[pkg-gnupg-maint] Bug#934237: Bug#934237: yubikey communication fails on startup

Antoine Beaupré anarcat at debian.org
Fri Aug 9 04:17:00 BST 2019 

Control: found -1 2.2.12-1

On 2019-08-08 22:49:08, Antoine Beaupré wrote:
> I'll try again without the startup scripts next.

I can confirm that the problem still occurs with the GPG version in
Debian buster (2.2.12-1), when my startup scripts talk with SSH
prematurely.

Those scripts don't even *need* the SSH key on the Yubikey, mind
you. They just start looking around and find a key with a handle and try
to offer it. The interesting thing is there's an on-disk key that works
for that SSH connexion: it's its entire purpose. While the Yubikey can
*also* authenticate to that server, I don't actually *use* that key to
connect anyways.

So if I could rephrase that bug, I'd say that gpg-agent is
"sticky". Whenever it gets called first is what determines the TTY. If
that TTY is messed up (because it gets called too early in the session),
it's forever doomed and needs to restart or be retold where it is:

    gpg-connect-agent UPDATESTARTUPTTY /bye

This seems sub-optimal. It's also quite strange it affects only
authentication and not signing: it might be something specific to
gpg-agent's SSH support.

I would argue that GPG's concept of a TTY is somewhat broken. I've
encountered this before, as I said earlier, in #719908, and I'm still
unconvinced at the way things are handled. But I'm not skilled enough in
all those interactions to tell what would be the correct way.

All I know is weird stuff happens like this all the time, and I often
end up restarting those daemons and things kind of work. But "kind of
works" isn't great: I'd love if GnuPG "just worked" all the time. :)

Thanks for the excellent feedback, and I hope the details I've provided
are useful. I have found the problem on my side, so from my point of
view the problem is "solved" in its immediacy, so feel free to close
this bug. But if you think (like me) the underlying problem should be
solved, I'd be happy to assist you with further testing.

Thanks!

A.

-- 
Government is the Entertainment division of the military-industrial
complex.
                        - Frank Zappa

More information about the pkg-gnupg-maint mailing list