gpg: "Operation cancelled" with pinentry 1.0.0 on GNOME

DoneSubmitted by Chris Marusich.
Details
5 participants
  • Arun Isaac
  • Chris Marusich
  • Daniel Pimentel
  • Leo Famulari
  • Ludovic Courtès
Owner
unassigned
Severity
normal
C
C
Chris Marusich wrote on 2 Jan 2017 02:50
(address . bug-guix@gnu.org)(name . Leo Famulari)(address . leo@famulari.name)
87a8ba44d5.fsf@gmail.com
Hi,
Since upgrading pinentry from 0.9.7 to 1.0.0, I've noticed some strangebehavior. In GNOME only, when gpg tries to access my secret key, theattempt fails without prompting me for my passphrase. For example, itfails like this:
Toggle snippet (10 lines)[0] marusich@garuda:~$ echo hello > /tmp/message[0] marusich@garuda:~$ gpg --sign /tmp/message gpg: signing failed: Operation cancelledgpg: signing failed: Operation cancelled[2] marusich@garuda:~$
No prompt appears, GUI or otherwise. However, if I repeat the "gpg--sign" command many times, eventually a GUI does appear which asks mefor a password. In that case, everything works just fine. But about90-95% of the time, the attempt just fails like above, without showingme any prompt.
This problem is not limited to my manual command-line invocation. Thesame kind of issue also occurs when emacs (the graphical version,running in GNOME) tries to automatically decrypt encrypted files (e.g.,when gnus needs to read my ~/.authinfo.gpg file to connect to an emailserver). Normally, when emacs needs to decrypt a file like this, a newwindow pops up to ask me for my passphrase, but because of this issue,the decryption fails, without showing me a prompt, for a similar reason:
Toggle snippet (8 lines)Error while decrypting with "gpg":
gpg: encrypted with 4096-bit RSA key, ID 0FE3DE4943560F06, created 2016-02-19 "Chris Marusich <cmmarusich@gmail.com>"gpg: public key decryption failed: Operation cancelledgpg: decryption failed: No secret key
I suspect these are symptoms of the same issue.
My ~/.gnupg/gpg-agent.conf contains the following single line:
pinentry-program /home/marusich/.guix-profile/bin/pinentry
This issue does NOT occur in Xfce. This issue does NOT occur when I runthe "gpg --sign" command in a virtual terminal (e.g., by pressingControl+Alt+F2 to switch to a virtual terminal). In GNOME, this issueDOES occur regardless of which "pinentry" program I specify in my~/.gnupg/gpg-agent.conf file (the same issue occurs with pinentry,pinentry-curses, pinentry-gtk-2, and pinentry-tty).
I've run both "guix pull" and "sudo guix pull" successfully in the lastfew days, and I've successfully reconfigured my system since then, soI'm using the most recent Guix software. I'm using GuixSD.
Since I've added and modified many things to my home directory, I triedcreating a test user with a fresh home directory to rule out my localcustomizations as a cause. I was able to reproduce the issue using afresh test user in GNOME after installing gnupg and pinentry via "guixpackage -i gnupg pinentry". The only changes I made to the test user'shome directory were (1) I added the "export" statements to its ~/.bashrcfile which were suggested by Guix after installing those two packages,and (2) I added a ~/.gnupg/gpg-agent.conf which uses the pinentry thatgot installed into the test user's profile. So, I expect that otherusers of GuixSD can probably reproduce this issue.
-- Chris
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlhpseYACgkQ3UCaFdgiRp0m8RAAjmswfheDR01c7OpH1YjFdgj4jVZdx+s171hVGrJ71iDYbIUJIlhgyXHYyPt8XJJ2p2GZzYGCDUcFBFy9endNC+tw1jTVSRtjprP3Fc5PjOeene9vZDFmKiwDSckWSRcGq4xOgF4SGuTwad13TdasVmcBcOqZ1GyfJINwpDL59yCMgO5fQ+M/j/9eJSKW4RQqqZFJyVarbSQWTEEKm4h8RXx1ewJLtS9EbLlzXxd+lN4uRo7KK+2Xh6fNus5tzJnM0tawo4/x2PL+2ryS18wsNf1x6bNf2SJ1WoX7KmO4b4wfl0FCOUsq7Ey1sdk0kMqRGCd8LClEULI/jt9Nc3DJ9vuvoSA5IBPyJbxdf3QyzxTm9LN7Kqf2uG5+nItJTnmk7jVwWaxggQMFlM0t0lkAmhODGuCdBqS7TWgASg9Q47NtX41QTTHmiPOMr2eWkDGAT37JdHmIMreXel7uiF3ePZed/XvRa9XtOCXSlN8Wqep2FuZ3LuBFAk46MUWCt3sk4S3SmOL1nGbf+47Ghk3HxSFA6P1tSDch+L81UvbHbbbEkMm40pCqkacgXq6XwDY38VpyfTa77DlTigvqNBuxRHlQRcFE2AeH0VXjRMQniuJk5T/4CTrlLlUUP8dq9gcIFtbD5GcrUsIRv2M6uhqj7yEKGymvUY5l6I4Gx5J84Yo==7tms-----END PGP SIGNATURE-----
L
L
Ludovic Courtès wrote on 9 Jan 2017 10:18
(name . Chris Marusich)(address . cmmarusich@gmail.com)(address . 25328@debbugs.gnu.org)
877f64r3qg.fsf@gnu.org
Hi Chris,
Chris Marusich <cmmarusich@gmail.com> skribis:
Toggle quote (14 lines)> Since upgrading pinentry from 0.9.7 to 1.0.0, I've noticed some strange> behavior. In GNOME only, when gpg tries to access my secret key, the> attempt fails without prompting me for my passphrase. For example, it> fails like this:>> [0] marusich@garuda:~> $ echo hello > /tmp/message> [0] marusich@garuda:~> $ gpg --sign /tmp/message > gpg: signing failed: Operation cancelled> gpg: signing failed: Operation cancelled> [2] marusich@garuda:~> $
For the record, I’ve never experienced this problem (that’s outside ofGNOME) with:
Toggle snippet (5 lines)$ guix package -I '(gnupg|pinentry)'pinentry 1.0.0 out /gnu/store/57dg2i4backl38bw4ipcsdg1b7df9j64-pinentry-1.0.0gnupg 2.1.16 out /gnu/store/fz44xcp1iksikjvcc472bgsr9hs8ygkq-gnupg-2.1.16
ISTR that GNOME has a hack to force its own Pinentry tool. Could it bewhat’s at fault?
Thanks,Ludo’.
C
C
Chris Marusich wrote on 20 Jan 2017 09:14
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 25328@debbugs.gnu.org)
87wpdqdu7k.fsf@gmail.com
Hi,
Previously, I wrote:
Toggle quote (4 lines)> In GNOME, this issue DOES occur regardless of which "pinentry" program> I specify in my ~/.gnupg/gpg-agent.conf file (the same issue occurs> with pinentry, pinentry-curses, pinentry-gtk-2, and pinentry-tty).
I don't think this is actually true. I believe I made an error whentesting the different pinentry programs. I believe I forgot to restartthe gpg-agent, which would explain why simply changing the contents ofthe gpg-agent.conf file did not seem to fix the issue.
I did another test just now. I tried changing the contents of thegpg-agent.conf file, and I made sure to kill the gpg-agent process aftereach change, so that gpg-agent would reload the file for sure. When Idid this, I found that only pinentry-gtk-2 exhibits this issue (notethat pinentry is a symlink to pinentry-gtk-2). In particular,pinentry-curses, pinentry-tty, and pinentry-gnome3 all worked for me.
Is anyone able to reproduce the issue using pinentry-gtk-2? Thefollowing steps should reproduce the issue:
* Log into a GNOME session on (a recently updated) GuixSD.
* In $HOME/.gnupg/gpg-agent.conf, set pinentry-program to pinentry-gtk-2, for example:
pinentry-program /home/marusich/.guix-profile/bin/pinentry-gtk-2
* If the gpg-agent process is running, kill it to make sure it loads the new gpg-agent.conf.
* Try to sign a message, e.g.:
echo hello > /tmp/message gpg --sign /tmp/message
You should get the error very frequently.
ludo@gnu.org (Ludovic Courtès) writes:
Toggle quote (3 lines)> For the record, I’ve never experienced this problem (that’s outside of> GNOME) with:
For me, this problem doesn't happen outside of GNOME.
Toggle quote (4 lines)> $ guix package -I '(gnupg|pinentry)'> pinentry 1.0.0 out /gnu/store/57dg2i4backl38bw4ipcsdg1b7df9j64-pinentry-1.0.0> gnupg 2.1.16 out /gnu/store/fz44xcp1iksikjvcc472bgsr9hs8ygkq-gnupg-2.1.16
I'm using these versions:
$ guix package -I '(gnupg|pinentry)' gnupg 2.1.17 out /gnu/store/mcsi9rp06q0xxds4mwdgh1p16bifjxvk-gnupg-2.1.17 pinentry-gnome3 1.0.0 out /gnu/store/4kq8isyz7k8y64l7mjy90y4rjv7mh9x8-pinentry-gnome3-1.0.0

The problem also occurred when using the "pinentry" package (instead ofthe "pinentry-gnome3" package):
/gnu/store/b72r4rgr9irqy5zvb8i9hmrgrbb88ndf-pinentry-1.0.0
Toggle quote (3 lines)> ISTR that GNOME has a hack to force its own Pinentry tool. Could it be> what’s at fault?
Where can I find more info about this hack? I did some Internetsearches, but I couldn't find anything specific.
This bug is no longer blocking me, since I can use pinentry-gnome3, butI'm still concerned about the fact that pinentry-gtk-2 fails veryfrequently, even though it didn't on the previous version.
-- Chris
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAliBxtAACgkQ3UCaFdgiRp23cxAAplBsoKlZkTu3H5rlBerNyCyr2yPReJZ5vZNb7nyu0VaflkStCIyIIveGy+DWu5y5PVtgxS5k1i9y/eX0CQQBZo7kP1fdVBbz7cMqKSCQoj36EN2h2VITIkRe/8U7XvmBmj5XVeBPIopuAaUHTIbOi0wtioeLZFJ1IDAdSEpDaZSRwh707dZ5Xb70u/kFK7dS+uXDEkYTcsxaEQC7O/j94QERYSUdE46CbmPPSLUxzh3S8PN3KoCCFoQBSIsU+VsAB6bns5gcNy97B1XymnEapsivnwes6VgztiGvI6FNX9E7Fx34TuIb62GybFoTBNL47TQZulpVVq+PAZXvK4QbeHemLTghcGzDw7yolWJs21ELCRYjx7OIVvP5yKcJdBF0Esm6vmt8QPhh6XjbQ/tuGmCwTc2w/jlgNsYL6byBEriZrmmSDyC1u8CVXoImxaVEoCwzuf9WSG+PRXvtdz1rCPaf+IY3D9v71V7DUY1j3Y9ykZIfQRvfI7bY7Rx9EVWVhnTMtW6aUZB65b8sOg5TFZh1DqVg/r9ud6IgJv5JASKTL/faUYB+mql2olMkNnCaO0KbTIWCq/7zyIXdY/IkVxPbQor5eN/AIQtrNHDpMZ6THbVtIla7g2J/axHio6TuQeh2JNFtLJFMINf5JqtozniLvH9APSu2+OgSJNJdSXQ==6bNS-----END PGP SIGNATURE-----
D
D
Daniel Pimentel wrote on 20 Jan 2017 13:16
(name . Chris Marusich)(address . cmmarusich@gmail.com)
d4b943fd151c925c71d3d4d50b31922c@d4n1.org
I used this:
gpg-agent --daemon --use-standard-socket --pinentry-program /home/dani/.guix-profile/bin/pinentry-curses
It's works for me. More in my site: https://d4n1.org/gnupg.html
Thanks,
---Daniel Pimentel (d4n1)
On 2017-01-20 05:14, Chris Marusich wrote:
Toggle quote (77 lines)> Hi,> > Previously, I wrote:> >> In GNOME, this issue DOES occur regardless of which "pinentry" program>> I specify in my ~/.gnupg/gpg-agent.conf file (the same issue occurs>> with pinentry, pinentry-curses, pinentry-gtk-2, and pinentry-tty).> > I don't think this is actually true. I believe I made an error when> testing the different pinentry programs. I believe I forgot to restart> the gpg-agent, which would explain why simply changing the contents of> the gpg-agent.conf file did not seem to fix the issue.> > I did another test just now. I tried changing the contents of the> gpg-agent.conf file, and I made sure to kill the gpg-agent process > after> each change, so that gpg-agent would reload the file for sure. When I> did this, I found that only pinentry-gtk-2 exhibits this issue (note> that pinentry is a symlink to pinentry-gtk-2). In particular,> pinentry-curses, pinentry-tty, and pinentry-gnome3 all worked for me.> > Is anyone able to reproduce the issue using pinentry-gtk-2? The> following steps should reproduce the issue:> > * Log into a GNOME session on (a recently updated) GuixSD.> > * In $HOME/.gnupg/gpg-agent.conf, set pinentry-program to> pinentry-gtk-2, for example:> > pinentry-program /home/marusich/.guix-profile/bin/pinentry-gtk-2> > * If the gpg-agent process is running, kill it to make sure it loads > the> new gpg-agent.conf.> > * Try to sign a message, e.g.:> > echo hello > /tmp/message> gpg --sign /tmp/message> > You should get the error very frequently.> > ludo@gnu.org (Ludovic Courtès) writes:> >> For the record, I’ve never experienced this problem (that’s outside of>> GNOME) with:> > For me, this problem doesn't happen outside of GNOME.> >> $ guix package -I '(gnupg|pinentry)'>> pinentry 1.0.0 out /gnu/store/57dg2i4backl38bw4ipcsdg1b7df9j64-pinentry-1.0.0>> gnupg 2.1.16 out /gnu/store/fz44xcp1iksikjvcc472bgsr9hs8ygkq-gnupg-2.1.16> > I'm using these versions:> > $ guix package -I '(gnupg|pinentry)'> > gnupg 2.1.17 out /gnu/store/mcsi9rp06q0xxds4mwdgh1p16bifjxvk-gnupg-2.1.17> > pinentry-gnome3 1.0.0 out /gnu/store/4kq8isyz7k8y64l7mjy90y4rjv7mh9x8-pinentry-gnome3-1.0.0> > > The problem also occurred when using the "pinentry" package (instead of> the "pinentry-gnome3" package):> > /gnu/store/b72r4rgr9irqy5zvb8i9hmrgrbb88ndf-pinentry-1.0.0> >> ISTR that GNOME has a hack to force its own Pinentry tool. Could it >> be>> what’s at fault?> > Where can I find more info about this hack? I did some Internet> searches, but I couldn't find anything specific.> > This bug is no longer blocking me, since I can use pinentry-gnome3, but> I'm still concerned about the fact that pinentry-gtk-2 fails very> frequently, even though it didn't on the previous version.
L
L
Ludovic Courtès wrote on 20 Jan 2017 13:39
(name . Chris Marusich)(address . cmmarusich@gmail.com)(address . 25328@debbugs.gnu.org)
878tq5ewi4.fsf@gnu.org
Hi Chris,
Chris Marusich <cmmarusich@gmail.com> skribis:
Toggle quote (38 lines)> Previously, I wrote:>>> In GNOME, this issue DOES occur regardless of which "pinentry" program>> I specify in my ~/.gnupg/gpg-agent.conf file (the same issue occurs>> with pinentry, pinentry-curses, pinentry-gtk-2, and pinentry-tty).>> I don't think this is actually true. I believe I made an error when> testing the different pinentry programs. I believe I forgot to restart> the gpg-agent, which would explain why simply changing the contents of> the gpg-agent.conf file did not seem to fix the issue.>> I did another test just now. I tried changing the contents of the> gpg-agent.conf file, and I made sure to kill the gpg-agent process after> each change, so that gpg-agent would reload the file for sure. When I> did this, I found that only pinentry-gtk-2 exhibits this issue (note> that pinentry is a symlink to pinentry-gtk-2). In particular,> pinentry-curses, pinentry-tty, and pinentry-gnome3 all worked for me.>> Is anyone able to reproduce the issue using pinentry-gtk-2? The> following steps should reproduce the issue:>> * Log into a GNOME session on (a recently updated) GuixSD.>> * In $HOME/.gnupg/gpg-agent.conf, set pinentry-program to> pinentry-gtk-2, for example:>> pinentry-program /home/marusich/.guix-profile/bin/pinentry-gtk-2>> * If the gpg-agent process is running, kill it to make sure it loads the> new gpg-agent.conf.>> * Try to sign a message, e.g.:>> echo hello > /tmp/message> gpg --sign /tmp/message>> You should get the error very frequently.
Could you report these steps upstream? That does not seem to beGuix-specific, though I suppose other distros probably installpinentry-gnome3 automatically when you install GNOME, such that theproblem doesn’t show up.
Toggle quote (6 lines)>> ISTR that GNOME has a hack to force its own Pinentry tool. Could it be>> what’s at fault?>> Where can I find more info about this hack? I did some Internet> searches, but I couldn't find anything specific.
The “hack” I was referring to is probably just pinentry-gnome3.
Toggle quote (4 lines)> This bug is no longer blocking me, since I can use pinentry-gnome3, but> I'm still concerned about the fact that pinentry-gtk-2 fails very> frequently, even though it didn't on the previous version.
It seems like bad interaction between pinentry-gtk2 and GNOME.
On this topic, I foundhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=791379. Strangely,that bug discusses the opposite problem. :-)
Ludo’.
C
C
Chris Marusich wrote on 21 Jan 2017 11:38
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 25328@debbugs.gnu.org)
8737gc66l7.fsf@gmail.com
ludo@gnu.org (Ludovic Courtès) writes:
Toggle quote (5 lines)> Could you report these steps upstream? That does not seem to be> Guix-specific, though I suppose other distros probably install> pinentry-gnome3 automatically when you install GNOME, such that the> problem doesn’t show up.
I've sent an email to gnupg-devel@gnupg.org asking for help. I'llupdate this bug report when I have more to report.
Toggle quote (2 lines)> The “hack” I was referring to is probably just pinentry-gnome3.
I see.
Toggle quote (10 lines)>> This bug is no longer blocking me, since I can use pinentry-gnome3, but>> I'm still concerned about the fact that pinentry-gtk-2 fails very>> frequently, even though it didn't on the previous version.>> It seems like bad interaction between pinentry-gtk2 and GNOME.>> On this topic, I found> <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=791379>. Strangely,> that bug discusses the opposite problem. :-)
Weird. I'm not sure how to approach bugs like this. I could strace inthe dark and hope to see something that shows me the light, buthopefully the gnupg email list will know better how to troubleshoot it.
-- Chris
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAliDOiUACgkQ3UCaFdgiRp1/XA/9HCJYfMZzxKkb7hK4HL9nu5GBJsh/gwBnVuyO62Yn3IY3CBJRbbKUUoegdZvP7dzS1E02PQlzkAbjEPN6sGgsFksqANEZOfb+UGzi2YEn8DqzWOFYoy7RE9JXsarIS2fGdTe2dF3WxuOS6FF7U4HeMrmfF5cgDudMI8u1xsbMeGRD6uxmGzK6p0JKbRM/8HkZRM1QRpxZ0OjeHNtFO8/6xnc0xt56r/Hbxj+zDDEEQtqlfzpS5PhEOogS4c7hSYIpSRSRFqTgZM/8FgBJ+BXsP3h1le9/yH0cCCcw6NTgKfYaHLmafSkKgvXFw4syiOfcTUOPVwwfsM1TYszvFioYZKi0OR/t9h/PBfAhx/kmfG2oSe9Lf3Z3npJfSWCVMA7q+iC4rxb83+J0nBA03UihDgZkPgOdkuAGjVpQ5QVu6iOe8L8ONha3GIxvguV9EGU+02e/zjaQeLA5XHoLfyEN+JPrc1UvXvjscYYa8N3NTcg0aShejhoBgx32JZlfVg604P5lXgCz7iEpikw+y9NNPIa9Sed9VjVmFL+sOgS5pu47jaf4InR2K+m/WJ3a6Xa8JN7d2KzsRxns/AEvVY0gZa94J47WfNB9V9hzQy2XbIxVDLVzyWNfKKj812EuRz6wyP4yrIiArSWk8TKsTdkx+T8pR/peoAsyAOCv2lc9Hog==9Sg0-----END PGP SIGNATURE-----
C
C
Chris Marusich wrote on 7 May 2017 22:50
Re: pinentry-gtk-2 fails after upgrade to 1.0.0: "Operation cancelled"
(address . gnupg-devel@gnupg.org)(address . 25328@debbugs.gnu.org)
87tw4wtmq4.fsf@gmail.com
Chris Marusich <cmmarusich@gmail.com> writes:
Toggle quote (65 lines)> Hi,>> Since upgrading pinentry-gtk-2 from 0.9.7 to 1.0.0, I've noticed some> strange behavior. Whenever I try to do something that requires access> to my secret key, no window appears, and I get an error like the> following:>> $ gpg --sign /tmp/message > gpg: signing failed: Operation cancelled> gpg: signing failed: Operation cancelled> $ >> Is this expected behavior with 1.0.0?>> This happens about 90% of the time. About 10% of the time, a pinentry> window actually does pop up. When using version 0.9.7, a pinentry> window popped up 100% of the time. I expected the behavior of 1.0.0 to> be the same.>> My software versions are:>> * GuixSD 0.12.0> * GNOME 3 (GNOME shell 3.22.2)> * gnupg 2.1.16> * pinentry-gtk-2 1.0.0>> My ~/.gnupg/gpg-agent.conf file contains the following single line:>> pinentry-program /home/marusich/.guix-profile/bin/pinentry-gtk-2>> When I change my gpg-agent.conf file to use pinentry-gnome3 ,> pinentry-curses, or pinentry-tty (and I kill gpg-agent to make sure it> uses the modified file), the problem doesn't occur.>> When I keep pinentry-gtk-2 in my gpg-agent.conf file, and I log into an> Xfce session, the problem doesn't occur. Likewise, when I log in via a> virtual terminal (e.g. the kind you can get by pressing Control+Alt+F2),> the problem doesn't occur.>> In other words, the problem only seems to occur when I use> pinentry-gtk-2 as my pinentry-program, and I'm logged into a GNOME 3> session. The problem occurs regardless of what program I am running> inside of that GNOME 3 session; for example, it happens in emacs when> emacs tries to automatically decrypt files ending in ".gpg", too.>> Here's how to reproduce the issue:>> * Log into a GNOME session on (a recently updated) GuixSD.>> * In $HOME/.gnupg/gpg-agent.conf, set pinentry-program to> pinentry-gtk-2, for example:>> pinentry-program /home/marusich/.guix-profile/bin/pinentry-gtk-2>> * If the gpg-agent process is running, kill it to make sure it loads the> new gpg-agent.conf.>> * Open up any terminal (GNOME terminal and emacs' "M-x term" will both> reproduce the issue) to sign a message, e.g.:>> echo hello > /tmp/message> gpg --sign /tmp/message>> You should get the error very frequently.
Did anybody get this message? I sent it in January of 2017, but I can'tfind it in the online archives, so I'm worried maybe it never gotdelivered:
https://lists.gnupg.org/pipermail/gnupg-devel/
This time, I've CC'd 25328@debbugs.gnu.org so that my email getsdelivered to at least one location for posterity.
-- Chris
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlkPiLMACgkQ3UCaFdgiRp2keg/9FfBPfT7fJECQ6ULV/UhMZJ3av2WR9sbWGcAcuPp8dN0HL/ePewWb0Oq10ObJDrexo0pWJaV6jbmHbVqG+JYbnUtI2VzKSmif9mIa2gZeJnTuOqfT1cv51/zbxI4njpGWxGOU0erlju2XzlxVtd+dNPG5Y4cugNlwwWYjdOHNsK5sJdIT1Zk3rZJD17xCdbOwNyQb3SaOD+IP2tVeTtoYOWY+FT8CGhpaQR+C8kDIdF5iBaGPYnYbaEmgZda3+HJWLyn2uueYIHJyMtGiQ9GpSNjRz/yzh+2ElnZ0MR7uarDQzRHbJwsgmg3MIsgRO2pXE+iw9khrLsFcan/aU+qlPirTDQz19LRs8r5WzGheZZhqTxj3e3SfG31hly3aByW/35Xf6CwYlIKPjM/h9ADutqHhE6yMWT1YPXKAcIq7g+JIInWjzz5oyOfUQKzrLzqCXNXnO2R5nVxNW/bGRiJNvJC41Z9P3biQfmS13g7VwoDTK4kupj8r6VEQG7pP0ODo3lR1uzkUteFamwcptsYfnxkzXs29MzAMK6RkUx/jBtO2RGAkMUnorf0UKgyEVrNlTUDKcYaoRI8TthpqF810PkH2iBr1Mv0udSBP/wT1Wu4qcwvAZOsE0/VkZb5kBHW0YmcDl12cevo93IFqgk9mkEdCuTSSnLFlYii1efJnG7A==NMwF-----END PGP SIGNATURE-----
A
A
Arun Isaac wrote on 8 May 2017 00:15
Re: bug#25328: pinentry-gtk-2 fails after upgrade to 1.0.0: "Operation cancelled"
(address . 25328@debbugs.gnu.org)
42903767.AEQAKKXjfu8AAAAAAAAAAAO8QtMAAAACwQwAAAAAAAW9WABZD5yp@mailjet.com
Toggle quote (9 lines)>> Since upgrading pinentry-gtk-2 from 0.9.7 to 1.0.0, I've noticed some>> strange behavior. Whenever I try to do something that requires access>> to my secret key, no window appears, and I get an error like the>> following:>>>> $ gpg --sign /tmp/message>> gpg: signing failed: Operation cancelled>> gpg: signing failed: Operation cancelled
I am experiencing the exact same problem with pinentry-gtk-2 in exwm(Emacs X Window Manager). The pinentry window seems to get closedimmediately after it appears. I thought that this was some bug inexwm. But, now that you mention this, maybe something's wrong withpinentry-gtk-2.
L
L
Leo Famulari wrote on 8 May 2017 01:33
(name . Arun Isaac)(address . arunisaac@systemreboot.net)(address . 25328@debbugs.gnu.org)
20170507233359.GA20778@jasmine
On Mon, May 08, 2017 at 03:45:40AM +0530, Arun Isaac wrote:
Toggle quote (15 lines)> >> Since upgrading pinentry-gtk-2 from 0.9.7 to 1.0.0, I've noticed some> >> strange behavior. Whenever I try to do something that requires access> >> to my secret key, no window appears, and I get an error like the> >> following:> >>> >> $ gpg --sign /tmp/message> >> gpg: signing failed: Operation cancelled> >> gpg: signing failed: Operation cancelled> > I am experiencing the exact same problem with pinentry-gtk-2 in exwm> (Emacs X Window Manager). The pinentry window seems to get closed> immediately after it appears. I thought that this was some bug in> exwm. But, now that you mention this, maybe something's wrong with> pinentry-gtk-2.
Chiming in to say that Guix's pinentry-gtk-2 works fine for me on Debianunstable.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlkPrucACgkQJkb6MLrKfwhogw//c3wKwC7TjFSEC3pU0BokZAKUr8Qrubfvi7+ZAMnY2EhwT52k4VxUMHWSBcF0SEPTJ35+T+iF7oFPEkieTdZKfkqPmEQ4dcc8scpUPRPAf+sWAeZI26dt7Ia1inhSPMMjcV9f0OpIoSITnmQcatHADTdizIGJr7SAAr/zyfBk9F/tVF+G3C2AF2CpT0Cgp33Tbl/RQsCo85Rqs+mCXXypsFzWHogDvCxMaflACvtSTZiMbrQjfitaXMYY2yJQ+uwcuY/dbZTOiCq+XD1gXmY/hKiCd27dLJqNedLPkrevBvrp1imPd3UHY8pd/hzqcuN6AGhVW6iI7Tm9vXcGLVLLUeQmSL97947kcQTUtI6p2BMpQLacIRy0/L1XiPjtr103NS8zbajsMIXp2wpHasTfaEf9Vi5MDua3a6eJ+yF9Q/AYiF3tpygBC9mldU0L4H0dULLVyWM7F17/oEcFzsUZJRa3LOzZ6JbnhUxNAohoqzXbZHE53Z3DH/9IA/3mITVmvN7wvBb5JDIqVg2TfW0s3j0zjG8IwY8Ykbdu1OSytrUhrb4dteg1zfQgbWfQWvdZXQiCBDK1N1yG54p+9+KAvRy5p8tBEacLfxTTFrrd1P0ISWMCE4263QMBURnhdhBgJMN3cYjECtcKuwvjtbKD7zVTrDnF/bgWZGsLqKjzGgo==t4+P-----END PGP SIGNATURE-----

C
C
Chris Marusich wrote on 10 May 2017 09:46
(address . 25328@debbugs.gnu.org)
8737cd5f2t.fsf@gmail.com
Chris Marusich <cmmarusich@gmail.com> writes:
Toggle quote (76 lines)> Chris Marusich <cmmarusich@gmail.com> writes:>>> Hi,>>>> Since upgrading pinentry-gtk-2 from 0.9.7 to 1.0.0, I've noticed some>> strange behavior. Whenever I try to do something that requires access>> to my secret key, no window appears, and I get an error like the>> following:>>>> $ gpg --sign /tmp/message >> gpg: signing failed: Operation cancelled>> gpg: signing failed: Operation cancelled>> $ >>>> Is this expected behavior with 1.0.0?>>>> This happens about 90% of the time. About 10% of the time, a pinentry>> window actually does pop up. When using version 0.9.7, a pinentry>> window popped up 100% of the time. I expected the behavior of 1.0.0 to>> be the same.>>>> My software versions are:>>>> * GuixSD 0.12.0>> * GNOME 3 (GNOME shell 3.22.2)>> * gnupg 2.1.16>> * pinentry-gtk-2 1.0.0>>>> My ~/.gnupg/gpg-agent.conf file contains the following single line:>>>> pinentry-program /home/marusich/.guix-profile/bin/pinentry-gtk-2>>>> When I change my gpg-agent.conf file to use pinentry-gnome3 ,>> pinentry-curses, or pinentry-tty (and I kill gpg-agent to make sure it>> uses the modified file), the problem doesn't occur.>>>> When I keep pinentry-gtk-2 in my gpg-agent.conf file, and I log into an>> Xfce session, the problem doesn't occur. Likewise, when I log in via a>> virtual terminal (e.g. the kind you can get by pressing Control+Alt+F2),>> the problem doesn't occur.>>>> In other words, the problem only seems to occur when I use>> pinentry-gtk-2 as my pinentry-program, and I'm logged into a GNOME 3>> session. The problem occurs regardless of what program I am running>> inside of that GNOME 3 session; for example, it happens in emacs when>> emacs tries to automatically decrypt files ending in ".gpg", too.>>>> Here's how to reproduce the issue:>>>> * Log into a GNOME session on (a recently updated) GuixSD.>>>> * In $HOME/.gnupg/gpg-agent.conf, set pinentry-program to>> pinentry-gtk-2, for example:>>>> pinentry-program /home/marusich/.guix-profile/bin/pinentry-gtk-2>>>> * If the gpg-agent process is running, kill it to make sure it loads the>> new gpg-agent.conf.>>>> * Open up any terminal (GNOME terminal and emacs' "M-x term" will both>> reproduce the issue) to sign a message, e.g.:>>>> echo hello > /tmp/message>> gpg --sign /tmp/message>>>> You should get the error very frequently.>> Did anybody get this message? I sent it in January of 2017, but I can't> find it in the online archives, so I'm worried maybe it never got> delivered:>> https://lists.gnupg.org/pipermail/gnupg-devel/>> This time, I've CC'd 25328@debbugs.gnu.org so that my email gets> delivered to at least one location for posterity.
Looks like I might need to be subscribed to gnupg-devel in order to postto it, so I've subscribed for this purpose. I'll update this bug reportagain if my message actually shows up in the gnupg-devel list.
-- Chris
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlkSxWoACgkQ3UCaFdgiRp3Xvg//ceRt0JzKveu6ycEbk5VOjFyWE2K7ufqIZLQw8iqQcATii9vQ5xyDkFJiVzqiyEgcF9Tw1fOKyKqVeqTIBrAYMNRS8ZsCZvOVzvYr+QN2C4dYggQfrkqyrXtjNStzgY/F4h1RpBI/pSFQOBsIriPcK+/xN3A65r6oD80D1dF7oQPPZxXUNXUEBnkuo3hm/2PK+SrBCmxk9v9Nfauh1pVJkkXEbCTXTxoZe5ms3VXi18ej9TfGUKXwfwT1YRVK+Kk0p3jw1z8p2Zsj7NoXRq+nqh08qiYl1d6pBU6k7rJ5ySgD9X+yclPjLDkTZP1TX0eRJCwT0tRtphvV9z6iHMaStit0tCucV/1n2SWufPAFfjMmlzozsBK1P6x538tII1OKIYOaVBzNLklKBSN/+LzE8AOMv26dyP4A/fgN4rncvi0CwF7SkTZMVF4ISD1wQ9kmzepJMsawwqnQic3UEweP6vMR9JXpsNGzQkjZr+rbhngRdR7yLe/GCt8ceTxVCoxnDmugzm8jbhkpp3UY3CMeDX6sRe8bZ/T6zkWF6EwEHayy9mlYzt9uKLKS/QJqGS0PqeWmJ6ITJiPgirPFQE3WhOaW/FoFt1EyjqdqAlNlYJCQMJr34klCvHTZ/xcTIm7KcjC40Wb3bq7HsI3VuQjtbEqr8SG7vPnZyrqg4kfzlYc==4trK-----END PGP SIGNATURE-----
C
C
Chris Marusich wrote on 10 May 2017 10:00
(address . gnupg-devel@gnupg.org)(address . 25328@debbugs.gnu.org)
87shkd3zvm.fsf@gmail.com
Chris Marusich <cmmarusich@gmail.com> writes:
Toggle quote (76 lines)> Chris Marusich <cmmarusich@gmail.com> writes:>>> Hi,>>>> Since upgrading pinentry-gtk-2 from 0.9.7 to 1.0.0, I've noticed some>> strange behavior. Whenever I try to do something that requires access>> to my secret key, no window appears, and I get an error like the>> following:>>>> $ gpg --sign /tmp/message >> gpg: signing failed: Operation cancelled>> gpg: signing failed: Operation cancelled>> $ >>>> Is this expected behavior with 1.0.0?>>>> This happens about 90% of the time. About 10% of the time, a pinentry>> window actually does pop up. When using version 0.9.7, a pinentry>> window popped up 100% of the time. I expected the behavior of 1.0.0 to>> be the same.>>>> My software versions are:>>>> * GuixSD 0.12.0>> * GNOME 3 (GNOME shell 3.22.2)>> * gnupg 2.1.16>> * pinentry-gtk-2 1.0.0>>>> My ~/.gnupg/gpg-agent.conf file contains the following single line:>>>> pinentry-program /home/marusich/.guix-profile/bin/pinentry-gtk-2>>>> When I change my gpg-agent.conf file to use pinentry-gnome3 ,>> pinentry-curses, or pinentry-tty (and I kill gpg-agent to make sure it>> uses the modified file), the problem doesn't occur.>>>> When I keep pinentry-gtk-2 in my gpg-agent.conf file, and I log into an>> Xfce session, the problem doesn't occur. Likewise, when I log in via a>> virtual terminal (e.g. the kind you can get by pressing Control+Alt+F2),>> the problem doesn't occur.>>>> In other words, the problem only seems to occur when I use>> pinentry-gtk-2 as my pinentry-program, and I'm logged into a GNOME 3>> session. The problem occurs regardless of what program I am running>> inside of that GNOME 3 session; for example, it happens in emacs when>> emacs tries to automatically decrypt files ending in ".gpg", too.>>>> Here's how to reproduce the issue:>>>> * Log into a GNOME session on (a recently updated) GuixSD.>>>> * In $HOME/.gnupg/gpg-agent.conf, set pinentry-program to>> pinentry-gtk-2, for example:>>>> pinentry-program /home/marusich/.guix-profile/bin/pinentry-gtk-2>>>> * If the gpg-agent process is running, kill it to make sure it loads the>> new gpg-agent.conf.>>>> * Open up any terminal (GNOME terminal and emacs' "M-x term" will both>> reproduce the issue) to sign a message, e.g.:>>>> echo hello > /tmp/message>> gpg --sign /tmp/message>>>> You should get the error very frequently.>> Did anybody get this message? I sent it in January of 2017, but I can't> find it in the online archives, so I'm worried maybe it never got> delivered:>> https://lists.gnupg.org/pipermail/gnupg-devel/>> This time, I've CC'd 25328@debbugs.gnu.org so that my email gets> delivered to at least one location for posterity.
I can no longer reproduce this issue. I tried following the steps aboveon my current GuixSD system, and the problem does not occur. It seemslike pinentry-gtk-2 works fine now, which is curious because the versionis still 1.0.0. I don't know why it works now but didn't earlier.
My emails never seem to have made it to the gnupg-devel list, but inthis case I suppose it doesn't matter any more. I think we can resolvethis bug report, unless someone else can reproduce the issue reliably.
-- Chris
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlkSyJ0ACgkQ3UCaFdgiRp08KQ//WDdZpv6h6rS4vvjLNSpPp1wSddx8U3F5ruzD8Cm6vnK3teFDFo0Eb1g4m0q29hohqt4hkYLKi/c1qkItVwWug/QwU7PTH2bWOkAzW1wYYdRaB/Ck/COKf6EdFQnmQydd4cF/x/Pvk15VkThgDLw+uO3D2McqY53jmaIPp6k/R+Vz1ifYsleNim6Yw2CA8zE7A7MIaX8IUzS3TRIy3Qi1XNhKsffoDE5+YiHoEH8HACqVx96EQ8O0aRJvxOuoVZuthTrM8gQhGeRV33uoE2XMreW3tl6Olmf74gRO4w8wtwetEV/+Hw6nw3lubJzG8qg6HJB2LzDZD6pFBMaUtALSMX25rxiwurVKZKjKqQ92h+4aG0iWuPZa4rLPi+0X24pP7V7oj0RJNXJjv0oUyTkg598rPpHmXXIyIBxDhH2cmdnCHhhNpWFjUWpTllQ29LRVosOG+qgzMn8W059pi302B/6Frd5xlHX2rQ1FMxDwSSvXkCp2n28kJ3+w6RRl/KN58CMYftubqBO6a4BCssvabDCBclO7XZTBpN4J6Q/47KU2W2D4xHW0dCIVd5KSSsBtcS2xHrhFk82/8/2mkh0Unhn4y0hmuEYePiHukfqmUFLJj/WQtKhT8YLeQI/1ArMnVlJswJIxXMCe6QnL7C+1/m16RkqYlPN1c0ucdyFIabs==x8Ei-----END PGP SIGNATURE-----
L
L
Ludovic Courtès wrote on 10 May 2017 14:06
control message for bug #25328
(address . control@debbugs.gnu.org)
87h90svrty.fsf@gnu.org
tags 25328 unreproducibleclose 25328
?
Your comment

This issue is archived.

To comment on this conversation send email to 25328@debbugs.gnu.org