gpg-preset-passphrase: problem setting the gpg-agent options [caused by empty $DISPLAY]

gnupg at gnupg at
Wed Dec 2 11:13:55 CET 2015


ubuntu-14.04.3 LTS

I've just started using gpg-agent and gpg-preset-passphrase to store a
passphrase briefly.

Yesterday, this was working fine on two hosts.
Today, it stopped working on one of them.

The gpg-agent command looks like:

  $ /usr/bin/screen -- \
  > /usr/bin/sudo -u thing --set-home -- \
  > /usr/bin/gpg-agent \
  >     --homedir /etc/thing/.gnupg \
  >     --write-env-file /etc/thing/run/.gpg-agent-info \
  >     --allow-preset-passphrase \
  >     --daemon -- \
  > /bin/bash --login

And the gpg-preset-passphrase command looks like:

  $ gpg_cache_id="`/usr/bin/gpg --homedir /etc/thing/.gnupg --fingerprint --fingerprint thing at | grep 'Key fingerprint' | tail -1 | sed -e 's/^[^=]\+=//' -e 's/ //g'`"
  $ my-ask-password 'Enter the GPG passphrase:' | /usr/lib/gnupg2/gpg-preset-passphrase --preset "$gpg_cache_id"
The gpg-preset-passphrase command is executed from within the .bash_login
script that is executed by bash that is run by gpg-agent in the first
command above.

So yesterday, this worked perfectly. Today, when I try it, I get:

  Enter the GPG passphrase:
  gpg-preset-passphrase: problem setting the gpg-agent options
  gpg-preset-passphrase: caching passphrase failed: Invalid response

Is there any way to find out what the problem was? I couldn't find any
log messages with more information and adding the -v option to
gpg-preset-passphrase didn't add anything.

There's nothing wrong with the cache id. It hasn't changed since yesterday.

Hang on, I've found out what caused it:


Yesterday, I was logged into the problem host from the same LAN so I had
$DISPLAY set. Today, I'm logged in from further way and cleared $DISPLAY to
prevent slow X11 traffic.

When I turn off X11, I do it by setting DISPLAY to the empty string. That has
always worked for all other programs but it seems that gpg-preset-passphrase
is assuming that if $DISPLAY exists, then it must contain something useful
and, if not, it runs into problems. At least that's what it seems like.

If I do the following instead:

  $ unset DISPLAY

Then gpg-preset-passphrase works fine.

It seems to me to be a buglet in gpg-preset-passphrase because it's the only
program I've encountered that doesn't treat an empty $DISPLAY the same as an
absent $DISPLAY.

This also applies to:


But at least I know now what not to do to keep it working. :-)


More information about the Gnupg-users mailing list