gpg: "Operation cancelled" with pinentry 1.0.0 on GNOME

  • Done
  • quality assurance status badge
Details
6 participants
  • Arun Isaac
  • Attila Lendvai
  • Chris Marusich
  • Daniel Pimentel
  • Leo Famulari
  • Ludovic Courtès
Owner
unassigned
Submitted by
Chris Marusich
Severity
normal
C
C
Chris Marusich wrote on 2 Jan 2017 02:50
(address . bug-guix@gnu.org)(name . Leo Famulari)(address . leo@famulari.name)
87a8ba44d5.fsf@gmail.com
Hi,

Since upgrading pinentry from 0.9.7 to 1.0.0, I've noticed some strange
behavior. In GNOME only, when gpg tries to access my secret key, the
attempt fails without prompting me for my passphrase. For example, it
fails like this:

Toggle snippet (10 lines)
[0] marusich@garuda:~
$ echo hello > /tmp/message
[0] marusich@garuda:~
$ gpg --sign /tmp/message
gpg: signing failed: Operation cancelled
gpg: signing failed: Operation cancelled
[2] marusich@garuda:~
$

No prompt appears, GUI or otherwise. However, if I repeat the "gpg
--sign" command many times, eventually a GUI does appear which asks me
for a password. In that case, everything works just fine. But about
90-95% of the time, the attempt just fails like above, without showing
me any prompt.

This problem is not limited to my manual command-line invocation. The
same kind of issue also occurs when emacs (the graphical version,
running in GNOME) tries to automatically decrypt encrypted files (e.g.,
when gnus needs to read my ~/.authinfo.gpg file to connect to an email
server). Normally, when emacs needs to decrypt a file like this, a new
window pops up to ask me for my passphrase, but because of this issue,
the decryption fails, without showing me a prompt, for a similar reason:

Toggle snippet (8 lines)
Error while decrypting with "gpg":

gpg: encrypted with 4096-bit RSA key, ID 0FE3DE4943560F06, created 2016-02-19
"Chris Marusich <cmmarusich@gmail.com>"
gpg: public key decryption failed: Operation cancelled
gpg: decryption failed: No secret key

I suspect these are symptoms of the same issue.

My ~/.gnupg/gpg-agent.conf contains the following single line:

pinentry-program /home/marusich/.guix-profile/bin/pinentry

This issue does NOT occur in Xfce. This issue does NOT occur when I run
the "gpg --sign" command in a virtual terminal (e.g., by pressing
Control+Alt+F2 to switch to a virtual terminal). In GNOME, this issue
DOES occur regardless of which "pinentry" program I specify in my
~/.gnupg/gpg-agent.conf file (the same issue occurs with pinentry,
pinentry-curses, pinentry-gtk-2, and pinentry-tty).

I've run both "guix pull" and "sudo guix pull" successfully in the last
few days, and I've successfully reconfigured my system since then, so
I'm using the most recent Guix software. I'm using GuixSD.

Since I've added and modified many things to my home directory, I tried
creating a test user with a fresh home directory to rule out my local
customizations as a cause. I was able to reproduce the issue using a
fresh test user in GNOME after installing gnupg and pinentry via "guix
package -i gnupg pinentry". The only changes I made to the test user's
home directory were (1) I added the "export" statements to its ~/.bashrc
file which were suggested by Guix after installing those two packages,
and (2) I added a ~/.gnupg/gpg-agent.conf which uses the pinentry that
got installed into the test user's profile. So, I expect that other
users of GuixSD can probably reproduce this issue.

--
Chris
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlhpseYACgkQ3UCaFdgi
Rp0m8RAAjmswfheDR01c7OpH1YjFdgj4jVZdx+s171hVGrJ71iDYbIUJIlhgyXHY
yPt8XJJ2p2GZzYGCDUcFBFy9endNC+tw1jTVSRtjprP3Fc5PjOeene9vZDFmKiwD
SckWSRcGq4xOgF4SGuTwad13TdasVmcBcOqZ1GyfJINwpDL59yCMgO5fQ+M/j/9e
JSKW4RQqqZFJyVarbSQWTEEKm4h8RXx1ewJLtS9EbLlzXxd+lN4uRo7KK+2Xh6fN
us5tzJnM0tawo4/x2PL+2ryS18wsNf1x6bNf2SJ1WoX7KmO4b4wfl0FCOUsq7Ey1
sdk0kMqRGCd8LClEULI/jt9Nc3DJ9vuvoSA5IBPyJbxdf3QyzxTm9LN7Kqf2uG5+
nItJTnmk7jVwWaxggQMFlM0t0lkAmhODGuCdBqS7TWgASg9Q47NtX41QTTHmiPOM
r2eWkDGAT37JdHmIMreXel7uiF3ePZed/XvRa9XtOCXSlN8Wqep2FuZ3LuBFAk46
MUWCt3sk4S3SmOL1nGbf+47Ghk3HxSFA6P1tSDch+L81UvbHbbbEkMm40pCqkacg
Xq6XwDY38VpyfTa77DlTigvqNBuxRHlQRcFE2AeH0VXjRMQniuJk5T/4CTrlLlUU
P8dq9gcIFtbD5GcrUsIRv2M6uhqj7yEKGymvUY5l6I4Gx5J84Yo=
=7tms
-----END PGP SIGNATURE-----

L
L
Ludovic Courtès wrote on 9 Jan 2017 10:18
(name . Chris Marusich)(address . cmmarusich@gmail.com)(address . 25328@debbugs.gnu.org)
877f64r3qg.fsf@gnu.org
Hi Chris,

Chris Marusich <cmmarusich@gmail.com> skribis:

Toggle quote (14 lines)
> Since upgrading pinentry from 0.9.7 to 1.0.0, I've noticed some strange
> behavior. In GNOME only, when gpg tries to access my secret key, the
> attempt fails without prompting me for my passphrase. For example, it
> fails like this:
>
> [0] marusich@garuda:~
> $ echo hello > /tmp/message
> [0] marusich@garuda:~
> $ gpg --sign /tmp/message
> gpg: signing failed: Operation cancelled
> gpg: signing failed: Operation cancelled
> [2] marusich@garuda:~
> $

For the record, I’ve never experienced this problem (that’s outside of
GNOME) with:

Toggle snippet (5 lines)
$ guix package -I '(gnupg|pinentry)'
pinentry 1.0.0 out /gnu/store/57dg2i4backl38bw4ipcsdg1b7df9j64-pinentry-1.0.0
gnupg 2.1.16 out /gnu/store/fz44xcp1iksikjvcc472bgsr9hs8ygkq-gnupg-2.1.16

ISTR that GNOME has a hack to force its own Pinentry tool. Could it be
what’s at fault?

Thanks,
Ludo’.
C
C
Chris Marusich wrote on 20 Jan 2017 09:14
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 25328@debbugs.gnu.org)
87wpdqdu7k.fsf@gmail.com
Hi,

Previously, I wrote:

Toggle quote (4 lines)
> In GNOME, this issue DOES occur regardless of which "pinentry" program
> I specify in my ~/.gnupg/gpg-agent.conf file (the same issue occurs
> with pinentry, pinentry-curses, pinentry-gtk-2, and pinentry-tty).

I don't think this is actually true. I believe I made an error when
testing the different pinentry programs. I believe I forgot to restart
the gpg-agent, which would explain why simply changing the contents of
the gpg-agent.conf file did not seem to fix the issue.

I did another test just now. I tried changing the contents of the
gpg-agent.conf file, and I made sure to kill the gpg-agent process after
each change, so that gpg-agent would reload the file for sure. When I
did this, I found that only pinentry-gtk-2 exhibits this issue (note
that pinentry is a symlink to pinentry-gtk-2). In particular,
pinentry-curses, pinentry-tty, and pinentry-gnome3 all worked for me.

Is anyone able to reproduce the issue using pinentry-gtk-2? The
following steps should reproduce the issue:

* Log into a GNOME session on (a recently updated) GuixSD.

* In $HOME/.gnupg/gpg-agent.conf, set pinentry-program to
pinentry-gtk-2, for example:

pinentry-program /home/marusich/.guix-profile/bin/pinentry-gtk-2

* If the gpg-agent process is running, kill it to make sure it loads the
new gpg-agent.conf.

* Try to sign a message, e.g.:

echo hello > /tmp/message
gpg --sign /tmp/message

You should get the error very frequently.

ludo@gnu.org (Ludovic Courtès) writes:

Toggle quote (3 lines)
> For the record, I’ve never experienced this problem (that’s outside of
> GNOME) with:

For me, this problem doesn't happen outside of GNOME.

Toggle quote (4 lines)
> $ guix package -I '(gnupg|pinentry)'
> pinentry 1.0.0 out /gnu/store/57dg2i4backl38bw4ipcsdg1b7df9j64-pinentry-1.0.0
> gnupg 2.1.16 out /gnu/store/fz44xcp1iksikjvcc472bgsr9hs8ygkq-gnupg-2.1.16

I'm using these versions:

$ guix package -I '(gnupg|pinentry)'
gnupg 2.1.17 out /gnu/store/mcsi9rp06q0xxds4mwdgh1p16bifjxvk-gnupg-2.1.17
pinentry-gnome3 1.0.0 out /gnu/store/4kq8isyz7k8y64l7mjy90y4rjv7mh9x8-pinentry-gnome3-1.0.0


The problem also occurred when using the "pinentry" package (instead of
the "pinentry-gnome3" package):

/gnu/store/b72r4rgr9irqy5zvb8i9hmrgrbb88ndf-pinentry-1.0.0

Toggle quote (3 lines)
> ISTR that GNOME has a hack to force its own Pinentry tool. Could it be
> what’s at fault?

Where can I find more info about this hack? I did some Internet
searches, but I couldn't find anything specific.

This bug is no longer blocking me, since I can use pinentry-gnome3, but
I'm still concerned about the fact that pinentry-gtk-2 fails very
frequently, even though it didn't on the previous version.

--
Chris
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAliBxtAACgkQ3UCaFdgi
Rp23cxAAplBsoKlZkTu3H5rlBerNyCyr2yPReJZ5vZNb7nyu0VaflkStCIyIIveG
y+DWu5y5PVtgxS5k1i9y/eX0CQQBZo7kP1fdVBbz7cMqKSCQoj36EN2h2VITIkRe
/8U7XvmBmj5XVeBPIopuAaUHTIbOi0wtioeLZFJ1IDAdSEpDaZSRwh707dZ5Xb70
u/kFK7dS+uXDEkYTcsxaEQC7O/j94QERYSUdE46CbmPPSLUxzh3S8PN3KoCCFoQB
SIsU+VsAB6bns5gcNy97B1XymnEapsivnwes6VgztiGvI6FNX9E7Fx34TuIb62Gy
bFoTBNL47TQZulpVVq+PAZXvK4QbeHemLTghcGzDw7yolWJs21ELCRYjx7OIVvP5
yKcJdBF0Esm6vmt8QPhh6XjbQ/tuGmCwTc2w/jlgNsYL6byBEriZrmmSDyC1u8CV
XoImxaVEoCwzuf9WSG+PRXvtdz1rCPaf+IY3D9v71V7DUY1j3Y9ykZIfQRvfI7bY
7Rx9EVWVhnTMtW6aUZB65b8sOg5TFZh1DqVg/r9ud6IgJv5JASKTL/faUYB+mql2
olMkNnCaO0KbTIWCq/7zyIXdY/IkVxPbQor5eN/AIQtrNHDpMZ6THbVtIla7g2J/
axHio6TuQeh2JNFtLJFMINf5JqtozniLvH9APSu2+OgSJNJdSXQ=
=6bNS
-----END PGP SIGNATURE-----

D
D
Daniel Pimentel wrote on 20 Jan 2017 13:16
(name . Chris Marusich)(address . cmmarusich@gmail.com)
d4b943fd151c925c71d3d4d50b31922c@d4n1.org
I used this:

gpg-agent --daemon --use-standard-socket --pinentry-program
/home/dani/.guix-profile/bin/pinentry-curses

It's works for me. More in my site: https://d4n1.org/gnupg.html

Thanks,

---
Daniel Pimentel (d4n1)

On 2017-01-20 05:14, Chris Marusich wrote:
Toggle quote (77 lines)
> Hi,
>
> Previously, I wrote:
>
>> In GNOME, this issue DOES occur regardless of which "pinentry" program
>> I specify in my ~/.gnupg/gpg-agent.conf file (the same issue occurs
>> with pinentry, pinentry-curses, pinentry-gtk-2, and pinentry-tty).
>
> I don't think this is actually true. I believe I made an error when
> testing the different pinentry programs. I believe I forgot to restart
> the gpg-agent, which would explain why simply changing the contents of
> the gpg-agent.conf file did not seem to fix the issue.
>
> I did another test just now. I tried changing the contents of the
> gpg-agent.conf file, and I made sure to kill the gpg-agent process
> after
> each change, so that gpg-agent would reload the file for sure. When I
> did this, I found that only pinentry-gtk-2 exhibits this issue (note
> that pinentry is a symlink to pinentry-gtk-2). In particular,
> pinentry-curses, pinentry-tty, and pinentry-gnome3 all worked for me.
>
> Is anyone able to reproduce the issue using pinentry-gtk-2? The
> following steps should reproduce the issue:
>
> * Log into a GNOME session on (a recently updated) GuixSD.
>
> * In $HOME/.gnupg/gpg-agent.conf, set pinentry-program to
> pinentry-gtk-2, for example:
>
> pinentry-program /home/marusich/.guix-profile/bin/pinentry-gtk-2
>
> * If the gpg-agent process is running, kill it to make sure it loads
> the
> new gpg-agent.conf.
>
> * Try to sign a message, e.g.:
>
> echo hello > /tmp/message
> gpg --sign /tmp/message
>
> You should get the error very frequently.
>
> ludo@gnu.org (Ludovic Courtès) writes:
>
>> For the record, I’ve never experienced this problem (that’s outside of
>> GNOME) with:
>
> For me, this problem doesn't happen outside of GNOME.
>
>> $ guix package -I '(gnupg|pinentry)'
>> pinentry 1.0.0 out /gnu/store/57dg2i4backl38bw4ipcsdg1b7df9j64-pinentry-1.0.0
>> gnupg 2.1.16 out /gnu/store/fz44xcp1iksikjvcc472bgsr9hs8ygkq-gnupg-2.1.16
>
> I'm using these versions:
>
> $ guix package -I '(gnupg|pinentry)'
>
> gnupg 2.1.17 out /gnu/store/mcsi9rp06q0xxds4mwdgh1p16bifjxvk-gnupg-2.1.17
>
> pinentry-gnome3 1.0.0 out /gnu/store/4kq8isyz7k8y64l7mjy90y4rjv7mh9x8-pinentry-gnome3-1.0.0
>
>
> The problem also occurred when using the "pinentry" package (instead of
> the "pinentry-gnome3" package):
>
> /gnu/store/b72r4rgr9irqy5zvb8i9hmrgrbb88ndf-pinentry-1.0.0
>
>> ISTR that GNOME has a hack to force its own Pinentry tool. Could it
>> be
>> what’s at fault?
>
> Where can I find more info about this hack? I did some Internet
> searches, but I couldn't find anything specific.
>
> This bug is no longer blocking me, since I can use pinentry-gnome3, but
> I'm still concerned about the fact that pinentry-gtk-2 fails very
> frequently, even though it didn't on the previous version.
L
L
Ludovic Courtès wrote on 20 Jan 2017 13:39
(name . Chris Marusich)(address . cmmarusich@gmail.com)(address . 25328@debbugs.gnu.org)
878tq5ewi4.fsf@gnu.org
Hi Chris,

Chris Marusich <cmmarusich@gmail.com> skribis:

Toggle quote (38 lines)
> Previously, I wrote:
>
>> In GNOME, this issue DOES occur regardless of which "pinentry" program
>> I specify in my ~/.gnupg/gpg-agent.conf file (the same issue occurs
>> with pinentry, pinentry-curses, pinentry-gtk-2, and pinentry-tty).
>
> I don't think this is actually true. I believe I made an error when
> testing the different pinentry programs. I believe I forgot to restart
> the gpg-agent, which would explain why simply changing the contents of
> the gpg-agent.conf file did not seem to fix the issue.
>
> I did another test just now. I tried changing the contents of the
> gpg-agent.conf file, and I made sure to kill the gpg-agent process after
> each change, so that gpg-agent would reload the file for sure. When I
> did this, I found that only pinentry-gtk-2 exhibits this issue (note
> that pinentry is a symlink to pinentry-gtk-2). In particular,
> pinentry-curses, pinentry-tty, and pinentry-gnome3 all worked for me.
>
> Is anyone able to reproduce the issue using pinentry-gtk-2? The
> following steps should reproduce the issue:
>
> * Log into a GNOME session on (a recently updated) GuixSD.
>
> * In $HOME/.gnupg/gpg-agent.conf, set pinentry-program to
> pinentry-gtk-2, for example:
>
> pinentry-program /home/marusich/.guix-profile/bin/pinentry-gtk-2
>
> * If the gpg-agent process is running, kill it to make sure it loads the
> new gpg-agent.conf.
>
> * Try to sign a message, e.g.:
>
> echo hello > /tmp/message
> gpg --sign /tmp/message
>
> You should get the error very frequently.

Could you report these steps upstream? That does not seem to be
Guix-specific, though I suppose other distros probably install
pinentry-gnome3 automatically when you install GNOME, such that the
problem doesn’t show up.

Toggle quote (6 lines)
>> ISTR that GNOME has a hack to force its own Pinentry tool. Could it be
>> what’s at fault?
>
> Where can I find more info about this hack? I did some Internet
> searches, but I couldn't find anything specific.

The “hack” I was referring to is probably just pinentry-gnome3.

Toggle quote (4 lines)
> This bug is no longer blocking me, since I can use pinentry-gnome3, but
> I'm still concerned about the fact that pinentry-gtk-2 fails very
> frequently, even though it didn't on the previous version.

It seems like bad interaction between pinentry-gtk2 and GNOME.

On this topic, I found
that bug discusses the opposite problem. :-)

Ludo’.
C
C
Chris Marusich wrote on 21 Jan 2017 11:38
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 25328@debbugs.gnu.org)
8737gc66l7.fsf@gmail.com
ludo@gnu.org (Ludovic Courtès) writes:

Toggle quote (5 lines)
> Could you report these steps upstream? That does not seem to be
> Guix-specific, though I suppose other distros probably install
> pinentry-gnome3 automatically when you install GNOME, such that the
> problem doesn’t show up.

I've sent an email to gnupg-devel@gnupg.org asking for help. I'll
update this bug report when I have more to report.

Toggle quote (2 lines)
> The “hack” I was referring to is probably just pinentry-gnome3.

I see.

Toggle quote (10 lines)
>> This bug is no longer blocking me, since I can use pinentry-gnome3, but
>> I'm still concerned about the fact that pinentry-gtk-2 fails very
>> frequently, even though it didn't on the previous version.
>
> It seems like bad interaction between pinentry-gtk2 and GNOME.
>
> On this topic, I found
> <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=791379>. Strangely,
> that bug discusses the opposite problem. :-)

Weird. I'm not sure how to approach bugs like this. I could strace in
the dark and hope to see something that shows me the light, but
hopefully the gnupg email list will know better how to troubleshoot it.

--
Chris
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAliDOiUACgkQ3UCaFdgi
Rp1/XA/9HCJYfMZzxKkb7hK4HL9nu5GBJsh/gwBnVuyO62Yn3IY3CBJRbbKUUoeg
dZvP7dzS1E02PQlzkAbjEPN6sGgsFksqANEZOfb+UGzi2YEn8DqzWOFYoy7RE9JX
sarIS2fGdTe2dF3WxuOS6FF7U4HeMrmfF5cgDudMI8u1xsbMeGRD6uxmGzK6p0JK
bRM/8HkZRM1QRpxZ0OjeHNtFO8/6xnc0xt56r/Hbxj+zDDEEQtqlfzpS5PhEOogS
4c7hSYIpSRSRFqTgZM/8FgBJ+BXsP3h1le9/yH0cCCcw6NTgKfYaHLmafSkKgvXF
w4syiOfcTUOPVwwfsM1TYszvFioYZKi0OR/t9h/PBfAhx/kmfG2oSe9Lf3Z3npJf
SWCVMA7q+iC4rxb83+J0nBA03UihDgZkPgOdkuAGjVpQ5QVu6iOe8L8ONha3GIxv
guV9EGU+02e/zjaQeLA5XHoLfyEN+JPrc1UvXvjscYYa8N3NTcg0aShejhoBgx32
JZlfVg604P5lXgCz7iEpikw+y9NNPIa9Sed9VjVmFL+sOgS5pu47jaf4InR2K+m/
WJ3a6Xa8JN7d2KzsRxns/AEvVY0gZa94J47WfNB9V9hzQy2XbIxVDLVzyWNfKKj8
12EuRz6wyP4yrIiArSWk8TKsTdkx+T8pR/peoAsyAOCv2lc9Hog=
=9Sg0
-----END PGP SIGNATURE-----

C
C
Chris Marusich wrote on 7 May 2017 22:50
Re: pinentry-gtk-2 fails after upgrade to 1.0.0: "Operation cancelled"
(address . gnupg-devel@gnupg.org)(address . 25328@debbugs.gnu.org)
87tw4wtmq4.fsf@gmail.com
Chris Marusich <cmmarusich@gmail.com> writes:

Toggle quote (65 lines)
> Hi,
>
> Since upgrading pinentry-gtk-2 from 0.9.7 to 1.0.0, I've noticed some
> strange behavior. Whenever I try to do something that requires access
> to my secret key, no window appears, and I get an error like the
> following:
>
> $ gpg --sign /tmp/message
> gpg: signing failed: Operation cancelled
> gpg: signing failed: Operation cancelled
> $
>
> Is this expected behavior with 1.0.0?
>
> This happens about 90% of the time. About 10% of the time, a pinentry
> window actually does pop up. When using version 0.9.7, a pinentry
> window popped up 100% of the time. I expected the behavior of 1.0.0 to
> be the same.
>
> My software versions are:
>
> * GuixSD 0.12.0
> * GNOME 3 (GNOME shell 3.22.2)
> * gnupg 2.1.16
> * pinentry-gtk-2 1.0.0
>
> My ~/.gnupg/gpg-agent.conf file contains the following single line:
>
> pinentry-program /home/marusich/.guix-profile/bin/pinentry-gtk-2
>
> When I change my gpg-agent.conf file to use pinentry-gnome3 ,
> pinentry-curses, or pinentry-tty (and I kill gpg-agent to make sure it
> uses the modified file), the problem doesn't occur.
>
> When I keep pinentry-gtk-2 in my gpg-agent.conf file, and I log into an
> Xfce session, the problem doesn't occur. Likewise, when I log in via a
> virtual terminal (e.g. the kind you can get by pressing Control+Alt+F2),
> the problem doesn't occur.
>
> In other words, the problem only seems to occur when I use
> pinentry-gtk-2 as my pinentry-program, and I'm logged into a GNOME 3
> session. The problem occurs regardless of what program I am running
> inside of that GNOME 3 session; for example, it happens in emacs when
> emacs tries to automatically decrypt files ending in ".gpg", too.
>
> Here's how to reproduce the issue:
>
> * Log into a GNOME session on (a recently updated) GuixSD.
>
> * In $HOME/.gnupg/gpg-agent.conf, set pinentry-program to
> pinentry-gtk-2, for example:
>
> pinentry-program /home/marusich/.guix-profile/bin/pinentry-gtk-2
>
> * If the gpg-agent process is running, kill it to make sure it loads the
> new gpg-agent.conf.
>
> * Open up any terminal (GNOME terminal and emacs' "M-x term" will both
> reproduce the issue) to sign a message, e.g.:
>
> echo hello > /tmp/message
> gpg --sign /tmp/message
>
> You should get the error very frequently.

Did anybody get this message? I sent it in January of 2017, but I can't
find it in the online archives, so I'm worried maybe it never got
delivered:


This time, I've CC'd 25328@debbugs.gnu.org so that my email gets
delivered to at least one location for posterity.

--
Chris
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlkPiLMACgkQ3UCaFdgi
Rp2keg/9FfBPfT7fJECQ6ULV/UhMZJ3av2WR9sbWGcAcuPp8dN0HL/ePewWb0Oq1
0ObJDrexo0pWJaV6jbmHbVqG+JYbnUtI2VzKSmif9mIa2gZeJnTuOqfT1cv51/zb
xI4njpGWxGOU0erlju2XzlxVtd+dNPG5Y4cugNlwwWYjdOHNsK5sJdIT1Zk3rZJD
17xCdbOwNyQb3SaOD+IP2tVeTtoYOWY+FT8CGhpaQR+C8kDIdF5iBaGPYnYbaEmg
Zda3+HJWLyn2uueYIHJyMtGiQ9GpSNjRz/yzh+2ElnZ0MR7uarDQzRHbJwsgmg3M
IsgRO2pXE+iw9khrLsFcan/aU+qlPirTDQz19LRs8r5WzGheZZhqTxj3e3SfG31h
ly3aByW/35Xf6CwYlIKPjM/h9ADutqHhE6yMWT1YPXKAcIq7g+JIInWjzz5oyOfU
QKzrLzqCXNXnO2R5nVxNW/bGRiJNvJC41Z9P3biQfmS13g7VwoDTK4kupj8r6VEQ
G7pP0ODo3lR1uzkUteFamwcptsYfnxkzXs29MzAMK6RkUx/jBtO2RGAkMUnorf0U
KgyEVrNlTUDKcYaoRI8TthpqF810PkH2iBr1Mv0udSBP/wT1Wu4qcwvAZOsE0/Vk
Zb5kBHW0YmcDl12cevo93IFqgk9mkEdCuTSSnLFlYii1efJnG7A=
=NMwF
-----END PGP SIGNATURE-----

A
A
Arun Isaac wrote on 8 May 2017 00:15
Re: bug#25328: pinentry-gtk-2 fails after upgrade to 1.0.0: "Operation cancelled"
(address . 25328@debbugs.gnu.org)
42903767.AEQAKKXjfu8AAAAAAAAAAAO8QtMAAAACwQwAAAAAAAW9WABZD5yp@mailjet.com
Toggle quote (9 lines)
>> Since upgrading pinentry-gtk-2 from 0.9.7 to 1.0.0, I've noticed some
>> strange behavior. Whenever I try to do something that requires access
>> to my secret key, no window appears, and I get an error like the
>> following:
>>
>> $ gpg --sign /tmp/message
>> gpg: signing failed: Operation cancelled
>> gpg: signing failed: Operation cancelled

I am experiencing the exact same problem with pinentry-gtk-2 in exwm
(Emacs X Window Manager). The pinentry window seems to get closed
immediately after it appears. I thought that this was some bug in
exwm. But, now that you mention this, maybe something's wrong with
pinentry-gtk-2.
L
L
Leo Famulari wrote on 8 May 2017 01:33
(name . Arun Isaac)(address . arunisaac@systemreboot.net)(address . 25328@debbugs.gnu.org)
20170507233359.GA20778@jasmine
On Mon, May 08, 2017 at 03:45:40AM +0530, Arun Isaac wrote:
Toggle quote (15 lines)
> >> Since upgrading pinentry-gtk-2 from 0.9.7 to 1.0.0, I've noticed some
> >> strange behavior. Whenever I try to do something that requires access
> >> to my secret key, no window appears, and I get an error like the
> >> following:
> >>
> >> $ gpg --sign /tmp/message
> >> gpg: signing failed: Operation cancelled
> >> gpg: signing failed: Operation cancelled
>
> I am experiencing the exact same problem with pinentry-gtk-2 in exwm
> (Emacs X Window Manager). The pinentry window seems to get closed
> immediately after it appears. I thought that this was some bug in
> exwm. But, now that you mention this, maybe something's wrong with
> pinentry-gtk-2.

Chiming in to say that Guix's pinentry-gtk-2 works fine for me on Debian
unstable.
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlkPrucACgkQJkb6MLrK
fwhogw//c3wKwC7TjFSEC3pU0BokZAKUr8Qrubfvi7+ZAMnY2EhwT52k4VxUMHWS
BcF0SEPTJ35+T+iF7oFPEkieTdZKfkqPmEQ4dcc8scpUPRPAf+sWAeZI26dt7Ia1
inhSPMMjcV9f0OpIoSITnmQcatHADTdizIGJr7SAAr/zyfBk9F/tVF+G3C2AF2Cp
T0Cgp33Tbl/RQsCo85Rqs+mCXXypsFzWHogDvCxMaflACvtSTZiMbrQjfitaXMYY
2yJQ+uwcuY/dbZTOiCq+XD1gXmY/hKiCd27dLJqNedLPkrevBvrp1imPd3UHY8pd
/hzqcuN6AGhVW6iI7Tm9vXcGLVLLUeQmSL97947kcQTUtI6p2BMpQLacIRy0/L1X
iPjtr103NS8zbajsMIXp2wpHasTfaEf9Vi5MDua3a6eJ+yF9Q/AYiF3tpygBC9ml
dU0L4H0dULLVyWM7F17/oEcFzsUZJRa3LOzZ6JbnhUxNAohoqzXbZHE53Z3DH/9I
A/3mITVmvN7wvBb5JDIqVg2TfW0s3j0zjG8IwY8Ykbdu1OSytrUhrb4dteg1zfQg
bWfQWvdZXQiCBDK1N1yG54p+9+KAvRy5p8tBEacLfxTTFrrd1P0ISWMCE4263QMB
URnhdhBgJMN3cYjECtcKuwvjtbKD7zVTrDnF/bgWZGsLqKjzGgo=
=t4+P
-----END PGP SIGNATURE-----


C
C
Chris Marusich wrote on 10 May 2017 09:46
(address . 25328@debbugs.gnu.org)
8737cd5f2t.fsf@gmail.com
Chris Marusich <cmmarusich@gmail.com> writes:

Toggle quote (76 lines)
> Chris Marusich <cmmarusich@gmail.com> writes:
>
>> Hi,
>>
>> Since upgrading pinentry-gtk-2 from 0.9.7 to 1.0.0, I've noticed some
>> strange behavior. Whenever I try to do something that requires access
>> to my secret key, no window appears, and I get an error like the
>> following:
>>
>> $ gpg --sign /tmp/message
>> gpg: signing failed: Operation cancelled
>> gpg: signing failed: Operation cancelled
>> $
>>
>> Is this expected behavior with 1.0.0?
>>
>> This happens about 90% of the time. About 10% of the time, a pinentry
>> window actually does pop up. When using version 0.9.7, a pinentry
>> window popped up 100% of the time. I expected the behavior of 1.0.0 to
>> be the same.
>>
>> My software versions are:
>>
>> * GuixSD 0.12.0
>> * GNOME 3 (GNOME shell 3.22.2)
>> * gnupg 2.1.16
>> * pinentry-gtk-2 1.0.0
>>
>> My ~/.gnupg/gpg-agent.conf file contains the following single line:
>>
>> pinentry-program /home/marusich/.guix-profile/bin/pinentry-gtk-2
>>
>> When I change my gpg-agent.conf file to use pinentry-gnome3 ,
>> pinentry-curses, or pinentry-tty (and I kill gpg-agent to make sure it
>> uses the modified file), the problem doesn't occur.
>>
>> When I keep pinentry-gtk-2 in my gpg-agent.conf file, and I log into an
>> Xfce session, the problem doesn't occur. Likewise, when I log in via a
>> virtual terminal (e.g. the kind you can get by pressing Control+Alt+F2),
>> the problem doesn't occur.
>>
>> In other words, the problem only seems to occur when I use
>> pinentry-gtk-2 as my pinentry-program, and I'm logged into a GNOME 3
>> session. The problem occurs regardless of what program I am running
>> inside of that GNOME 3 session; for example, it happens in emacs when
>> emacs tries to automatically decrypt files ending in ".gpg", too.
>>
>> Here's how to reproduce the issue:
>>
>> * Log into a GNOME session on (a recently updated) GuixSD.
>>
>> * In $HOME/.gnupg/gpg-agent.conf, set pinentry-program to
>> pinentry-gtk-2, for example:
>>
>> pinentry-program /home/marusich/.guix-profile/bin/pinentry-gtk-2
>>
>> * If the gpg-agent process is running, kill it to make sure it loads the
>> new gpg-agent.conf.
>>
>> * Open up any terminal (GNOME terminal and emacs' "M-x term" will both
>> reproduce the issue) to sign a message, e.g.:
>>
>> echo hello > /tmp/message
>> gpg --sign /tmp/message
>>
>> You should get the error very frequently.
>
> Did anybody get this message? I sent it in January of 2017, but I can't
> find it in the online archives, so I'm worried maybe it never got
> delivered:
>
> https://lists.gnupg.org/pipermail/gnupg-devel/
>
> This time, I've CC'd 25328@debbugs.gnu.org so that my email gets
> delivered to at least one location for posterity.

Looks like I might need to be subscribed to gnupg-devel in order to post
to it, so I've subscribed for this purpose. I'll update this bug report
again if my message actually shows up in the gnupg-devel list.

--
Chris
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlkSxWoACgkQ3UCaFdgi
Rp3Xvg//ceRt0JzKveu6ycEbk5VOjFyWE2K7ufqIZLQw8iqQcATii9vQ5xyDkFJi
VzqiyEgcF9Tw1fOKyKqVeqTIBrAYMNRS8ZsCZvOVzvYr+QN2C4dYggQfrkqyrXtj
NStzgY/F4h1RpBI/pSFQOBsIriPcK+/xN3A65r6oD80D1dF7oQPPZxXUNXUEBnku
o3hm/2PK+SrBCmxk9v9Nfauh1pVJkkXEbCTXTxoZe5ms3VXi18ej9TfGUKXwfwT1
YRVK+Kk0p3jw1z8p2Zsj7NoXRq+nqh08qiYl1d6pBU6k7rJ5ySgD9X+yclPjLDkT
ZP1TX0eRJCwT0tRtphvV9z6iHMaStit0tCucV/1n2SWufPAFfjMmlzozsBK1P6x5
38tII1OKIYOaVBzNLklKBSN/+LzE8AOMv26dyP4A/fgN4rncvi0CwF7SkTZMVF4I
SD1wQ9kmzepJMsawwqnQic3UEweP6vMR9JXpsNGzQkjZr+rbhngRdR7yLe/GCt8c
eTxVCoxnDmugzm8jbhkpp3UY3CMeDX6sRe8bZ/T6zkWF6EwEHayy9mlYzt9uKLKS
/QJqGS0PqeWmJ6ITJiPgirPFQE3WhOaW/FoFt1EyjqdqAlNlYJCQMJr34klCvHTZ
/xcTIm7KcjC40Wb3bq7HsI3VuQjtbEqr8SG7vPnZyrqg4kfzlYc=
=4trK
-----END PGP SIGNATURE-----

C
C
Chris Marusich wrote on 10 May 2017 10:00
(address . gnupg-devel@gnupg.org)(address . 25328@debbugs.gnu.org)
87shkd3zvm.fsf@gmail.com
Chris Marusich <cmmarusich@gmail.com> writes:

Toggle quote (76 lines)
> Chris Marusich <cmmarusich@gmail.com> writes:
>
>> Hi,
>>
>> Since upgrading pinentry-gtk-2 from 0.9.7 to 1.0.0, I've noticed some
>> strange behavior. Whenever I try to do something that requires access
>> to my secret key, no window appears, and I get an error like the
>> following:
>>
>> $ gpg --sign /tmp/message
>> gpg: signing failed: Operation cancelled
>> gpg: signing failed: Operation cancelled
>> $
>>
>> Is this expected behavior with 1.0.0?
>>
>> This happens about 90% of the time. About 10% of the time, a pinentry
>> window actually does pop up. When using version 0.9.7, a pinentry
>> window popped up 100% of the time. I expected the behavior of 1.0.0 to
>> be the same.
>>
>> My software versions are:
>>
>> * GuixSD 0.12.0
>> * GNOME 3 (GNOME shell 3.22.2)
>> * gnupg 2.1.16
>> * pinentry-gtk-2 1.0.0
>>
>> My ~/.gnupg/gpg-agent.conf file contains the following single line:
>>
>> pinentry-program /home/marusich/.guix-profile/bin/pinentry-gtk-2
>>
>> When I change my gpg-agent.conf file to use pinentry-gnome3 ,
>> pinentry-curses, or pinentry-tty (and I kill gpg-agent to make sure it
>> uses the modified file), the problem doesn't occur.
>>
>> When I keep pinentry-gtk-2 in my gpg-agent.conf file, and I log into an
>> Xfce session, the problem doesn't occur. Likewise, when I log in via a
>> virtual terminal (e.g. the kind you can get by pressing Control+Alt+F2),
>> the problem doesn't occur.
>>
>> In other words, the problem only seems to occur when I use
>> pinentry-gtk-2 as my pinentry-program, and I'm logged into a GNOME 3
>> session. The problem occurs regardless of what program I am running
>> inside of that GNOME 3 session; for example, it happens in emacs when
>> emacs tries to automatically decrypt files ending in ".gpg", too.
>>
>> Here's how to reproduce the issue:
>>
>> * Log into a GNOME session on (a recently updated) GuixSD.
>>
>> * In $HOME/.gnupg/gpg-agent.conf, set pinentry-program to
>> pinentry-gtk-2, for example:
>>
>> pinentry-program /home/marusich/.guix-profile/bin/pinentry-gtk-2
>>
>> * If the gpg-agent process is running, kill it to make sure it loads the
>> new gpg-agent.conf.
>>
>> * Open up any terminal (GNOME terminal and emacs' "M-x term" will both
>> reproduce the issue) to sign a message, e.g.:
>>
>> echo hello > /tmp/message
>> gpg --sign /tmp/message
>>
>> You should get the error very frequently.
>
> Did anybody get this message? I sent it in January of 2017, but I can't
> find it in the online archives, so I'm worried maybe it never got
> delivered:
>
> https://lists.gnupg.org/pipermail/gnupg-devel/
>
> This time, I've CC'd 25328@debbugs.gnu.org so that my email gets
> delivered to at least one location for posterity.

I can no longer reproduce this issue. I tried following the steps above
on my current GuixSD system, and the problem does not occur. It seems
like pinentry-gtk-2 works fine now, which is curious because the version
is still 1.0.0. I don't know why it works now but didn't earlier.

My emails never seem to have made it to the gnupg-devel list, but in
this case I suppose it doesn't matter any more. I think we can resolve
this bug report, unless someone else can reproduce the issue reliably.

--
Chris
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlkSyJ0ACgkQ3UCaFdgi
Rp08KQ//WDdZpv6h6rS4vvjLNSpPp1wSddx8U3F5ruzD8Cm6vnK3teFDFo0Eb1g4
m0q29hohqt4hkYLKi/c1qkItVwWug/QwU7PTH2bWOkAzW1wYYdRaB/Ck/COKf6Ed
FQnmQydd4cF/x/Pvk15VkThgDLw+uO3D2McqY53jmaIPp6k/R+Vz1ifYsleNim6Y
w2CA8zE7A7MIaX8IUzS3TRIy3Qi1XNhKsffoDE5+YiHoEH8HACqVx96EQ8O0aRJv
xOuoVZuthTrM8gQhGeRV33uoE2XMreW3tl6Olmf74gRO4w8wtwetEV/+Hw6nw3lu
bJzG8qg6HJB2LzDZD6pFBMaUtALSMX25rxiwurVKZKjKqQ92h+4aG0iWuPZa4rLP
i+0X24pP7V7oj0RJNXJjv0oUyTkg598rPpHmXXIyIBxDhH2cmdnCHhhNpWFjUWpT
llQ29LRVosOG+qgzMn8W059pi302B/6Frd5xlHX2rQ1FMxDwSSvXkCp2n28kJ3+w
6RRl/KN58CMYftubqBO6a4BCssvabDCBclO7XZTBpN4J6Q/47KU2W2D4xHW0dCIV
d5KSSsBtcS2xHrhFk82/8/2mkh0Unhn4y0hmuEYePiHukfqmUFLJj/WQtKhT8YLe
QI/1ArMnVlJswJIxXMCe6QnL7C+1/m16RkqYlPN1c0ucdyFIabs=
=x8Ei
-----END PGP SIGNATURE-----

L
L
Ludovic Courtès wrote on 10 May 2017 14:06
control message for bug #25328
(address . control@debbugs.gnu.org)
87h90svrty.fsf@gnu.org
tags 25328 unreproducible
close 25328
A
A
Attila Lendvai wrote on 8 Nov 2021 14:40
(No Subject)
(name . control@debbugs.gnu.org)(address . control@debbugs.gnu.org)
rmya5uECVsdyOwekcgskD5cLoQ1MNvF06kfIU08joJI-jm6tgCwo4g81i3erWIor9l0L6FjBefQYT4VORcDL_Y_Cv4ZqGlKjg__w999KgZU=@lendvai.name
unarchive 25328
Attachment: file
?