I cannot get LUKS installation running with gpg-encrypted key because gpg2 requires gpg-agent which in turn requires pinentry-* binaries. When I get into LUKS shell I see in verbatim that gpg is looking for /usr/bin/gpg-agent and giving "No such file or directory". The manual page for gpg is outdated and I even tried 'gpg --no-use-agent' to later learn that 'is an obsolette option - it has no effect'. Including just gpg-agent is not enough becuase then you get 'gpg: problem with the agent: No pinentry' This may be considered related to bug #583748 .
And another outdated part of the gpg manpage: --agent-program file Specify an agent program to be used for secret key operations. The default value is determined by running gpgconf with the option --list-dirs. Note that the pipe symbol (|) is used for a regression test suite hack and may thus not be used in the file name. If you use it like 'gpg --decrypt file.gpg --agent-program /usr/bin/pinentry-tty' you get: gpg: Note: '--agent-program' is not considered an option Stupid commandline parsing, this somewhat works: 'gpg --agent-program /usr/bin/pinentry-tty --pinentry-mode ask --decrypt file.gpg' but gives anyway the same error: 'gpg: problem with the agent: No pinentry' I will attach strace output.
Created attachment 464746 [details] gpg.debug.log The strace leads me to open("/dev/tty", O_RDWR) = -1 ENXIO (No such device or address) https://lists.gnupg.org/pipermail/gnupg-users/2003-July/019171.html Looks gpg2 ignores my GPG_TTY contents, no matter if I put in /dev/tty1 it still accesses /dev/tty. Puzzlingly enough the file exists while being in the emergency shell of ramdisk image. Also to note, this is in the debug strace log: read(4, "ERR 67108949 No pinentry <GPG Agent>\n", 1002) = 37 write(2, "gpg: problem with the agent: No pinentry", 40gpg: problem with the agent: No pinentry) = 40 write(2, "\n", 1 ) Again quoting from manpage: GPG_AGENT_INFO This variable is obsolete; it was used by GnuPG versions before 2.1. Anybody knows how to use the following variable? PINENTRY_USER_DATA This value is passed via gpg-agent to pinentry. It is useful to convey extra information to a custom pinentry.
I suggest reporting the issue upstream.