Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 547544 - kde-base/kdebase-startkde, kde-plasma/plasma-workspace - gpg-agent shutdown fails with app-crypt/gnupg-2.1.3-r3
Summary: kde-base/kdebase-startkde, kde-plasma/plasma-workspace - gpg-agent shutdown f...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo KDE team
URL: https://www.gnupg.org/faq/whats-new-i...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-04-24 06:45 UTC by Alexander E. Patrakov
Modified: 2016-07-20 17:43 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander E. Patrakov 2015-04-24 06:45:44 UTC
KDE ships files, /etc/kde/startup/agent-startup.sh and /etc/kde/shutdown/agent-shutdown.sh, that allow the user to have gpg and ssh agents in the session. I use gpg-agent both for GPG and SSH, and thus have edited the files as follows. Basically, the defaults plus --enable-ssh-support.

In agent-startup.sh:

if [ -x /usr/bin/gpg-agent ]; then
  eval "$(/usr/bin/gpg-agent --enable-ssh-support --daemon)"
fi 

In agent-shutdown.sh:

if [ -n "${GPG_AGENT_INFO}" ]; then
  kill $(echo ${GPG_AGENT_INFO} | cut -d':' -f 2) >/dev/null 2>&1
fi

The problem is that gpg-agent from app-crypt/gnupg-2.1.3-r3 does not set ${GPG_AGENT_INFO}. The example startup scripts should be updated for compatibility. The new way to kill gpg-agent is:

gpgconf --kill gpg-agent

Unfortunately, gpgconf cannot be used to launch gpg-agent with ssh support.

Reproducible: Always

Steps to Reproduce:
1. login via kdm to KDE session
2. ssh to some host - a popup from the agent appears, good!
3. logout from the host
4. logout from KDE
5. login again
6. ssh to some host again
Actual Results:  
The running GPG agent is the one left over from the old session, $SSH_AUTH_SOCK is not set, thus no agent popup, and I am asked for the private key passphrase in the terminal.

Expected Results:  
Agent should pop up.

# emerge --info
Portage 2.2.18 (python 2.7.9-final-0, default/linux/amd64/13.0/desktop/kde/systemd, gcc-4.8.4, glibc-2.20-r2, 4.0.0-gentoo x86_64)
=================================================================
System uname: Linux-4.0.0-gentoo-x86_64-Intel-R-_Core-TM-_i3_CPU_M_370_@_2.40GHz-with-gentoo-2.2
KiB Mem:     8048804 total,   3116536 free
KiB Swap:    6291440 total,   6291424 free
Timestamp of repository gentoo: Thu, 23 Apr 2015 13:45:01 +0000
sh bash 4.3_p33-r2
ld GNU ld (Gentoo 2.25 p1.0) 2.25
app-shells/bash:          4.3_p33-r2::gentoo
dev-java/java-config:     2.2.0::gentoo
dev-lang/perl:            5.20.2::gentoo
dev-lang/python:          2.7.9-r2::gentoo, 3.4.3::gentoo
dev-util/cmake:           3.2.1::gentoo
dev-util/pkgconfig:       0.28-r2::gentoo
sys-apps/baselayout:      2.2::gentoo
sys-apps/openrc:          0.13.11::gentoo
sys-apps/sandbox:         2.6-r1::gentoo
sys-devel/autoconf:       2.13::gentoo, 2.69-r1::gentoo
sys-devel/automake:       1.11.6-r1::gentoo, 1.14.1::gentoo, 1.15::gentoo
sys-devel/binutils:       2.25::gentoo
sys-devel/gcc:            4.8.4::gentoo
sys-devel/gcc-config:     1.8::gentoo
sys-devel/libtool:        2.4.6-r1::gentoo
sys-devel/make:           4.1-r1::gentoo
sys-kernel/linux-headers: 4.0::gentoo (virtual/os-headers)
sys-libs/glibc:           2.20-r2::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: rsync
    sync-uri: rsync://mirror.yandex.ru/gentoo-portage
    priority: -1000

x11
    location: /var/lib/layman/x11
    masters: gentoo
    priority: 0

local
    location: /usr/local/portage
    masters: gentoo
    priority: 1

ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/themes/oxygen-gtk/gtk-2.0 /usr/share/themes/oxygen-gtk/gtk-3.0"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs buildpkg config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://mirror.yandex.ru/gentoo-distfiles"
LANG="ru_RU.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages/kde"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/usr/portage/packages"
USE="X a52 aac acl acpi alsa amd64 amr avahi bash-completion berkdb bluetooth bluray bzip2 cairo cdda cddb cdr cjk cli cracklib crypt cryptsetup cups cxx dbus declarative djvu dri dts dvd dvdr emboss encode exif ffmpeg firefox flac fontconfig fortran gdbm gif glamor gphoto2 gsm gtk gtk3 iconv icu idn introspection ipv6 jack jbig jpeg jpeg2k kde kipi lcms ldap libnotify lzma mad matroska mmx mmxext mng modemmanager modules mp3 mp4 mpeg multilib musepack ncurses networkmanager nls nptl ogg opengl openmp pam pango pcre pdf phonon plasma png policykit postscript ppds pulseaudio qt3support qt4 readline samba scanner sdl session speex spell sse sse2 sse3 ssl ssse3 startup-notification svg systemd tcpd theora tiff truetype udev udisks unicode upnp upower usb v4l v4l2 vaapi vdpau vim-syntax vorbis vp8 wavpack webkit webm webp wxwidgets x264 xattr xcb xcomposite xface xinerama xml xscreensaver xv xvid zlib" ABI_X86="64 32" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" DRACUT_MODULES="lvm mdraid crypt plymouth systemd btrfs" DVB_CARDS="tda10046lifeview" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_4" RUBY_TARGETS="ruby21 ruby22" USERLAND="GNU" VIDEO_CARDS="intel nouveau radeon" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
USE_PYTHON="2.7 3.4"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-10-10 14:48:53 UTC
(In reply to Alexander E. Patrakov from comment #0)

> 
> Unfortunately, gpgconf cannot be used to launch gpg-agent with ssh support.
> 

This isn't entirely true, if "enable-ssh-support" is set in gpg-agent.conf it will launch with ssh support, and as 2.1 always use standard sockets as a reference the SSH_AUTH_SOCK stays constant (SSH_AUTH_SOCK=${HOME}/.gnupg/S.gpg-agent.ssh by default, or any other --homedir used).

2.1 will auto-launch gpg-agent when needed for its internal operations, this is what is not directly supported for ssh (it needs to have a running agent), which a gpgconf --launch gpg-agent does.
Comment 2 Alex Brandt (RETIRED) gentoo-dev 2016-06-18 15:16:53 UTC
I can confirm that gpgconf --launch gpg-agent with appropriate setting of the SSH_AUTH_SOCK environment variable does work as intended from the plasma or kde startup file.

My current setup:

startup:

if [ -x /usr/bin/gpgconf ]; then
  gpgconf --launch gpg-agent
  export SSH_AUTH_SOCK=/run/user/$UID/gnupg/S.gpg-agent.ssh
fi

shutdown is currently empty but could easily do gpgconf --kill gpg-agent.

This does work as expected.
Comment 3 Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-06-18 15:23:48 UTC
(In reply to Alex Brandt from comment #2)
> I can confirm that gpgconf --launch gpg-agent with appropriate setting of
> the SSH_AUTH_SOCK environment variable does work as intended from the plasma
> or kde startup file.
> 
> My current setup:
> 
> startup:
> 
> if [ -x /usr/bin/gpgconf ]; then
>   gpgconf --launch gpg-agent
>   export SSH_AUTH_SOCK=/run/user/$UID/gnupg/S.gpg-agent.ssh
> fi
> 


Just beware that this socket location changed in 2.1.13, for 2.1 branch earlier than that uses the location mentioned in my earlier comment. For versions of gnupg 2.0 it depends on whether gpg-agent is launched with use standard socket or not, but there the appropriate auth socket is reported back with the gpg-agent --daemon) . the test for gpgconf isn't sufficient to distinguish between these versions as it is also provided with gnupg 2.0.
Comment 4 Michael Palimaka (kensington) gentoo-dev 2016-06-18 18:47:11 UTC
I've pushed a fix for this to the overlay for testing (thanks Kristian), to hit the main tree with Plasma 5.7.0.

Since Plasma 4 is EOL the change probably will not be backported there however.

https://gitweb.gentoo.org/proj/kde.git/commit/?id=ca6c861f8f54ccb7521ec91da98f73bab1f91e8a
Comment 5 Michael Palimaka (kensington) gentoo-dev 2016-07-20 17:43:50 UTC
5.7 is in the tree now with the fix.