gpg-agent and rpm --addsign

Brian Long brilong at cisco.com
Mon Jan 12 09:57:48 CET 2004 

Werner,

Thanks for your response.  I've tried following other threads in this
mailing list to no avail.  I have an init script start gpg-agent
--daemon as root and save the .gpg-agent-info to /root.  I then want
root cron jobs to set GPG_AGENT_INFO per this file and talk to the
agent.  It has not been successful.

A portion of my init script:
    eval `gpg-agent -v -v -v -v -v --daemon --log-file
/var/log/gpg-agent 2>/dev/null`
    if [ -n "$GPG_AGENT_INFO" ]; then
        echo "$GPG_AGENT_INFO" > /root/.gpg-agent-info
        RETVAL=0
    else
        echo "Unable to set \$GPG_AGENT_INFO."
        RETVAL=1
    fi

When I run a simple gpg --clearsign on a file, it complains it cannot
talk to the agent (and the /var/log/gpg-agent sees the connection).

[root at oxiclean root]# gpg --use-agent --gpg-agent-info
/tmp/gpg-QI764C/S.gpg-agent:26216:1 --homedir /path/to/.gnupg
--clearsign /tmp/blah
 
You need a passphrase to unlock the secret key for
user: "<MY USER>"
1024-bit DSA key, ID 665B9872, created 2003-12-08
 
gpg: cancelled by user
gpg: no default secret key: bad passphrase
gpg: /tmp/blah: clearsign failed: bad passphrase

gpg-agent log:
-------------
2004-01-12 06:45:21 gpg-agent[26216] handler for fd 2 started
2004-01-12 06:45:21 gpg-agent[26216] starting a new PIN Entry
2004-01-12 06:45:21 gpg-agent[26216] command get_passphrase failed:
canceled
2004-01-12 06:45:21 gpg-agent[26216] handler for fd 2 terminated
2004-01-12 06:45:21 gpg-agent[26216] handler for fd 2 started
2004-01-12 06:45:21 gpg-agent[26216] handler for fd 2 terminated

The above is using pinentry-curses.  When I try pinentry-gtk (with
DISPLAY=""), I get the following in gpg:
gpg: problem with the agent - disabling agent use

And gpg-agent log:
2004-01-12 06:48:13 gpg-agent[26216] handler for fd 2 started
2004-01-12 06:48:13 gpg-agent[26216] handler for fd 2 terminated

When I go back to pinentry-curses and set GPG_TTY properly, it works the
same as pinentry-gtk (worse).

I'm running pinentry-0.6.8-0.fdr.1.rh73 from the
http://kde-redhat.sf.net project.

Thanks for any additional thoughts on how I can get this working.

/Brian/


On Sun, 2004-01-11 at 08:49, Werner Koch wrote:
> On Fri, 09 Jan 2004 12:58:01 -0500, Brian Long said:
> 
> > If I start gpg-agent --daemon and save that info to .gpg-agent-info, I
> > want to read that file in a cron job and use the gpg-agent to sign an
> > auto-created RPM.
> 
> You need to make sure that the environment variable GPG_AGENT_INFO is
> set correctly or its contents passed via the option --gpg-agent-info.
> gpg does not know about a .gpg-agent-info file.
-- 
       Brian Long                      |         |           |
       Americas IT Hosting Sys Admin   |       .|||.       .|||.
       Cisco Linux Developer           |   ..:|||||||:...:|||||||:..
       Phone: (919) 392-7363           |   C i s c o   S y s t e m s

More information about the Gnupg-users mailing list