[pkg-gnupg-maint] Bug#913614: Bug#913614: gnupg2 fails with "cannot open '/dev/tty': No such device or address"

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Nov 14 09:13:22 GMT 2018 

Control: tags 913614 + confirmed
Control: fixed 913614 2.2.2

On Mon 2018-11-12 17:03:59 -0800, Joseph Ferguson wrote:
> # apt install gnupg2 (2.1.18-8~deb9u3)
> $ gpg --verbose --keyserver hkp://keyserver.ubuntu.com:80 \
>   --keyserver-options timeout=5 --recv-keys \
>   ABAF11C65A2970B130ABE3C479BE3E4300411886
>
> Error text:
> gpg: cannot open '/dev/tty': No such device or address

I can confirm that this is the case.  Sigh, this is pretty problematic,
and i'm sorry that i didn't catch it during the extensive testing that i
did for this stretch upgrade.

The bug appears to be due to the fix for https://bugs.debian.org/906545
-- where we applied cleaning to keys being imported.

That testing didn't try out all the variants *without* having access to
a tty.

To replicate the problem, i used setsid to avoid tty allocation.  I took
the keyservers out of the loop by creating the file "linus.key"
(attached).  And I installed the gnupg-dbgsym and gdb packages.

Then I wrote a simple file "gpg.gdb" which contains:

-----
break init_ttyfp
run --import linus.key
backtrace
-----

and then ran it with:

    setsid -w gdb -x gpg.gdb /usr/bin/gpg

which produces this spew from gdb:

Breakpoint 1 at 0xad6c0: file ../../common/ttyio.c, line 159.
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]

Breakpoint 1, init_ttyfp () at ../../common/ttyio.c:159
159	../../common/ttyio.c: No such file or directory.
#0  init_ttyfp () at ../../common/ttyio.c:159
#1  0x000055555560189a in tty_printf (fmt=fmt at entry=0x55555560d6e1 "uid  ")
    at ../../common/ttyio.c:237
#2  0x000055555557280d in check_all_keysigs (kb=<optimized out>, 
    only_selected=only_selected at entry=0, only_selfsigs=only_selfsigs at entry=0)
    at ../../g10/keyedit.c:782
#3  0x00005555555b7391 in import_one (ctrl=ctrl at entry=0x555555853770, 
    keyblock=<optimized out>, keyblock at entry=0x555555857d20, 
    stats=stats at entry=0x555555853860, fpr=fpr at entry=0x0, 
    fpr_len=fpr_len at entry=0x0, options=options at entry=2048, from_sk=0, 
    silent=0, screener=0x0, screener_arg=0x0) at ../../g10/import.c:1478
#4  0x00005555555b96be in import (ctrl=ctrl at entry=0x555555853770, 
    inp=inp at entry=0x5555558538f0, 
    fname=fname at entry=0x7fffffffe868 "linus.key", 
    stats=stats at entry=0x555555853860, fpr=fpr at entry=0x0, 
    fpr_len=fpr_len at entry=0x0, options=2048, screener=0x0, screener_arg=0x0)
    at ../../g10/import.c:574
#5  0x00005555555ba4eb in import_keys_internal (ctrl=0x555555853770, 
    inp=inp at entry=0x0, fnames=0x7fffffffe648, nnames=1, stats_handle=0x0, 
    fpr=fpr at entry=0x0, fpr_len=0x0, options=2048, screener=0x0, 
    screener_arg=0x0) at ../../g10/import.c:468
#6  0x00005555555ba65e in import_keys (ctrl=<optimized out>, 
    fnames=<optimized out>, nnames=<optimized out>, 
    stats_handle=<optimized out>, options=<optimized out>)
    at ../../g10/import.c:505
#7  0x0000555555568bd2 in main (argc=<optimized out>, argv=<optimized out>)
    at ../../g10/gpg.c:4450
(gdb) 

This appears to have been fixed upstream with commits like
84af859e391a757877c9a1d78e35face983e6d23 (attached here), which was
included upstream in 2.2.2.  It is not trivially backportable, because
of major code refactoring between 2.1.18 and 2.2.1.

I can manually backport this fix, but i don't have a good test suite
that exercises GnuPG all of GnuPG's interface without having a tty. :(

I can add a simple test that executes this same exact chain during build
time to ensure that it doesn't get broken again, but i'd really prefer a
more rigorous upstream teest suite.

I welcome other suggestions, too, as it may take me a day or two to sort
out this test and the backport.

Sorry again that this slipped through.

    --dkg

PS i do encourage everyone who is automating the use of gpg to use
--batch everywhere, as this forces GnuPG into a mode that is expected to
be used for automation (its "API", for lack of a better term, as opposed
to its "UI", which is its normal non-batch mode).  And, FWIW, i agree
with Tianon that GnuPG should simply assume --batch if no tty exists,
but that's not the kind of change i can fit into debian stable, i think.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-gpg-Avoid-superfluous-sig-check-info-during-import.patch
Type: text/x-diff
Size: 8062 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20181114/ea5a8c8b/attachment-0001.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linus.key
Type: application/pgp-keys
Size: 115284 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20181114/ea5a8c8b/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20181114/ea5a8c8b/attachment-0001.sig>

More information about the pkg-gnupg-maint mailing list