[pkg-gnupg-maint] Bug#951025: gnupg: GPG tries to get passphrase from wrong place

Matthew Wakeling matthew at wakeling.homeip.net
Sun Feb 9 23:27:39 GMT 2020 

Package: gnupg
Version: 2.1.18-8~deb9u4
Severity: grave
Justification: renders package unusable

Dear Maintainer,

I am logged into an XFCE session on my desktop computer, and that session is locked. I am now working on my laptop, which is at a remote location from my desktop computer, and I am logged into my desktop computer using ssh, without X forwarding.

When I try to unlock a private key using GPG on the ssh session, it contacts the gpg-agent program, which pops up a requester window for my passphrase on my desktop XFCE session. However, I am not at that computer, so I cannot provide it with a passphrase.

This makes it impossible for me to unlock the private key, without travelling to my desktop computer.

This has only become a problem since I upgraded my desktop computer from jessie to stretch, and therefore from gnupg1 to gnupg2.

The problem is that passphrase prompts now are centrally controlled, which fundamentally breaks the way that computers are used - you log in from various different places. The passphrase prompt must go to the session that caused the passphrase to be needed. Any other action is completely insane.

I note that it is not even possible to give gnupg2 an option to tell it not to use an agent.

I am justifying the severity marking of this bug report, because it does prevent gnupg working correctly in the majority of its use cases. If there is a nice simple on/off switch that makes it behave sanely that I have missed, then please downgrade the severity and document it.


-- System Information:
Debian Release: 9.12
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-0.bpo.6-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnupg depends on:
ii  gnupg-agent    2.1.18-8~deb9u4
ii  libassuan0     2.4.3-2
ii  libbz2-1.0     1.0.6-8.1
ii  libc6          2.24-11+deb9u4
ii  libgcrypt20    1.7.6-2+deb9u3
ii  libgpg-error0  1.26-2
ii  libksba8       1.3.5-2
ii  libreadline7   7.0-3
ii  libsqlite3-0   3.16.2-5+deb9u1
ii  zlib1g         1:1.2.8.dfsg-5

Versions of packages gnupg recommends:
ii  dirmngr     2.1.18-8~deb9u4
ii  gnupg-l10n  2.1.18-8~deb9u4

Versions of packages gnupg suggests:
pn  parcimonie  <none>
pn  xloadimage  <none>

-- no debconf information

More information about the pkg-gnupg-maint mailing list