[pkg-gnupg-maint] Bug#836772: Bug#836772: gnupg: unable to sign anyone's keys

Ramakrishnan Muthukrishnan rkrishnan at debian.org
Tue Sep 6 22:03:19 UTC 2016 

Hi Dan--

Just a quick note, please see below for the context.

On Wed, Sep 7, 2016, at 03:20 AM, Ramakrishnan Muthukrishnan wrote:
> 
 > On Wed, Sep 7, 2016, at 02:07 AM, Daniel Kahn Gillmor wrote:
> > 
> > On Tue 2016-09-06 05:12:07 -0400, Ramakrishnan Muthukrishnan wrote:
> > > On Tue, Sep 6, 2016, at 12:47 PM, Daniel Kahn Gillmor wrote:
> > >> If it still fails, what happens when you expand the permissions on your
> > >> terminal before doing an su ?  For example, if your Keyring Account is
> > >> named "keyring-account" and you have the acl package installed, you
> > >> might try a wrapper like this:
> > >> 
> > >>     #!/bin/sh
> > >>     setfacl -m u:keyring-account:rw $(tty)
> > >>     su - keyring-account
> > >>     setfacl -x u:keyring-account $(tty)
> > >
> > > Ok, I tried that. The first setfacl command is returning an error: 
> > >
> > >   "setfacl: /dev/pts/1: Operation not supported"
> > >
> > > After logging in, it had the same behaviour as before, failing with
> > > Permission denied message. I am guessing the setfacl failed and hence it
> > > didn't have any effect.
> > 
> > hm, right, it looks like devpts doesn't support acls:
> > 
> >   https://serverfault.com/questions/398659/acl-on-dev-pts/398683
> >   https://lwn.net/Articles/121773/
> > 
> > That's a shame.  what about changing the group membership of the tty
> > before triggering the su - ?
> > 
> >     chgrp $(getent passwd keyring-user | cut -f4 -d:) $(tty)
> 
> Hmm. That command errored out with a "permission denied". But the second
> one succeeded.  
> 
> >     chmod g+rw $(tty)
> 
> As 'root', I added the keyring-user into the group 'tty' and then the
> signing worked just fine.

I was undoing the above steps and found that the command that had an
effect on getting the signing to work is this one:

chmod g+rw $(tty)

This is how it looked before executing the above command from the Main
account.

$ ls -l /dev/pts
total 0
crw--w---- 1 ram  tty  136, 0 Sep  7 02:56 0
c--------- 1 root root   5, 2 Sep  7 01:23 ptmx

So, the "r" bit was added for the group bits for /dev/pts/0. If I remove
this again with 'chmod g-r $(tty)', then I get the same old error
messages and the popup prompt for entering the passphrase does not
happen.

Cheers
--
  Ramakrishnan

More information about the pkg-gnupg-maint mailing list