-agent:amd64 2.1.15-3 = 2.1.11-7 is mentioned as an upgrade on 25.04.16. signature.asc Description: OpenPGP digital signature
Bug#577737: [pinentry-qt4] Re: gpg command won't use agent if the agent is configured to use pinentry-qt4
On Thu 2016-10-13 14:09:16 -0400, OmegaPhil wrote: > Enigmail is v1.9.5 via Get Addons (rather than the Debian package). > > I started playing with dirmngr.conf but then I realised you meant > gpg-agent.conf ;). thanks, yes, you are correct :) > As soon as I did a killall to have gpg-agent load the new > configuration and try again, it worked - I know that gpg2 stuff has > updated recently, and my uptime is ~11d, so perhaps the update scripts > don't kill off gpg-agent when theres some incompatible change? That's right, the package upgrade scripts make no attempt to restart long-running user processes, for reasons i suspect you can imagine :) Can you review /var/log/dpkg.log to see what versions of gpg-agent you might have been running initially? I'm glad it's working for you now, anyway, though i'm still in the dark as to why it wasn't working for you before. --dkg signature.asc Description: PGP signature
Bug#577737: [pinentry-qt4] Re: gpg command won't use agent if the agent is configured to use pinentry-qt4
On 12/10/16 22:04, Daniel Kahn Gillmor wrote: > On Wed 2016-10-12 13:02:56 -0400, OmegaPhil wrote: >> Since that point, I have uninstalled pinentry-qt4 and have happily been >> using pinentry-gtk-2. >> >> Installing pinentry-qt (0.9.7-5) and switching to it via alternatives >> results in the following error dialog coming up 4 times in succession >> from Enigmail: >> >> = >> >> GnuPG cannot query your passphrase via pinentry. >> >> This is a system setup or configuration error that prevents Enigmail >> from working properly and cannot be fixed automatically. >> >> We strongly recommend that you consult our support web site at >> https://enigmail.net/faq. >> >> = >> >> The real error comes out in ~/.xsession-errors: >> >> = >> >> gpg-agent[7019]: can't connect to the PIN entry module >> '/usr/bin/pinentry': End of file >> gpg-agent[7019]: failed to unprotect the secret key: No pinentry >> gpg-agent[7019]: failed to read the secret key >> gpg-agent[7019]: command 'PKDECRYPT' failed: No pinentry > > I'm still baffled. i followed exactly the steps that you did and the QT > prompt shows up for me :( > > What version of enigmail are you running? where did you get it from? > > can you turn on debug-pinentry in your dirmngr.conf and see what it says? > > --dkg Enigmail is v1.9.5 via Get Addons (rather than the Debian package). I started playing with dirmngr.conf but then I realised you meant gpg-agent.conf ;). As soon as I did a killall to have gpg-agent load the new configuration and try again, it worked - I know that gpg2 stuff has updated recently, and my uptime is ~11d, so perhaps the update scripts don't kill off gpg-agent when theres some incompatible change? Thanks signature.asc Description: OpenPGP digital signature
Bug#577737: [pinentry-qt4] Re: gpg command won't use agent if the agent is configured to use pinentry-qt4
On Wed 2016-10-12 13:02:56 -0400, OmegaPhil wrote: > Since that point, I have uninstalled pinentry-qt4 and have happily been > using pinentry-gtk-2. > > Installing pinentry-qt (0.9.7-5) and switching to it via alternatives > results in the following error dialog coming up 4 times in succession > from Enigmail: > > = > > GnuPG cannot query your passphrase via pinentry. > > This is a system setup or configuration error that prevents Enigmail > from working properly and cannot be fixed automatically. > > We strongly recommend that you consult our support web site at > https://enigmail.net/faq. > > = > > The real error comes out in ~/.xsession-errors: > > = > > gpg-agent[7019]: can't connect to the PIN entry module > '/usr/bin/pinentry': End of file > gpg-agent[7019]: failed to unprotect the secret key: No pinentry > gpg-agent[7019]: failed to read the secret key > gpg-agent[7019]: command 'PKDECRYPT' failed: No pinentry I'm still baffled. i followed exactly the steps that you did and the QT prompt shows up for me :( What version of enigmail are you running? where did you get it from? can you turn on debug-pinentry in your dirmngr.conf and see what it says? --dkg signature.asc Description: PGP signature
Bug#577737: [pinentry-qt4] Re: gpg command won't use agent if the agent is configured to use pinentry-qt4
On 12/10/16 18:02, OmegaPhil wrote: > On 12/10/16 08:31, Daniel Kahn Gillmor wrote: >> Control: tags 577737 + moreinfo unreproducible >> >> On Thu 2014-02-20 16:57:15 -0500, OmegaPhil wrote: >> >>> Package: pinentry-qt4 >>> Version: 0.8.3-2 >>> >>> I also get this bug - today I finally researched into and set up >>> Enigmail and gpg, yet it failed to generate a revocation certificate >>> and later send an encrypted/signed mail - bad passphrase or key >>> couldnt be found. >> >> i haven't been able to reproduce this reported problem with pinentry-qt4 >> or its current equivalent pinentry-qt. Is this still a problem with >> 0.9.7-6 in debian unstable or 0.9.7-5 in debian testing? Is there a >> straightforward way to reproduce the problem? Is it an issue with >> DBUS_SESSION_BUS_ADDRESS perhaps? >> >> --dkg > > > Since that point, I have uninstalled pinentry-qt4 and have happily been > using pinentry-gtk-2. > > Installing pinentry-qt (0.9.7-5) and switching to it via alternatives > results in the following error dialog coming up 4 times in succession > from Enigmail: > > = > > GnuPG cannot query your passphrase via pinentry. > > This is a system setup or configuration error that prevents Enigmail > from working properly and cannot be fixed automatically. > > We strongly recommend that you consult our support web site at > https://enigmail.net/faq. > > = > > The real error comes out in ~/.xsession-errors: > > = > > gpg-agent[7019]: can't connect to the PIN entry module > '/usr/bin/pinentry': End of file > gpg-agent[7019]: failed to unprotect the secret key: No pinentry > gpg-agent[7019]: failed to read the secret key > gpg-agent[7019]: command 'PKDECRYPT' failed: No pinentry > > = > > Manually calling pintentry seems to work: > > = > > OK Pleased to meet you > GETPIN > > D lol > OK > > = > > So its still effectively useless. Note that I'm no longer running Debian Testing but Devuan Testing, however the pinentry package is unchanged. signature.asc Description: OpenPGP digital signature
Bug#577737: [pinentry-qt4] Re: gpg command won't use agent if the agent is configured to use pinentry-qt4
On 12/10/16 08:31, Daniel Kahn Gillmor wrote: > Control: tags 577737 + moreinfo unreproducible > > On Thu 2014-02-20 16:57:15 -0500, OmegaPhil wrote: > >> Package: pinentry-qt4 >> Version: 0.8.3-2 >> >> I also get this bug - today I finally researched into and set up >> Enigmail and gpg, yet it failed to generate a revocation certificate >> and later send an encrypted/signed mail - bad passphrase or key >> couldnt be found. > > i haven't been able to reproduce this reported problem with pinentry-qt4 > or its current equivalent pinentry-qt. Is this still a problem with > 0.9.7-6 in debian unstable or 0.9.7-5 in debian testing? Is there a > straightforward way to reproduce the problem? Is it an issue with > DBUS_SESSION_BUS_ADDRESS perhaps? > > --dkg Since that point, I have uninstalled pinentry-qt4 and have happily been using pinentry-gtk-2. Installing pinentry-qt (0.9.7-5) and switching to it via alternatives results in the following error dialog coming up 4 times in succession from Enigmail: = GnuPG cannot query your passphrase via pinentry. This is a system setup or configuration error that prevents Enigmail from working properly and cannot be fixed automatically. We strongly recommend that you consult our support web site at https://enigmail.net/faq. = The real error comes out in ~/.xsession-errors: = gpg-agent[7019]: can't connect to the PIN entry module '/usr/bin/pinentry': End of file gpg-agent[7019]: failed to unprotect the secret key: No pinentry gpg-agent[7019]: failed to read the secret key gpg-agent[7019]: command 'PKDECRYPT' failed: No pinentry = Manually calling pintentry seems to work: = OK Pleased to meet you GETPIN D lol OK = So its still effectively useless. signature.asc Description: OpenPGP digital signature
Bug#577737: [pinentry-qt4] Re: gpg command won't use agent if the agent is configured to use pinentry-qt4
Control: tags 577737 + moreinfo unreproducible On Thu 2014-02-20 16:57:15 -0500, OmegaPhil wrote: > Package: pinentry-qt4 > Version: 0.8.3-2 > > I also get this bug - today I finally researched into and set up > Enigmail and gpg, yet it failed to generate a revocation certificate > and later send an encrypted/signed mail - bad passphrase or key > couldnt be found. i haven't been able to reproduce this reported problem with pinentry-qt4 or its current equivalent pinentry-qt. Is this still a problem with 0.9.7-6 in debian unstable or 0.9.7-5 in debian testing? Is there a straightforward way to reproduce the problem? Is it an issue with DBUS_SESSION_BUS_ADDRESS perhaps? --dkg signature.asc Description: PGP signature
Bug#577737: [pinentry-qt4] Re: gpg command won't use agent if the agent is configured to use pinentry-qt4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/06/14 02:25, Peter Eisentraut wrote: I can't reproduce this, and I can't explain it. A couple of things to try: Try running pinentry-qt4 independently of gpg. Just start it and enter GETPIN at the prompt, and see if a window appears. Also check your login setup to make sure that the environment variables GPG_TTY and/or GPG_AGENT_INFO are set correctly. Although that wouldn't explain why pinentry-gtk-2 works. There could be other environment variables or settings that affect Qt but not Gtk. Testing the programs separately, as described above, might clarify that. When I run pinentry-qt4 separately, I get a dialog, entering 'lol' produces: === OK Your orders please GETPIN Bus::open: Can not get ibus-daemon's address. IBusInputContext::createInputContext: no connection to ibus-daemon D lol OK === On the bash shell I'm looking at, GPG_TTY is unset, GPG_AGENT_INFO is set to /tmp/gpg-GZ1n2z/S.gpg-agent:27908:1 - gpg-agent is running with that process ID. For reference I use XFCE4, not KDE. Enigmail still breaks completely when /usr/bin/pinentry-qt4 'auto mode'/'manual mode' is set. During desktop startup, the only gpg error I can see is (which is hopefully trivial): === xfce4-session-Message: ssh-agent is already running; starting gpg-agent without ssh support === Thanks - -- Libre software on Github: https://github.com/OmegaPhil FSF member #9442 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQIcBAEBAgAGBQJTmc+sAAoJEBfSPH39wvOPLxwQAJEvwFuXAQdqZYR1Oub7dJsb wmI8aAnZi627c9vZ3aE0uljnVZvKVe+p3h4jnlWy4J7DH/HAR228VOZU+ZHOP1qZ q18DA3ovwqATbjGTwXLkLrODkG5BlNgSrS6g9yMIBG+mheAJ5keGlka1pviLUvJ3 HM5OV0UTDwjPdlZf537zgWrsvJBBcEFQbqztLCh8JOxGwGGPreqgLGcQjMg1wBPn Jmvq6zYYwqhqAo7GoRrtDd3I7I971yUQ5CGRZnDu9wo4zQBrnJccdcwRaHIwBi7S 8u6p6kDsNfwJ9iKpwlOVY5P8DxA/MH1hhaDXOjXJk84hLYrQk5ZyFMZxouUHRDyB gsExLvk7eeYxf+JZENyFseK+dO2wgrJIBV+HFYN/zLvAnJFm7YOzHeIZjeEyVJM2 XfwdayDgFW5cmBb5a/JMggExBOpRrwFk4j1oC/vi7R51JU/ziPLEmSjOyMHWt4XD 8euriUSkcrwCUIe+UtYr2Goq7x5o5p0kmT5XiqG2rkm5izJrftg8pd0iVZDXi0yI f8R0LtkKVA1FIJw3Lv/u2NwwYnZgXOd2ctvWYLaYl9wMy3lVr5bNjw98AoEedHK2 H87y15tWQa9TRu0IoFrjqYAZyII8OyYUDuZGC/wyGc6/Dud3tXYHLLeN7z9hXQn9 PgovMVG5/vIB09FS5Zr+ =6gYD -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#577737: [pinentry-qt4] Re: gpg command won't use agent if the agent is configured to use pinentry-qt4
I can't reproduce this, and I can't explain it. A couple of things to try: Try running pinentry-qt4 independently of gpg. Just start it and enter GETPIN at the prompt, and see if a window appears. Also check your login setup to make sure that the environment variables GPG_TTY and/or GPG_AGENT_INFO are set correctly. Although that wouldn't explain why pinentry-gtk-2 works. There could be other environment variables or settings that affect Qt but not Gtk. Testing the programs separately, as described above, might clarify that. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#577737: [pinentry-qt4] Re: gpg command won't use agent if the agent is configured to use pinentry-qt4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Package: pinentry-qt4 Version: 0.8.3-2 I also get this bug - today I finally researched into and set up Enigmail and gpg, yet it failed to generate a revocation certificate and later send an encrypted/signed mail - bad passphrase or key couldnt be found. After some research I was lucky to find out about the pinentry programs - currently the following are available here: = SelectionPath Priority Status - * 0/usr/bin/pinentry-qt4 95auto mode 1/usr/bin/pinentry-gtk-2 85manual mode 2/usr/bin/pinentry-qt4 95manual mode = pinentry-qt4 fails completely to prompt me for a password, but when I change to pinentry-gtk-2, things work fine. My gpg-agent.conf is very boring: === ###+++--- GPGConf ---+++### default-cache-ttl 300 max-cache-ttl 3000 ###+++--- GPGConf ---+++### Thu 20 Feb 2014 21:06:05 GMT # GPGConf edited this configuration file. # It will disable options before this marked block, but it will # never change anything below these lines. === So I dont think it is a locale issue here (en_GB.utf8 for reference). A normal user would not have known what to do with no passphrase prompts appearing so this is a serious problem. - --- System information. --- Architecture: amd64 Kernel: Linux 3.12-1-amd64 Debian Release: jessie/sid 990 testing security.debian.org 990 testing ftp.uk.debian.org 500 unstableignorantguru.github.com 500 unstableftp.uk.debian.org 500 quodlibet-unstable www.student.tugraz.at 1 experimentalftp.uk.debian.org - --- Package information. --- Depends (Version) | Installed ===-+-=== libc6 (= 2.14) | libgcc1(= 1:4.1.1) | libncursesw5 (= 5.6+20070908) | libqtcore4 (= 4:4.7.0~beta1) | libqtgui4 (= 4:4.5.3) | libstdc++6 (= 4.1.1) | libtinfo5 | Package's Recommends field is empty. Suggests (Version) | Installed ===-+-=== pinentry-doc| - -- Libre software on Github: https://github.com/OmegaPhil FSF member #9442 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQIcBAEBAgAGBQJTBno7AAoJEBfSPH39wvOP5LAP/3gYwnVxmSqOQi45vGtLZQIB GpNqElzHa0N92Y9gN5EgutioCRQLJfZ1pve6m1K9gyZsUkGXPNupwuZf2JketcJd gcQwO5YzFvi6psfsFrDNqtPioObj0+ey6sLSNFC6fBhzekcjb7TyJVHkSelSPgyj Qoa1060EcTFsOf9JFGa39IhpozZ/qHv/c/LloBOg/ARvUNoV3HGplvGEY+RTRidn 6U3NRBc7x/9/KHNYmW35ejT21i0seKTPcpcnT2eCj/bVLbsRkW8wJeip4V6bMLG/ ttbYamjeNV9ZqOZamZtllZXwYHVmiheF1Ma6g1j2g4UMVEFHYMOr3YHmMb7SUAV1 Gpov0EVw8Io8tB7mJdzZ1CPUaJ9oqvu7PONUFNQoZDrm1t99vpwtrWtzeIPF8+bw YgJOx9b6zvQEYHV47BwRz0Gr7wQ5KcRsDFnxvtmd18Donk1GGtltWMF8lajPtmY/ H6aHg0LbdOV8i83pl79TZ5dNPROgXk2QpVJbyuK2Jj3fRJmikBR6lTmzemKmDK0q InJnGQHDevMJIPvIM9ntROf09GYaSbapf7wwSx0CEm+VOS2gvT8tT76xzigrNIWZ wFbnNrcyQ9XGHIUW28jThW6iUAjOlsfTLQezDnLVj7kSJhmHNNIzzRoIgTD8TBs1 ZoD2jV5QCXyg/XriTuE6 =yVWY -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org