[pkg-gnupg-maint] Bug#784289: Bug#784289: gnupg 2.1 and gnome-keyring no longer interoperate

Werner Koch wk at gnupg.org
Tue May 5 06:36:30 UTC 2015


On Tue,  5 May 2015 01:38, sandals at crustytoothpaste.net said:

> spawned to prompt the user.  It appears the socket has moved, and
> symlinking the socket indicates that GnuPG has intentionally broken

It has not been broken but since 2.0.23 gpg detects that GKR hijacks the
connection and causes all kind of troubles including security
weaknesses.

Note that even 2.0 can be configured to use a fixed socket like 2.1
does:

  --use-standard-socket
  --no-use-standard-socket

    By enabling this option gpg-agent will listen on the socket named
    'S.gpg-agent', located in the home directory, and not create a
    random socket below a temporary directory.  Tools connecting to
    gpg-agent should first try to connect to the socket given in
    environment variable GPG_AGENT_INFO and then fall back to this
    socket.  This option may not be used if the home directory is
    mounted on a remote file system which does not support special files
    like fifos or sockets.  Note, that --use-standard-socket is the
    default on Windows systems.  The default may be changed at build
    time.  It is possible to test at runtime whether the agent has been
    configured for use with the standard socket by issuing the command
    gpg-agent --use-standard-socket-p which returns success if the
    standard socket option has been enabled.

> Please decide to which package this bug belongs, assign it accordingly,
> and fix it.

It has been told enough times that this is GKR bug. Given that the GNOME
folks are not willing to fix that we are preparing changes to the GnuPG
system which should allow them to remove that hijacking and instead
install a new kind of Pinentry which implements what GKR should have
done.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



More information about the pkg-gnupg-maint mailing list