Debian Bug report logs - #386107
debsign don't use gpg agent/pinentry

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Julien Danjou <acid@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: debsign don't use gpg agent/pinentry

Date: Tue, 5 Sep 2006 12:19:40 +0200

[Message part 1 (text/plain, inline)]

Package: devscripts
Version: 2.9.21
Severity: normal

Hi,

When I run debsign so sign my package, it fails because I set
use-gpg-agent in my configuration. It does not seem to launch pinentry.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-2-686
Locale: LANG=C, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)

Versions of packages devscripts depends on:
ii  debianutils                  2.17        Miscellaneous utilities specific t
ii  dpkg-dev                     1.13.22     package building tools for Debian
ii  libc6                        2.3.6.ds1-4 GNU C Library: Shared libraries
ii  perl                         5.8.8-6.1   Larry Wall's Practical Extraction 
ii  sed                          4.1.5-1     The GNU sed stream editor

Versions of packages devscripts recommends:
ii  fakeroot                      1.5.10     Gives a fake root environment

-- no debconf information

-- 
Julien Danjou
// Λ̊ <julien@danjou.info>   http://julien.danjou.info
// 9A0D 5FD9 EB42 22F6 8974  C95C A462 B51E C2FE E5CD
// Ferns will rule the world.

[signature.asc (application/pgp-signature, inline)]

Message #8 received at 386107@bugs.debian.org (full text, mbox, reply):

From: martin f krafft <madduck@debian.org>

To: Julien Danjou <acid@debian.org>, 386107@bugs.debian.org

Subject: Re: Bug#386107: debsign don't use gpg agent/pinentry

Date: Tue, 5 Sep 2006 13:33:19 +0200

[Message part 1 (text/plain, inline)]

also sprach Julien Danjou <acid@debian.org> [2006.09.05.1219 +0200]:
> When I run debsign so sign my package, it fails because I set
> use-gpg-agent in my configuration. It does not seem to launch pinentry.

FWIW, this works for me, but I set

  use-agent

in ~/.gnupg/gpg.conf. I don't know of a use-gpg-agent option.

ii  gnupg          1.4.5-1        GNU privacy guard - a free PGP replacement
ii  gnupg-agent    1.9.20-2       GNU privacy guard - password agent
ii  pinentry-gtk2  0.7.2-3        GTK+-2-based PIN or pass-phrase entry dialog

Does gpg-agent work for you if you just call

  echo test | gpg --sign

?

-- 
 .''`.   martin f. krafft <madduck@debian.org>
: :'  :  proud Debian developer, author, administrator, and user
`. `'`   http://people.debian.org/~madduck - http://debiansystem.info
  `-  Debian - when you have better things to do than fixing systems

[signature.asc (application/pgp-signature, inline)]

Message #13 received at 386107@bugs.debian.org (full text, mbox, reply):

From: Julien Danjou <acid@debian.org>

To: martin f krafft <madduck@debian.org>

Cc: 386107@bugs.debian.org

Subject: Re: Bug#386107: debsign don't use gpg agent/pinentry

Date: Tue, 5 Sep 2006 14:13:46 +0200

[Message part 1 (text/plain, inline)]

On Tue, Sep 05, 2006 at 01:33:19PM +0200, martin f krafft wrote:
> FWIW, this works for me, but I set
> 
>   use-agent
> 
> in ~/.gnupg/gpg.conf. I don't know of a use-gpg-agent option.

Sorry, I have use-agent too, not use-gpg-agent :-)

> ii  gnupg          1.4.5-1        GNU privacy guard - a free PGP replacement
> ii  gnupg-agent    1.9.20-2       GNU privacy guard - password agent
> ii  pinentry-gtk2  0.7.2-3        GTK+-2-based PIN or pass-phrase entry dialog

ii  gnupg              1.4.5-1        GNU privacy guard - a free PGP replacement
ii  gnupg-agent        1.9.20-2       GNU privacy guard - password agent
ii  pinentry-curses    0.7.2-3        curses-based PIN or pass-phrase entry dialog
ii  pinentry-gtk2      0.7.2-3        GTK+-2-based PIN or pass-phrase entry dialog

> Does gpg-agent work for you if you just call
> 
>   echo test | gpg --sign

No:

You need a passphrase to unlock the secret key for
user: "Julien Danjou <julien@danjou.info>"
1024-bit DSA key, ID C2FEE5CD, created 2002-02-18

gpg: cancelled by user
gpg: no default secret key: bad passphrase
gpg: signing failed: bad passphrase

But if it works for you, it might mean it's a configure issue on my
side. :-/

Thanks for your attention.

Cheers,
-- 
Julien Danjou
.''`.  Debian Developer
: :' : http://julien.danjou.info
`. `'  http://people.debian.org/~acid
  `-   9A0D 5FD9 EB42 22F6 8974  C95C A462 B51E C2FE E5CD

[signature.asc (application/pgp-signature, inline)]

Message #16 received at 386107@bugs.debian.org (full text, mbox, reply):

From: martin f krafft <madduck@debian.org>

To: Julien Danjou <acid@debian.org>, 386107@bugs.debian.org

Subject: Re: Bug#386107: debsign don't use gpg agent/pinentry

Date: Tue, 5 Sep 2006 14:40:24 +0200

[Message part 1 (text/plain, inline)]

also sprach Julien Danjou <acid@debian.org> [2006.09.05.1413 +0200]:
> gpg: no default secret key: bad passphrase

i think this may be your problem. I have

  default-key 330c4a75
  encrypt-to 330c4a75

in my ~/.gnupg/gpg.conf file, and I always pass -k to debsign.

-- 
 .''`.   martin f. krafft <madduck@debian.org>
: :'  :  proud Debian developer, author, administrator, and user
`. `'`   http://people.debian.org/~madduck - http://debiansystem.info
  `-  Debian - when you have better things to do than fixing systems

[signature.asc (application/pgp-signature, inline)]

Message #21 received at 386107@bugs.debian.org (full text, mbox, reply):

From: Julien Danjou <acid@debian.org>

To: martin f krafft <madduck@debian.org>

Cc: 386107@bugs.debian.org

Subject: Re: Bug#386107: debsign don't use gpg agent/pinentry

Date: Tue, 5 Sep 2006 16:49:25 +0200

[Message part 1 (text/plain, inline)]

On Tue, Sep 05, 2006 at 02:40:24PM +0200, martin f krafft wrote:
> i think this may be your problem. I have
> 
>   default-key 330c4a75
>   encrypt-to 330c4a75
> 
> in my ~/.gnupg/gpg.conf file, and I always pass -k to debsign.

Still fails.  By the way,  I also use  -k to sign.  But echo test  | gpg
--sign seems to  try to use the  good key but does  not launch pinentry,
even if my passphrase was forgotten

Cheers,
-- 
Julien Danjou
.''`.  Debian Developer
: :' : http://julien.danjou.info
`. `'  http://people.debian.org/~acid
  `-   9A0D 5FD9 EB42 22F6 8974  C95C A462 B51E C2FE E5CD

[signature.asc (application/pgp-signature, inline)]

Message #26 received at 386107@bugs.debian.org (full text, mbox, reply):

From: Julian Gilbey <jdg@polya.uklinux.net>

To: Julien Danjou <acid@debian.org>, 386107@bugs.debian.org

Cc: martin f krafft <madduck@debian.org>

Subject: Re: Bug#386107: debsign don't use gpg agent/pinentry

Date: Tue, 5 Sep 2006 20:40:20 +0100

reassign 386107 gnupg
thanks

On Tue, Sep 05, 2006 at 04:49:25PM +0200, Julien Danjou wrote:
> On Tue, Sep 05, 2006 at 02:40:24PM +0200, martin f krafft wrote:
> > i think this may be your problem. I have
> > 
> >   default-key 330c4a75
> >   encrypt-to 330c4a75
> > 
> > in my ~/.gnupg/gpg.conf file, and I always pass -k to debsign.
> 
> Still fails.  By the way,  I also use  -k to sign.  But echo test  | gpg
> --sign seems to  try to use the  good key but does  not launch pinentry,
> even if my passphrase was forgotten

So I'm going to reassign this to gnupg as it's clearly not a
devscripts issue.

   Julian

Message #33 received at 386107@bugs.debian.org (full text, mbox, reply):

From: Micah Anderson <micah@riseup.net>

To: 386107@bugs.debian.org

Subject: I also have this problem

Date: Wed, 13 Feb 2008 20:48:25 -0500

[Message part 1 (text/plain, inline)]

I also have this problem, and I have the same configuration that
madduck has.

I have pinentry-curses and gnupg-agent installed and am unable to sign
packages with debsign when I'm using an agent.

micah

[signature.asc (application/pgp-signature, inline)]

Message #42 received at 386107@bugs.debian.org (full text, mbox, reply):

From: Eric Dorland <eric@kuroneko.ca>

To: Micah Anderson <micah@riseup.net>

Cc: 386107@bugs.debian.org

Subject: Re: I also have this problem

Date: Mon, 28 Apr 2008 02:43:02 -0400

[Message part 1 (text/plain, inline)]

> I also have this problem, and I have the same configuration that
> madduck has.

> I have pinentry-curses and gnupg-agent installed and am unable to sign
> packages with debsign when I'm using an agent.

Have you tried setting the GPG_TTY environment as indicated in the manpage?

-- 
Eric Dorland <eric@kuroneko.ca>
ICQ: #61138586, Jabber: hooty@jabber.com

[signature.asc (application/pgp-signature, inline)]

Message #47 received at 386107@bugs.debian.org (full text, mbox, reply):

From: intrigeri@boum.org

To: 386107@bugs.debian.org

Subject: I also have this problem

Date: Mon, 15 Sep 2008 01:56:26 +0200

Hello,

I have this problem too.

> Have you tried setting the GPG_TTY environment as indicated in
> the manpage?

I did.

My setup:
- gpg-agent is running
- $GPG_AGENT_INFO is ok
- $GPG_TTY is ok
- $DISPLAY is unset
- running in GNU Screen, inside a VServer, and over SSH
- /usr/bin/pinentry links to /etc/alternatives/pinentry, itself
  linking to /usr/bin/pinentry-curses

- ~/.gnupg/gpg-agent.conf contains:
pinentry-program /usr/bin/pinentry
default-cache-ttl 3600

- non-comment lines in ~/.gnupg/gpg.conf are:
default-key FD586E52
lock-once
keyserver x-hkp://subkeys.pgp.net
use-agent

- the relevant test output:

$ echo test | gpg -vv  --sign 

You need a passphrase to unlock the secret key for
user: "intrigeri <intrigeri@boum.org>"
1024-bit DSA key, ID FD586E52, created 2008-07-13

gpg: cancelled by user
gpg: no default secret key: bad passphrase
gpg: signing failed: bad passphrase

Bye,
--
   <intrigeri@boum.org>
  | gnupg key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | Did you exchange a walk on part in the war
  | for a lead role in the cage?

Message #52 received at 386107@bugs.debian.org (full text, mbox, reply):

From: intrigeri@boum.org

To: 386107@bugs.debian.org

Subject: Re: I also have this problem

Date: Mon, 15 Sep 2008 04:30:27 +0200

> My setup:
> - gpg-agent is running
> - $GPG_AGENT_INFO is ok
> - $GPG_TTY is ok
> - $DISPLAY is unset
> - running in GNU Screen, inside a VServer, and over SSH
> - /usr/bin/pinentry links to /etc/alternatives/pinentry, itself
>   linking to /usr/bin/pinentry-curses

In case there are people banging their heads against this bug...

I was able to workaround this, thanks to the following ingredients:
- enabling SSH X11 forwarding
- switching to pinentry-gtk2

Yet the bug remains.

Bye,
-- 
  intrigeri <intrigeri@boum.org>

Message #57 received at 386107@bugs.debian.org (full text, mbox, reply):

From: Xavier Luthi <xavier@caroxav.be>

To: 386107@bugs.debian.org

Cc: intrigeri@boum.org, micah@riseup.net, control@bugs.debian.org

Subject: Bug #386107: debsign doesn't use gpg-agent/pinentry

Date: Wed, 3 Dec 2008 14:19:16 +0100

tags 386107 + moreinfo
thanks

Hi, 


For those having this bug, can you please send more information?

It would be fine to start gpg-agent with verbose and debug
options activated: "gpg-agent --daemon -vv --debug-all"

Then, it would be useful to have:
 * the exact values of $GPG_TTY and $GPG_AGENT_INFO
 * the output of 'ps -ef |grep gpg-agent'
 * the output of 'echo test |gpg -s'

Thanks for your feedback!

Cheers,
 Xavier

Message #64 received at 386107@bugs.debian.org (full text, mbox, reply):

From: Xavier Luthi <xavier@caroxav.be>

To: 386107@bugs.debian.org

Cc: control@bugs.debian.org

Subject: Re: Bug #386107: debsign doesn't use gpg-agent/pinentry

Date: Fri, 2 Jan 2009 11:25:07 +0100

tags 386107 + unreproducible


Hi,


I'm tagging this bug as unreproducible as no feedback has been
received for one month.

Here is how it works on my host:

* ~/.bash_profile is sourcing my .bashrc:
  if [ -f ~/.bashrc ]; then
      . ~/.bashrc
  fi

* ~/.bahrc has the following lines:
  if test -f $HOME/.gpg-agent-info &&    kill -0 `cut -d: -f 2 $HOME/.gpg-agent-info` 2>/dev/null; then
      export `cat $HOME/.gpg-agent-info`
  else
      eval `gpg-agent --daemon --quiet --write-env-file $HOME/.gpg-agent-info`
  fi
 
  export GPG_TTY=$(tty)


As a result, here is what I have in a console (with or without
screen):

$ echo $GPG_TTY
/dev/pts/1
$ echo $GPG_AGENT_INFO
/tmp/gpg-5vKQhe/S.gpg-agent:8675:1
$ ps -ef |grep gpg-agent |grep -v grep
xavier    8675     1  0 11:21 ?        00:00:00 gpg-agent --daemon --quiet --write-env-file /home/xavier/.gpg-agent-info
$ echo test |gpg -s
  --> The string 'test' is signed with my private key.



If no feedback is received on this bug within one week, I'll close it.


Cheers,
 Xavier

Message #71 received at 386107-close@bugs.debian.org (full text, mbox, reply):

From: Xavier Luthi <xavier@caroxav.be>

To: 386107-close@bugs.debian.org

Subject: As explained in my previous email, the feature is working.

Date: Tue, 10 Feb 2009 15:22:50 +0100

Package: gnupg-agent


Hi,

As I did not received feedback for more than a month, I'm closing
this bug.


Cheers,
  Xavier

Send a report that this bug log contains spam.