gpg-preset-passphrase: problem setting the gpg-agent options [caused by empty $DISPLAY]
gnupg at raf.org
gnupg at raf.org
Wed Dec 2 11:13:55 CET 2015
I've just started using gpg-agent and gpg-preset-passphrase to store a
Yesterday, this was working fine on two hosts.
Today, it stopped working on one of them.
The gpg-agent command looks like:
$ /usr/bin/screen -- \
> /usr/bin/sudo -u thing --set-home -- \
> /usr/bin/gpg-agent \
> --homedir /etc/thing/.gnupg \
> --write-env-file /etc/thing/run/.gpg-agent-info \
> --allow-preset-passphrase \
> --daemon -- \
> /bin/bash --login
And the gpg-preset-passphrase command looks like:
$ gpg_cache_id="`/usr/bin/gpg --homedir /etc/thing/.gnupg --fingerprint --fingerprint thing at example.com | grep 'Key fingerprint' | tail -1 | sed -e 's/^[^=]\+=//' -e 's/ //g'`"
$ my-ask-password 'Enter the GPG passphrase:' | /usr/lib/gnupg2/gpg-preset-passphrase --preset "$gpg_cache_id"
The gpg-preset-passphrase command is executed from within the .bash_login
script that is executed by bash that is run by gpg-agent in the first
So yesterday, this worked perfectly. Today, when I try it, I get:
Enter the GPG passphrase:
gpg-preset-passphrase: problem setting the gpg-agent options
gpg-preset-passphrase: caching passphrase failed: Invalid response
Is there any way to find out what the problem was? I couldn't find any
log messages with more information and adding the -v option to
gpg-preset-passphrase didn't add anything.
There's nothing wrong with the cache id. It hasn't changed since yesterday.
Hang on, I've found out what caused it:
Yesterday, I was logged into the problem host from the same LAN so I had
$DISPLAY set. Today, I'm logged in from further way and cleared $DISPLAY to
prevent slow X11 traffic.
When I turn off X11, I do it by setting DISPLAY to the empty string. That has
always worked for all other programs but it seems that gpg-preset-passphrase
is assuming that if $DISPLAY exists, then it must contain something useful
and, if not, it runs into problems. At least that's what it seems like.
If I do the following instead:
$ unset DISPLAY
Then gpg-preset-passphrase works fine.
It seems to me to be a buglet in gpg-preset-passphrase because it's the only
program I've encountered that doesn't treat an empty $DISPLAY the same as an
This also applies to:
But at least I know now what not to do to keep it working. :-)
More information about the Gnupg-users