[pkg-gnupg-maint] Bug#840687: Bug#840687: gnupg: Fails to sign git commits

Fri Oct 14 07:29:34 UTC 2016

Dear Daniel,

thanks for your prompt reply. The test setup worked just fine, but
after debugging gpg-agent as you suggested (with a higher debug-level,
though) I know where the problem is. Attaching the log is pointless I
think, as the critical line is clearly here:

DBG: chan_10 -> SETERROR Passphrase too long (try 2 of 3)

Looks like pinentry cannot handle passwords longer than 255 ASCII
characters (at least in my case), and there's even an abandoned bug
report about that, so maybe I should move there?

https://bugs.gnupg.org/gnupg/issue1592

Thank you once more.

Regards
Josef Vitu

On Thu, 13 Oct 2016 19:05:57 -0400
Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:

> Control: tags 840687 + unreproducible moreinfo
> 
> Hi Josef--
> 
> thanks for your report!  sorry to hear you're having this problem.
> hopefully we can get it sorted out!
> 
> I tried to replicate this with a test directory:
> 
>     workdir=$(mktemp -d)
>     export GNUPGHOME="$workdir/gpg"
>     mkdir -m 0700 $GNUPGHOME
>     gpg --batch --passphrase-fd 3 3<<<test --quick-gen-key 'test
> account <test at example.org>' fpr=$(gpg --with-colons
> --with-fingerprint --list-secret-keys  | awk -F: '/^fpr:/{print $10}'
> | head -n1) git init "$workdir/test" cd "$workdir/test"
>     echo test > test.txt
>     git add test.txt
>     git commit -S"$fpr" -m 'test commit'
> 
> and it worked for me, using a pinentry-gnome3 :/
> 
> I did *not* get the responses you got:
> 
> On Thu 2016-10-13 16:44:38 -0400, Josef Vitu wrote:
> 
> > after upgrading from 1.4.20-6 to 2.1.15-4, signing a git commit
> > fails with the following errors:
> >
> > gpg: signing failed: No data callback in IPC
> > gpg: signing failed: No data callback in IPC
> > error: gpg failed to sign the data
> > fatal: failed to write commit object
> >
> > The password input into the pinentry-gnome3 (or pinentry-gtk-2)
> > dialog is 100% correct.  
> 
> Then i tried using pinentry-tty manually, with:
> 
>     echo pinentry-program pinentry-tty >>
> "$workdir/gpg/gpg-agent.conf" gpg-connect-agent killagent /bye
> 
> And i got the same errors you did:
> 
> > Attempts to use pinentry-tty failed with:
> >
> > gpg: signing failed: Invalid IPC response  
> 
> with pinentry-tty, i saw:
> 
>     gpg: signing failed: Invalid IPC response
>     gpg: signing failed: Invalid IPC response
>     error: gpg failed to sign the data
>     fatal: failed to write commit object
> 
> However, if i set GPG_TTY before trying to sign, the signature worked
> with pinentry-tty as well:
> 
>     export GPG_TTY=$(tty)
>     git commit -S"$fpr" -m 'test commit'
> 
> that worked fine.
> 
> So something is different about your setup.  Can you start by trying
> the same sequence i tried (with 2.1.15-4) and letting me know whether
> it works independent of your homedir?
> 
> 
> 
> With your own homedir where this stuff is failing, can you turn up the
> logging in gpg-agent and see what's going on there?  add the following
> lines to ~/.gnupg/gpg-agent.conf :
> 
>     debug-pinentry
>     log-file /home/YOURUSER/gpg-agent.log
>  
> and then kill off the agent so it can be restarted:
> 
>      gpg-connect-agent killagent /bye
> 
> and try to sign again.
> 
> Let me know what you find!
> 
>     --dkg