[pkg-gnupg-maint] Bug#878936: gpg: Inaccessible keys (?) after upgrade

Frank Brokken f.b.brokken at rug.nl
Tue Oct 17 19:20:38 UTC 2017 

Package: gpg
Version: 2.2.1-2
Severity: important

Dear Maintainer,

   * What led up to the situation?

This morning I performed aptitude update followed by aptitude upgrade.
/var/log/apt/history.log shows that various gpg programs were upgraded: 
gpg-wks-client:amd64 (2.2.1-1, 2.2.1-2), gpg-wks-server:amd64 (2.2.1-1,
2.2.1-2), gpg:amd64 (2.2.1-1, 2.2.1-2), gpgv:amd64 (2.2.1-1, 2.2.1-2),
gpg-agent:amd64 (2.2.1-1, 2.2.1-2), gpgconf:amd64 (2.2.1-1, 2.2.1-2).
gnupg-utils:amd64 (2.2.1-1, 2.2.1-2), gnupg-agent:amd64 (2.2.1-1, 2.2.1-2),
gnupg-l10n:amd64 (2.2.1-1, 2.2.1-2), gnupg2:amd64 (2.2.1-1, 2.2.1-2).

   * What was the outcome of this action?

Gpg could no longer be used. Either from the command line or when called from 
the mutt e-mail client.

When trying to decrypt an encrypted file gpg reports:

    gpg: public key decryption failed: Inappropriate ioctl for device
    gpg: decryption failed: No secret key

After issuing 

    gpgconf --kill gpg-agent


gpg reports:

    gpg: public key decryption failed: No pinentry
    gpg: decryption failed: No secret key


My gpg-agent.conf file contains these lines:

    default-cache-ttl 1200
    pinentry-program /usr/bin/pinentry

The final lines in gpg.conf are:

    use-agent    


/usr/bin/pinentry is: 

    /usr/bin/pinentry -> /etc/alternatives/pinentry

The latter links to:

    /etc/alternatives/pinentry -> /usr/bin/pinentry-qt

And /usr/bin/pinentry-curses as well as /usr/bin/pinentry-qt exist. 

I found the suggestion to add the line 

    pinentry-mode loopback

to gpg.conf, and

    allow-loopback-pinentry 

to gpg-agent.conf. Although that results in a workable gpg, called from a
terminal, gpg can only be called from the mutt e-mail client for the duration
of the secret key's passphrase cache. Previously (before today's upgrade)
these problems were not encountered.

If you need any further information, please let me know.


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.12.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gpg depends on:
ii  gpgconf        2.2.1-2
ii  libassuan0     2.4.3-3
ii  libbz2-1.0     1.0.6-8.1
ii  libc6          2.24-17
ii  libgcrypt20    1.7.9-1
ii  libgpg-error0  1.27-3
ii  libreadline7   7.0-3
ii  libsqlite3-0   3.20.1-1
ii  zlib1g         1:1.2.8.dfsg-5

Versions of packages gpg recommends:
ii  gnupg  2.2.1-2

gpg suggests no packages.

-- no debconf information

More information about the pkg-gnupg-maint mailing list