Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 197588

Summary: net-im/psi-0.10-r3 asks for GPG passphrase for every message and statuschange w/ pinentry-0.7.3
Product: Gentoo Linux Reporter: Jan Simons <jan.simons>
Component: Current packagesAssignee: Przemyslaw Maciag (RETIRED) <troll>
Status: RESOLVED WORKSFORME    
Severity: normal CC: crypto+disabled, kripton, net-im, tindor, wolfgang.illmeyer
Priority: High    
Version: unspecified   
Hardware: x86   
OS: Linux   
URL: http://forums.gentoo.org/viewtopic-t-553101-highlight-pinentry+psi.html
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 159851    

Description Jan Simons 2007-10-31 03:32:32 UTC
Usually one would expect that once you've entered your passphrase to decrypt your private gpg-key psi would be able to decrypt encrypted messages using it. But with current configuration you're asked to enter your key for every encrypted message you receive and every time your status changes (e.g. available -> away).

From a quick google search it looks like only gentoo users are hit with this problem.

I think there might be something wrong with pinentry and its passphrase cache.

Reproducible: Always

Steps to Reproduce:
1. setup psi to use a gpg key with passphrase
2. close psi
3. start psi (it should ask for your passphrase via pinentry)
4. wait until it goes into "auto away"
5. move mouse/type something
6. psi should try to return from "auto away" and will ask you for your passphrase.

alternative: try to have an encrypted chat session.
Actual Results:  
many annoying pinentry dialogues asking for your passphrase

Expected Results:  
only having to enter the passphrase once for any psi session.

emerge --info
Portage 2.1.3.16 (default-linux/x86/2007.0/desktop, gcc-4.2.2, glibc-2.6.1-r0, 2.6.22-gentoo-r5 i686)
=================================================================
System uname: 2.6.22-gentoo-r5 i686 AMD Athlon(tm) Processor
Timestamp of tree: Tue, 30 Oct 2007 22:20:01 +0000
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
ccache version 2.4 [enabled]
app-shells/bash:     3.2_p17-r1
dev-java/java-config: 1.3.7, 2.1.2-r1
dev-lang/python:     2.4.4-r6, 2.5.1-r3
dev-python/pycrypto: 2.0.1-r6
dev-util/ccache:     2.4-r7
sys-apps/baselayout: 1.12.10-r5
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.23
ACCEPT_KEYWORDS="x86 ~x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=athlon-tbird -Os -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/lib/mozilla/defaults/pref /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-march=athlon-tbird -Os -pipe"
DISTDIR="/var/distfiles"
FEATURES="ccache distlocks metadata-transfer parallel-fetch sandbox sfperms strict unmerge-orphans userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://mirrors.sec.informatik.tu-darmstadt.de/gentoo/ http://ftp.du.se/pub/os/gentoo http://gentoo.ynet.sk/pub http://mir.zyrianes.net/gentoo/ http://gentoo.inode.at/"
LANG="de_DE"
LC_ALL="de_DE@euro"
LINGUAS="de"
MAKEOPTS="-j2"
PKGDIR="/var/distfiles/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/layman/pro-audio /usr/portage/local/layman/science /usr/local/portage /usr/local/overlays/misc"
SYNC="rsync://rsync.de.gentoo.org/gentoo-portage"
USE="3dnow 3dnowext 3ds 7zip X a52 aac aalib acpi alsa amarok amr apache2 arts artswrappersuid asf auctex audiofile bash-completion berkdb bitmap-fonts blender-game bootsplash branding bzip2 cairo canna caps ccache cdda cddb cdio cdparanoia cdr cdrom chroot cjk cle266 cli colordiff cpudetection cracklib crypt css cups curl curlwrappers d dba dbase dbus dga directfb dosformat dri droproot dv dvd dvdread ecc edl elf emboss emf encode ethereal evo fam fb fbcon fbdev fbsplash ffmpeg fftw firefox flac flash fltk font-server foomaticdb fortran freewnn ftp fuse gcc-libffi gcj gcl gd gdbm geldkarte geoip gif gimp ginac gnuplot gpm graphviz gs gstreamer gtk h323 hal http httpd iconv icq id3 idea imagemagick imap imlib irc isdnlog jabber jack jackmidi java javascript jce jikes john joystick jp2 jpeg jpeg2k kde kdeenablefinal kdehiddenvisibility kdexdeltas kexi kqemu ladspa lame langpacks latex lha libcaca libgda live lm_sensors logitech-mouse logrotate lzo lzw lzw-tiff m17n-lib mad maildir math matroska mbrola memlimit midi mikmod mime mjpeg mmap mmx mmxext mng mod mono moznocompose moznoirc moznomail mozsvg mp3 mp4live mpeg mpeg2 mpeg4 mpi mplayer msdav mudflap mule multiuser musepack music mysqli ncurses net network nls nptl nptlonly nsplugin ntfs ntlm nvidia objc octave odbc offensive ogg oggvorbis ogre on-the-fly-crypt opengl openmp oscar oss pam pascal patented pcre pda pdf pdfkit perl php plotutils png posix povray ppds pppd print python qt3 qt3support qt4 quicktime rar rdesktop readline real reflection reiserfs samba scenarios screen sdl sensord session sftp sid slang slp smartcard smime sndfile soap sockets softmmu speex spell spl sql sqlite ssl stream subp subtitles subversion svg svga svgz swat sysfs syslog tcl tcltk tcpd tetex theora tidy tiff timidity tk tordns tos transcode truetype truetype-fonts type1 type1-fonts unicode usb usepackagedmakefiles userlocales utempter v4l v4l2 vcd vidix visualization vlm vnc vorbis vst webdav win32codecs wma wma123 wmf wv wxgtk1 wxwindows x264 x86 xanim xchatdccserver xchatnogtk xchattext xine xinerama xml xorg xpm xprint xscreensaver xv xvid xvmc yv12 zip zlib" ALSA_CARDS="cs46xx ens1371" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev joystick" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="de" USERLAND="GNU" VIDEO_CARDS="nvidia nv"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 Boyan Ivanov 2007-11-24 18:14:56 UTC
I'm having the same problem with psi-0.11_pre20070314 (upgraded to see if it will disappear)and pinentry 0.7.3. A friend of mine is using Debian and has no such problems with the same versions.
Comment 2 heiko 2007-12-24 11:07:35 UTC
same problem here.

equery uses psi                          
[ Searching for packages matching psi... ]
[ Colour Code : set unset ]
[ Legend : Left column  (U) - USE flags from make.conf              ]
[        : Right column (I) - USE flags packages was installed with ]
[ Found these USE variables for net-im/psi-0.10-r3 ]
 U I
 - - audacious        : Enable monitoring of audio tracks that are played in (media-sound/audacious)
 + + crypt            : Add support for encryption -- using mcrypt or gpg where applicable
 + + extras           : Enables extra non official patches
 - - insecure-patches : Enables extra non official patches that may pose as a security risk
 - - linguas_ar       : <unknown>
 - - linguas_bg       : <unknown>
 - - linguas_ca       : <unknown>
 - - linguas_cs       : <unknown>
 - - linguas_da       : <unknown>
 - - linguas_de       : <unknown>
 - - linguas_el       : <unknown>
 - - linguas_eo       : <unknown>
 - - linguas_es       : <unknown>
 - - linguas_et       : <unknown>
 - - linguas_fi       : <unknown>
 - - linguas_fr       : <unknown>
 - - linguas_hu       : <unknown>
 - - linguas_it       : <unknown>
 - - linguas_mk       : <unknown>
 - - linguas_nl       : <unknown>
 - - linguas_pl       : <unknown>
 - - linguas_pt       : <unknown>
 - - linguas_pt_BR    : <unknown>
 - - linguas_ru       : <unknown>
 - - linguas_se       : <unknown>
 - - linguas_sk       : <unknown>
 - - linguas_sl       : <unknown>
 - - linguas_sr       : <unknown>
 - - linguas_sw_TZ    : <unknown>
 - - linguas_vi       : <unknown>
 - - linguas_zh       : <unknown>
 + + ssl              : Adds support for Secure Socket Layer connections
 - - xscreensaver     : Adds support for XScreenSaver extension.


emerge --info
Portage 2.1.3.19 (default-linux/amd64/2006.1/desktop, gcc-4.1.2, glibc-2.6.1-r0, 2.6.23-gentoo-r3 x86_64)
=================================================================
System uname: 2.6.23-gentoo-r3 x86_64 AMD Athlon(tm) 64 Processor 3500+
Timestamp of tree: Mon, 24 Dec 2007 09:46:01 +0000
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
ccache version 2.4 [enabled]
app-shells/bash:     3.2_p17
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.4.4-r6
dev-python/pycrypto: 2.0.1-r6
dev-util/ccache:     2.4-r7
sys-apps/baselayout: 1.12.10-r5
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.23-r2
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=athlon64 -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d"
CPPFLAGS=" -I/usr/local/enlightenment/e-071014/include -I/usr/local/enlightenment/e-071014/include"
CXXFLAGS="-march=athlon64 -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="candy ccache distlocks metadata-transfer noinfo parallel-fetch sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo"
LANG="en_US.utf8"
LC_ALL="en_US.utf8"
LDFLAGS=" -L/usr/local/enlightenment/e-071014/lib -L/usr/local/enlightenment/e-071014/lib"
LINGUAS="en"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/layman/sunrise /usr/local/portage /usr/local/portage"
SYNC="rsync://rsync.de.gentoo.org/gentoo-portage"
USE="X a52 aac aalib alsa amd64 apache2 arts bash-completion berkdb bitmap-fonts cairo cdr cjk cli cracklib crypt cups curl dbus directfb dri dts dvd dvdr eds emboss encode esd fam fbcon ffmpeg firefox flac fortran gd gdbm gif gnome gpm gstreamer gtk gtk2 hal iconv ipod isdnlog jpeg kde libcaca lirc mad midi mikmod mp3 mpeg mudflap ncurses nethack nls nptl nptlonly nsplugin offensive ogg opengl openmp oss pam pcre perl png postgres ppds pppd python qt qt3 qt4 quicktime readline reflection ruby sdl session spell spl ssl svg tcpd theora threads truetype truetype-fonts type1-fonts unicode userlocales vorbis xml xorg xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" LIRC_DEVICES="serial" USERLAND="GNU" VIDEO_CARDS="vesa fbdev radeon"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 3 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2008-01-02 02:40:25 UTC
This looks like bug 183075 that got closed as NEEDINFO.
Specifically pinentry does NOT cache the passphrase. That is the task of the agent. If there is no agent available, it doesn't get cached...
Comment 4 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2008-01-02 02:41:02 UTC
Add crypto herd.
Comment 5 Alon Bar-Lev (RETIRED) gentoo-dev 2008-01-02 06:44:26 UTC
True.
gnupg-2 requires agent running for caching.
Please try:

gpg-agent --daemon bash
<run psi from this shell>
Comment 6 Alon Bar-Lev (RETIRED) gentoo-dev 2008-01-02 18:47:47 UTC
Just want to know, troll are you available in some way? I did not see you handle any of the bugs assigned to you.
Comment 7 Boyan Ivanov 2008-01-03 17:20:59 UTC
It works now with net-im/psi-0.11_pre2007031.
Thanks :)
Comment 8 Alon Bar-Lev (RETIRED) gentoo-dev 2008-01-03 17:32:03 UTC
Please explain what is working...
What about 0.10? Have you checked this?
Comment 9 Boyan Ivanov 2008-01-03 19:22:20 UTC
Well,
now it doesn't ask for a password everytime you receive an encrypted message or change your status.
Unfortunately I haven't tested with 0.10, but will try it as soon as I can.
Comment 10 Alon Bar-Lev (RETIRED) gentoo-dev 2008-01-03 19:25:14 UTC
OK.
Please reopen if you have any further issues.
Comment 11 Wolfgang Illmeyer 2008-01-03 19:52:27 UTC
This is actually a non-issue. If the gpg-ebuilds would allow installing gpg1 and gpg2 in parallel (which is what they were designed for), psi would flawlessly work without changing a single line of code

Also, I doubt that gpg-agent will really help with psi, because as far as I understand, gpg-agent only lets you chose how long (as in timeout) your passphrase should be cached, whereas psi is designed to decide for itself how long to cache the passphrase.
Comment 12 Boyan Ivanov 2008-01-03 20:03:36 UTC
Just tested it, version 0.10-r3 also has no problems after the command
gpg-agent --daemon bash
Comment 13 Alon Bar-Lev (RETIRED) gentoo-dev 2008-01-03 20:11:37 UTC
(In reply to comment #11)
> This is actually a non-issue. If the gpg-ebuilds would allow installing gpg1
> and gpg2 in parallel (which is what they were designed for), psi would
> flawlessly work without changing a single line of code

This is irrelevant to this bug.

Applications should work also if user choose to install only gpg-2.
And if a gpg-2 only configuration is available, why force gpg-1 on all systems that have gpg-2 installed?

Also, there was no change in any line of code for 0.11, 0.10 was released before gnupg-2, so a minor fixups applied.

> Also, I doubt that gpg-agent will really help with psi, because as far as I
> understand, gpg-agent only lets you chose how long (as in timeout) your
> passphrase should be cached, whereas psi is designed to decide for itself how
> long to cache the passphrase.

Don't doubt or guess, check it out, if it does not work for you please describe the issue.

As for passphrase cache, gpg-2 does not allow applications to cache passphrase as the applications tends to do this in unsecured manner. As far as I talked to Justin (psi developer), he is aware of this.

On gpg-2 passphrase cache is maintained by gpg-agent, and the cache settings can be configured as options for gpg-agent.
Comment 14 Alon Bar-Lev (RETIRED) gentoo-dev 2008-01-03 20:11:56 UTC
(In reply to comment #12)
> Just tested it, version 0.10-r3 also has no problems after the command
> gpg-agent --daemon bash

Thank you for your help.
Comment 15 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2008-01-03 20:18:59 UTC
wolfgang: 
"whereas psi is designed to decide for itself how long to cache the passphrase."
gpg-agent allows applications to decide how long to cache for, but it handles getting the passphrase and the cache itself.

Off the top of my head, using the Assuan protocol to the agent:
GET_PASSPHRASE $CACHE_ID ....
CLEAR_PASSPHRASE $CACHE_ID
To explicitly request or forgot the passphrase. There is another one that manages the timeout.
Comment 16 Alon Bar-Lev (RETIRED) gentoo-dev 2008-01-03 20:42:58 UTC
(In reply to comment #15)
> Off the top of my head, using the Assuan protocol to the agent:
> GET_PASSPHRASE $CACHE_ID ....
> CLEAR_PASSPHRASE $CACHE_ID

But gpg --server does not expose these... :)
gpg exposes:
OPTION use-cache-for-signing=0|1

And there is no option to redirect raw options for the agent... (There is from the agent to the smartcard daemon...)