Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 610586 - sys-kernel/dracut-044-r2 - include /usr/bin/gpg-agent and /usr/bin/pinentry* into the image
Summary: sys-kernel/dracut-044-r2 - include /usr/bin/gpg-agent and /usr/bin/pinentry* ...
Status: RESOLVED UPSTREAM
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Patrick McLean
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-02-22 18:19 UTC by Martin Mokrejš
Modified: 2023-09-08 09:23 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
gpg.debug.log (gpg.debug.log,47.75 KB, text/plain)
2017-02-22 19:11 UTC, Martin Mokrejš 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Mokrejš 2017-02-22 18:19:28 UTC 
I cannot get LUKS installation running with gpg-encrypted key because gpg2 requires gpg-agent which in turn requires pinentry-* binaries.

When I get into LUKS shell I see in verbatim that gpg is looking for /usr/bin/gpg-agent and giving "No such file or directory".

The manual page for gpg is outdated and I even tried 'gpg --no-use-agent' to later learn that 'is an obsolette option - it has no effect'.

Including just gpg-agent is not enough becuase then you get 'gpg: problem with the agent: No pinentry'

This may be considered related to bug #583748 .
Comment 1 Martin Mokrejš 2017-02-22 18:49:30 UTC 
And another outdated part of the gpg manpage:

       --agent-program file
              Specify an agent program to be used for secret key operations.  The default value is determined by running gpgconf with the option --list-dirs.  Note that the pipe symbol (|) is used for a regression test suite hack and may thus not be used in the file name.


If you use it like 'gpg --decrypt file.gpg --agent-program /usr/bin/pinentry-tty'  you get:

gpg: Note: '--agent-program' is not considered an option



Stupid commandline parsing, this somewhat works:

'gpg --agent-program /usr/bin/pinentry-tty --pinentry-mode ask --decrypt file.gpg'

but gives anyway the same error:

'gpg: problem with the agent: No pinentry'


I will attach strace output.
Comment 2 Martin Mokrejš 2017-02-22 19:11:14 UTC 
Created attachment 464746 [details]
gpg.debug.log

The strace leads me to 

open("/dev/tty", O_RDWR)
               = -1 ENXIO (No such device or address)

https://lists.gnupg.org/pipermail/gnupg-users/2003-July/019171.html

 
Looks gpg2 ignores my GPG_TTY contents, no matter if I put in /dev/tty1 it still accesses /dev/tty. Puzzlingly enough the file exists while being in the emergency shell of ramdisk image.

Also to note, this is in the debug strace log:


read(4, "ERR 67108949 No pinentry <GPG Agent>\n", 1002)                                                                                                                                                                                                         = 37
write(2, "gpg: problem with the agent: No pinentry", 40gpg: problem with the agent: No pinentry)                                                                                                                                                                                                        = 40
write(2, "\n", 1
)                                                                                                                                                      


Again quoting from manpage:

       GPG_AGENT_INFO
              This variable is obsolete; it was used by GnuPG versions before 2.1.


Anybody knows how to use the following variable?

       PINENTRY_USER_DATA
              This value is passed via gpg-agent to pinentry.  It is useful to convey extra information to a custom pinentry.
Comment 3 Mike Gilbert gentoo-dev 2017-07-02 23:28:09 UTC 
I suggest reporting the issue upstream.