gpg-preset-passphrase: problem setting the gpg-agent options [caused by empty $DISPLAY]

gnupg at raf.org gnupg at raf.org
Wed Dec 2 11:13:55 CET 2015 

Hi,

ubuntu-14.04.3 LTS
gnupg-1.4.16-1ubuntu2.3
gnupg2-2.0.22-3ubuntu1.3
gnupg-agent-2.0.22-3ubuntu1.3

I've just started using gpg-agent and gpg-preset-passphrase to store a
passphrase briefly.

Yesterday, this was working fine on two hosts.
Today, it stopped working on one of them.

The gpg-agent command looks like:

  $ /usr/bin/screen -- \
  > /usr/bin/sudo -u thing --set-home -- \
  > /usr/bin/gpg-agent \
  >     --homedir /etc/thing/.gnupg \
  >     --write-env-file /etc/thing/run/.gpg-agent-info \
  >     --allow-preset-passphrase \
  >     --daemon -- \
  > /bin/bash --login

And the gpg-preset-passphrase command looks like:

  $ gpg_cache_id="`/usr/bin/gpg --homedir /etc/thing/.gnupg --fingerprint --fingerprint thing at example.com | grep 'Key fingerprint' | tail -1 | sed -e 's/^[^=]\+=//' -e 's/ //g'`"
  $ my-ask-password 'Enter the GPG passphrase:' | /usr/lib/gnupg2/gpg-preset-passphrase --preset "$gpg_cache_id"
  
The gpg-preset-passphrase command is executed from within the .bash_login
script that is executed by bash that is run by gpg-agent in the first
command above.

So yesterday, this worked perfectly. Today, when I try it, I get:

  Enter the GPG passphrase:
  gpg-preset-passphrase: problem setting the gpg-agent options
  gpg-preset-passphrase: caching passphrase failed: Invalid response

Is there any way to find out what the problem was? I couldn't find any
log messages with more information and adding the -v option to
gpg-preset-passphrase didn't add anything.

There's nothing wrong with the cache id. It hasn't changed since yesterday.

Hang on, I've found out what caused it:

  $ DISPLAY=

Yesterday, I was logged into the problem host from the same LAN so I had
$DISPLAY set. Today, I'm logged in from further way and cleared $DISPLAY to
prevent slow X11 traffic.

When I turn off X11, I do it by setting DISPLAY to the empty string. That has
always worked for all other programs but it seems that gpg-preset-passphrase
is assuming that if $DISPLAY exists, then it must contain something useful
and, if not, it runs into problems. At least that's what it seems like.

If I do the following instead:

  $ unset DISPLAY

Then gpg-preset-passphrase works fine.

It seems to me to be a buglet in gpg-preset-passphrase because it's the only
program I've encountered that doesn't treat an empty $DISPLAY the same as an
absent $DISPLAY.

This also applies to:

debian-8
gnupg-1.4.18-7
gnupg2-2.0.26-6
gnupg-agent-2.0.26-6

But at least I know now what not to do to keep it working. :-)

cheers,
raf

More information about the Gnupg-users mailing list