[pkg-gnupg-maint] Bug#919856: Bug#919856: gpg-agent: agent refuses operation again

NIIBE Yutaka gniibe at fsij.org
Thu Jan 24 02:44:48 GMT 2019 

Hello,

This is a report of my case.  Sorry, it doesn't have a solution for you
(yet).  I hope you can find some information to try.


I usually invoke gpg-agent manually (because I use my own development
version).  This time, I enable systemd socket activation. 

I did test with installed gnupg together with systemd, so that
/usr/bin/gpg-agent is invoked with --supervised option.

In my case (xfce4 desktop), the first invocation of ssh in terminal on
the desktop (which lets start gpg-agent), pinentry-gnome3 and
pinentry-gtk-2 work fine, while pinentry-qt doesn't.

Perhaps, I need to open another bug report for my use case.  I found
that Qt5 doesn't support application having -display option any more.
This is the cause of my own problem.  I think Qt5 application requires
DISPLAY environment variable (instead of command line option).


What I did is following.

To debug pinentry session, I added this line in my .gnupg/gpg-agent.conf:
==========================
pinentry-program /home/gniibe/tmp/mypinentry
==========================


I installed socat by 'apt install socat'.

Using socat, I create /home/gniibe/tmp/mypinentry, having +x:
==========================
#! /bin/sh

PINENTRY_ARGS=$(echo $@ | sed -e 's/:/\\:/g')

ENV_LOG=/run/user/1000/pinentry-env.txt
date > $ENV_LOG
ls -l /etc/alternatives/pinentry >> $ENV_LOG
/bin/echo -e "$PINENTRY_ARGS" >> $ENV_LOG
env >> $ENV_LOG

exec socat -v STDIO "SYSTEM:/usr/bin/pinentry $PINENTRY_ARGS" 2> /run/user/1000/pinentry-log.txt
==========================

In the file of /run/user/1000/pinentry-env.txt, we can see the
environment variables of pinentry process.

In the file of /run/user/1000/pinentry-log.txt, we can observe the
session of gpg-agent <-> pinentry.  I tweak (escape for ':') the
argument of pinentry, so that it can be in the expression of socat.

Please be aware that this is for debugging.  The session log
may include your passphrase in clear text.


I confirmed that there is no DISPLAY in the environment variables (when
--supervised option).  The pinentry process is invokde with --display
option (when gpg-agent has DISPLAY setting). 
--

More information about the pkg-gnupg-maint mailing list