gpg-agent and X

Klaus Ethgen klaus+gnupg at ethgen.ch
Fri Mar 5 20:17:17 CET 2021 

Hi,

Am Fr den  5. Mär 2021 um 17:05 schrieb Mark H. Wood via Gnupg-users:
> The only thing I can think of to check is:  have you selected
> pinentry-qt5 using 'eselect'?

Sure. That is all fine.
   ~> eselect pinentry list         
   Available pinentry binary implementations:
     [1]   pinentry-gnome3
     [2]   pinentry-qt5 *
     [3]   pinentry-curses

From Werner Koch, I enabled pinentry-debug, here are the results:
   2021-03-05 20:03:24 gpg-agent[27031] gpg-agent (GnuPG) 2.2.25 started
   2021-03-05 20:03:48 gpg-agent[27031] SIGHUP received - re-reading configuration and flushing cache
   2021-03-05 20:03:53 gpg-agent[27031] can't connect to the PIN entry module '/usr/bin/pinentry': End of file
   2021-03-05 20:03:53 gpg-agent[27031] failed to unprotect the secret key: No pinentry
   2021-03-05 20:03:53 gpg-agent[27031] failed to read the secret key
   2021-03-05 20:03:53 gpg-agent[27031] command 'PKDECRYPT' failed: No pinentry
   2021-03-05 20:03:53 gpg-agent[27031] no device present
   2021-03-05 20:03:53 gpg-agent[27031] can't connect to the PIN entry module '/usr/bin/pinentry': End of file
   2021-03-05 20:03:53 gpg-agent[27031] smartcard decryption failed: No pinentry
   2021-03-05 20:03:53 gpg-agent[27031] command 'PKDECRYPT' failed: No pinentry

The strange thing is, that /usr/bin/pinentry is absolutely correct:
   ~> ls -l /usr/bin/pinentry
   lrwxrwxrwx 1 root root 12 29. Jan 20:37 /usr/bin/pinentry -> pinentry-qt5
   ~> ls -lL /usr/bin/pinentry
   -rwxr-xr-x 1 root root 129504 26. Jan 18:25 /usr/bin/pinentry

The Environment looks good:
   ~> gpg-connect-agent 'getinfo std_session_env' /bye
   D GPG_TTY=/dev/pts/2
   D TERM=xterm-256color
   D DISPLAY=localhost:10.0
   OK

And when logged from .xsession:
   D DISPLAY=:0
   OK

use flags:
   ~> equery u pinentry
   [ Legend : U - final flag setting for installation]
   [        : I - package is installed with flag     ]
   [ Colors : set, unset                             ]
    * Found these USE flags for app-crypt/pinentry-1.1.0-r4:
    U I
    + + caps          : Use Linux capabilities library to control privilege
    - - emacs         : Add support for GNU Emacs
    - - gnome-keyring : Enable support for storing passwords via gnome-keyring
    + + gtk           : Add support for x11-libs/gtk+ (The GIMP Toolkit)
    + + ncurses       : Add ncurses support (console display library)
    + + qt5           : Add support for the Qt 5 application and UI framework

   ~> equery u app-crypt/gnupg
   [ Legend : U - final flag setting for installation]
   [        : I - package is installed with flag     ]
   [ Colors : set, unset                             ]
    * Found these USE flags for app-crypt/gnupg-2.2.25:
    U I
    + + bzip2             : Use the bzlib compression library
    - - doc               : Add extra documentation (API, Javadoc, etc). It is recommended to enable per package instead
			    of globally
    - - ldap              : Add LDAP support (Lightweight Directory Access Protocol)
    + + nls               : Add Native Language Support (using gettext - GNU locale utilities)
    + + readline          : Enable support for libreadline, a GNU line-editing library that almost everyone wants
    - - scd-shared-access : Allow concurrent access to scdaemon by multiple apps from same user. Useful if you want to
			    use scdaemon with gnupg and for example NitroKey. 
    + + smartcard         : Build scdaemon software. Enables usage of OpenPGP cards. For other type of smartcards, try
			    app-crypt/gnupg-pkcs11-scd. Bring in dev-libs/libusb as a dependency; enable scdaemon. 
    + + ssl               : Add support for SSL/TLS connections (Secure Socket Layer / Transport Layer Security)
    + + tofu              : Enable support for Trust on First use trust model; requires dev-db/sqlite. 
    + + tools             : Install extra tools (including gpgsplit and gpg-zip). 
    + + usb               : Build direct CCID access for scdaemon; requires dev-libs/libusb. 
    - - user-socket       : try a socket directory which is not removed by init manager at session end 

So, the conclusion is:
- Environment seems to be fine
- pinentry is correct (and working as it work when I kill and restart
  the gpg-agent in xsession)
- The error logged is strange for me, I have no idea what went wrong

Gruß
   Klaus
-- 
Klaus Ethgen                                       http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16            Klaus Ethgen <Klaus at Ethgen.ch>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 688 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210305/5a6140fb/attachment.sig>

More information about the Gnupg-users mailing list