Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 611544 - app-crypt/gnupg-2.1.19[-smartcard]: ssh-agent emu broken
Summary: app-crypt/gnupg-2.1.19[-smartcard]: ssh-agent emu broken
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Kristian Fiskerstrand (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-03-03 18:03 UTC by Michał Górny
Modified: 2017-03-08 10:55 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
gpg-agent.log (gpg-agent.log,3.64 KB, text/x-log)
2017-03-03 18:03 UTC, Michał Górny 		Details
gpg-agent.sc.log (gpg-agent.sc.log,7.84 KB, text/x-log)
2017-03-03 18:33 UTC, Michał Górny 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2017-03-03 18:03:24 UTC 
Created attachment 465810 [details]
gpg-agent.log

What we talked on IRC -- it seems that the new version fails to handle SSH keys in GPG keyring when compiled without scdaemon.
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2017-03-03 18:33:59 UTC 
Created attachment 465852 [details]
gpg-agent.sc.log

Here's the log with USE=smartcard enabled. As we suspected, it works fine.
Comment 2 Alon Bar-Lev (RETIRED) gentoo-dev 2017-03-03 19:30:48 UTC 
interesting!
this is fundamental issue of the gpg-agent regardless of the ssh, it seems like it assumes it can run it in any case probably to refresh keys. Recently they have rework private key usage and broken lots of other interfaces.
Comment 3 Kristian Fiskerstrand (RETIRED) gentoo-dev 2017-03-03 19:50:55 UTC 
(In reply to Alon Bar-Lev from comment #2)
> interesting!
> this is fundamental issue of the gpg-agent regardless of the ssh, it seems
> like it assumes it can run it in any case probably to refresh keys. Recently
> they have rework private key usage and broken lots of other interfaces.

Indeed. I'll follow up with upstream on this as discussed in #gentoo-crypto on IRC.
Comment 4 Kristian Fiskerstrand (RETIRED) gentoo-dev 2017-03-06 22:34:15 UTC 
Please try 2.1.19-r1
Comment 5 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2017-03-08 10:55:57 UTC 
(In reply to Kristian Fiskerstrand from comment #4)
> Please try 2.1.19-r1

Seems to work fine, thanks!