[pkg-gnupg-maint] Bug#845565: Unable to sign from remote

Julien Puydt julien.puydt at laposte.net
Thu Nov 24 17:10:44 UTC 2016 

Package: src:pinentry
Version: 0.9.7-9
Severity: grave

I'm using a setup where I use mosh to connect to a remote host, with an 
attached tmux. I get a failure:
$ LANG=C gpg -s /tmp/test
gpg: signing failed: pinentry error
gpg: signing failed: pinentry error

I tried to strace the command above and the interesting part seems to be:

write(7, "RESET", 5)                    = 5
write(7, "\n", 1)                       = 1
read(7, "OK\n", 1002)                   = 3
write(7, "SIGKEY 1C352B00829AE69C2E6EBEFC2"..., 47) = 47
write(7, "\n", 1)                       = 1
read(7, "OK\n", 1002)                   = 3
write(7, "SETKEYDESC Please+enter+the+pass"..., 195) = 195
write(7, "\n", 1)                       = 1
read(7, "OK\n", 1002)                   = 3
write(7, "SETHASH 10 A81A135BBD68EDC98CF12"..., 139) = 139
write(7, "\n", 1)                       = 1
read(7, "OK\n", 1002)                   = 3
write(7, "PKSIGN", 6)                   = 6
write(7, "\n", 1)                       = 1
read(7, "INQUIRE PINENTRY_LAUNCHED 4875 g"..., 1002) = 44
write(7, "END", 3)                      = 3
write(7, "\n", 1)                       = 1
read(7, "ERR 83886166 Erreur de pinentry "..., 1002) = 43
write(2, "gpg: signing failed: pinentry er"..., 35gpg: signing failed: 
pinentry error) = 35

Where I can remark a few things :

(1) I ran:
strace gpg -s /tmp/test 2>&1 | tee /tmp/log
so the fact that strace and error message are interlaced isn't worrying.

(2) The error message is read from 7, and in french ; looking back in 
/tmp/log I see:
stat("/run/user/1000/gnupg/S.gpg-agent", {st_mode=S_IFSOCK|0700, 
st_size=0, ...}) = 0
socket(AF_UNIX, SOCK_STREAM, 0)         = 7
stat("/run/user/1000/gnupg/S.gpg-agent", {st_mode=S_IFSOCK|0700, 
st_size=0, ...}) = 0
connect(7, {sa_family=AF_UNIX, 
sun_path="/run/user/1000/gnupg/S.gpg-agent"}, 34) = 0
read(7, "OK Pleased to meet you, process "..., 1002) = 37

(3) I have no clue why it prints the error twice. Well, I do see a 
second write (2, ...) after unlink("/tmp/test.gpg"), but nothing seems 
to trigger a second error, so why a second print?

So my guess is that the gpg agent it connects to is attached to the 
opened X session I also have on remote host -- that would explain why 
the error message is in french. In that case it should fall back to the 
command line to ask for the password, but doesn't.

In fact, I had problems with that setup, then a new upload fixed them 
and now things are broken again differently : the fallback mechanism 
seems pretty fragile.

I hope that helps,

Snark on #debian-science

More information about the pkg-gnupg-maint mailing list