Constantly restarting gpg-agent

Wed Aug 28 12:38:42 CEST 2019

On 26/08/2019 01:26, Farhan Khan via Gnupg-users wrote:
> I use gnupg to sign my git commits, but after a few hours of use I
> have to restart gpg-agent. Before doing so, what I presume is
> gpg-agent asks me to re-enter my password on a random terminal (but it
> seems to drop characters and never works).

Ah yes, when I use the agent for SSH authentication and it picks the
wrong terminal, if on that terminal bash is active, they seem to race
for stdin. Some of the characters typed go to the pinentry, and some go
to bash. The characters for bash are echoed to the screen. It's a great
way to get part of your passphrase in .bash_history! :-D

But for gpg, this should not happen. gpg will pass the terminal and/or
the X display to the agent, which enables the agent to prompt on the
correct terminal.

You could try debugging the agent. If I add the following to my
.gnupg/gpg-agent.conf:

--8<---------------cut here---------------start------------->8---
debug ipc
log-file agent.log
--8<---------------cut here---------------end--------------->8---

and then issue "gpgconf --kill gpg-agent", the agent that will be
subsequently started will log inter-process communication to the file
agent.log in my homedir ($HOME, not $GNUPGHOME). There I can see a git
commit signing passing the needed information:

--8<---------------cut here---------------start------------->8---
2019-08-28 12:17:46 gpg-agent[21792] DBG: chan_9 <- OPTION ttytype=screen.xterm-256color
2019-08-28 12:17:46 gpg-agent[21792] DBG: chan_9 -> OK
2019-08-28 12:17:46 gpg-agent[21792] DBG: chan_9 <- OPTION display=:0.0
2019-08-28 12:17:46 gpg-agent[21792] DBG: chan_9 -> OK
2019-08-28 12:17:46 gpg-agent[21792] DBG: chan_9 <- OPTION xauthority=/home/peter/.Xauthority
2019-08-28 12:17:46 gpg-agent[21792] DBG: chan_9 -> OK
2019-08-28 12:17:46 gpg-agent[21792] DBG: chan_9 <- OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
2019-08-28 12:17:46 gpg-agent[21792] DBG: chan_9 -> OK
--8<---------------cut here---------------end--------------->8---

Is it perhaps possible that you run something which unsets environment
variables crucial to passing the TTY information to the agent? Have
a look at the debug log the moment you encounter the issue again, and
compare the conversation with an earlier one that did work.

> As a result, the git commit fails. I have to kill
> gpg-agent and restart it as "gpg-agent --daemon", which then works.

Killing the agent is fine. You shouldn't need to restart it; it is
autostarted and in fact it might interfere with the proper functioning
if you explicitly start it but with different options set than the
autostart would do.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190828/1c67df38/attachment-0001.sig>