Package: monkeysign
Version: 1.0
Severity: normal
gpg-agent is a prerequisite for monkeysign. But it seems that it also
can't sign keys just on the console. Here is my setup:
$ unset DISPLAY
$ unset GPG_AGENT_INFO
$ rm -f .gnupg/gpg-agent*
$ gpg-agent --daemon bash
$
With plain gpg, it works:
anarcat@marcos:~$ gpg --command-fd=0 --batch --status-fd=2 --no-tty --lsign-key
12345678
[GNUPG:] GET_BOOL keyedit.sign_all.okay
y
[GNUPG:] GOT_IT
[GNUPG:] GET_BOOL sign_uid.okay
y
[GNUPG:] GOT_IT
[GNUPG:] USERID_HINT 792152527B75921E Antoine Beaupré (work)
<anar...@koumbit.org>
[GNUPG:] NEED_PASSPHRASE 792152527B75921E 792152527B75921E 1 0
┌──────────────────────────────────────────────────────────────────────────────┐
│ Une phrase de passe est nécessaire pour déverrouiller la clef secrète de │
│ l'utilisateur : │
│ « Antoine Beaupré (work) <anar...@koumbit.org> » │
│ clef RSA de 4096 bits, identifiant 7B75921E, créée le 2009-05-29 │
│ │
│ │
│ Phrase de passe incorrecte ; veuillez réessayer │
│ │
│ Passphrase _________________________________________________________________ │
│ │
│ <OK> <Cancel> │
└──────────────────────────────────────────────────────────────────────────────┘
So we see the prompt. However, monkeysign doesn't:
anarcat@marcos:monkeysign$ ./scripts/monkeysign -l --no-mail
71E1102A8EFFC661C5BEC7C04A1EF4955D22D7A6
Preparing to sign with this key
pub [unknown] 4096R/7B75921E 1243621534 [expiry: 1464748981]
Fingerprint = 8DC9 01CE 6414 6C04 8AD5 0FBB 7921 5252 7B75 921E
uid 1 [unknown] Antoine Beaupré (home address) <anar...@anarcat.ath.cx>
uid 2 [unknown] Antoine Beaupré (work) <anar...@koumbit.org>
uid 3 [unknown] Antoine Beaupré <anar...@orangeseeds.org>
uid 4 [unknown] Antoine Beaupré (Debian) <anar...@debian.org>
uid 5 [unknown] Antoine Beaupré <anar...@debian.org>
sub 2048R/D2DF2587 1342619928
sub 4096R/9C5A5581 1243622183
Signing the following key
pub [unknown] 4096R/[...]
[...]
Sign all identities? [y/N] y
Really sign key? [y/N] y
unable to prompt for passphrase, is gpg-agent running?
This last error is new: 1.0 doesn't handle password prompt failures
cleanly, I had to patch it to clean that up.
The backtrace looks something like this:
FOUND: [GNUPG:] GET_BOOL keyedit.sign_all.okay
FOUND: [GNUPG:] GOT_IT
FOUND: [GNUPG:] GET_BOOL sign_uid.okay
FOUND: [GNUPG:] GOT_IT
skipped: [GNUPG:] USERID_HINT 792152527B75921E Antoine Beaupré (work)
<anar...@koumbit.org>
skipped: [GNUPG:] NEED_PASSPHRASE 792152527B75921E 792152527B75921E 1 0
skipped: gpg: annulé par l'utilisateur
skipped: [GNUPG:] MISSING_PASSPHRASE
skipped: [GNUPG:] BAD_PASSPHRASE 792152527B75921E
skipped: gpg: échec de la signature : mauvaise phrase de passe
Traceback (most recent call last):
File "./scripts/monkeysign", line 41, in <module>
u.main()
File "./scripts/../monkeysign/cli.py", line 63, in main
self.sign_key()
File "./scripts/../monkeysign/ui.py", line 286, in sign_key
if not self.tmpkeyring.sign_key(pattern, alluids):
File "./scripts/../monkeysign/gpg.py", line 469, in sign_key
raise GpgRuntimeError(self.context.returncode, _('unable to prompt for
passphrase, is gpg-agent running?'))
monkeysign.gpg.GpgRuntimeError: [Errno 0] unable to prompt for passphrase, is
gpg-agent running?
I noticed that when pinentry is actually started, it is started by
gpg-agent, not by gpg! So monkeysign would need to let go of the
terminal somehow to let pinentry take it over - I am not sure how that
works.
I have noticed similar problems with emacs + notmuch, FWIW - the
workaround is to feed the password to the agent by hand by signing
random data, like this:
gpg -s -a
then fill in the password.
Also note that this can be reproduced with only gpg, so maybe it's a bug there:
anarcat@marcos:~$ echo | gpg -s -a
Une phrase de passe est nécessaire pour déverrouiller la clef secrète de
l'utilisateur : « Antoine Beaupré (work) <anar...@koumbit.org> »
clef RSA de 4096 bits, identifiant 7B75921E, créée le 2009-05-29
gpg: annulé par l'utilisateur
gpg: no default secret key: mauvaise phrase de passe
gpg: signing failed: mauvaise phrase de passe
-- System Information:
Debian Release: 7.1
APT prefers stable
APT policy: (500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages monkeysign depends on:
ii gnupg 1.4.12-7+deb7u1
ii python 2.7.3-4
Versions of packages monkeysign recommends:
ii python-gtk2 2.24.0-3+b1
ii python-qrencode 1.01-2+b1
ii python-zbar 0.10+doc-8
ii python-zbarpygtk 0.10+doc-8
monkeysign suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
