Re: Constantly restarting gpg-agent

2019-08-28 Thread Peter Lebbing 
On 26/08/2019 01:26, Farhan Khan via Gnupg-users wrote:
> I use gnupg to sign my git commits, but after a few hours of use I
> have to restart gpg-agent. Before doing so, what I presume is
> gpg-agent asks me to re-enter my password on a random terminal (but it
> seems to drop characters and never works).

Ah yes, when I use the agent for SSH authentication and it picks the
wrong terminal, if on that terminal bash is active, they seem to race
for stdin. Some of the characters typed go to the pinentry, and some go
to bash. The characters for bash are echoed to the screen. It's a great
way to get part of your passphrase in .bash_history! :-D

But for gpg, this should not happen. gpg will pass the terminal and/or
the X display to the agent, which enables the agent to prompt on the
correct terminal.

You could try debugging the agent. If I add the following to my
.gnupg/gpg-agent.conf:

--8<---cut here---start->8---
debug ipc
log-file agent.log
--8<---cut here---end--->8---

and then issue "gpgconf --kill gpg-agent", the agent that will be
subsequently started will log inter-process communication to the file
agent.log in my homedir ($HOME, not $GNUPGHOME). There I can see a git
commit signing passing the needed information:

--8<---cut here---start->8---
2019-08-28 12:17:46 gpg-agent[21792] DBG: chan_9 <- OPTION 
ttytype=screen.xterm-256color
2019-08-28 12:17:46 gpg-agent[21792] DBG: chan_9 -> OK
2019-08-28 12:17:46 gpg-agent[21792] DBG: chan_9 <- OPTION display=:0.0
2019-08-28 12:17:46 gpg-agent[21792] DBG: chan_9 -> OK
2019-08-28 12:17:46 gpg-agent[21792] DBG: chan_9 <- OPTION 
xauthority=/home/peter/.Xauthority
2019-08-28 12:17:46 gpg-agent[21792] DBG: chan_9 -> OK
2019-08-28 12:17:46 gpg-agent[21792] DBG: chan_9 <- OPTION 
putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
2019-08-28 12:17:46 gpg-agent[21792] DBG: chan_9 -> OK
--8<---cut here---end--->8---

Is it perhaps possible that you run something which unsets environment
variables crucial to passing the TTY information to the agent? Have
a look at the debug log the moment you encounter the issue again, and
compare the conversation with an earlier one that did work.

> As a result, the git commit fails. I have to kill
> gpg-agent and restart it as "gpg-agent --daemon", which then works.

Killing the agent is fine. You shouldn't need to restart it; it is
autostarted and in fact it might interfere with the proper functioning
if you explicitly start it but with different options set than the
autostart would do.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Restarting gpg-agent

2010-03-15 Thread Peter Pentchev 
On Sun, Mar 14, 2010 at 10:16:00PM +0100, Michel Messerschmidt wrote:
 On Sun, Mar 14, 2010 at 12:24:14PM -0700, James Moe wrote:
  Hello,
opensuse v11.2, linux 2.6.31.12-0.1-desktop x86_64, gpg v2.0.12.
The docs at http://www.gnupg.org/ cover starting gpg-agent pretty
  well. What is missing is how to re-start it.
If gpg-agent is terminated for some reason, or the system is booted,
  the file .gpg-agent.info is left behind. Because the file exists, when
  .bashrc is run it detects the file and does not start gpg-agent.
Is there some way to:
  1. Detect if gpg-agent is running. If not, erase .gpg-agent.info, or
  2. Erase .gpg-agent.info at boot time.
 
 
 This works for me (in .bashrc):

A good idea, and well written :)  Just one minor thing...

 # start gpg-agent if no running instance is found
 if test -z ${GPG_AGENT_INFO} ||
! kill -0 `grep GPG_AGENT_INFO ${GA_INFO_FILE} | cut -d: -f 2 -` 
 2/dev/null; then

In this way, you risk a false positive if gpg-agent has died (or not
been started at all, but a .gpg-agent.info file has been left over)
and there is another process with the same process ID.  This *can*
happen, whether by random chance at system startup, or by random
chance on a long-running system with PID's wrapping around.
A slightly better (if somewhat more convoluted) way could be
something like:

gpg_agent_pid=''
gpg_agent_running=''
if [ -n ${GPG_AGENT_INFO} ]  [ -r $GA_INFO_FILE ]; then
gpg_agent_pid=`grep GPG_AGENT_INFO ${GA_INFO_FILE} | cut -d: -f 2 -`
fi
if [ -n $gpg_agent_pid ] 
   expr x$gpg_agent_pid : 'x[0-9]*$'  /dev/null; then
if pgrep gpg-agent | fgrep -qw $gpg_agent_pid  /dev/null; then
gpg_agent_running='1'
fi
fi

if [ -n $gpg_agent_running ]; then

...

fi

Please don't take this as criticism, just an idea :)  And, of course,
it assumes that the OS has pgrep(1).

G'luck,
Peter

-- 
Peter Pentchev  r...@ringlet.netr...@space.bgr...@freebsd.org
PGP key:http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13
What would this sentence be like if pi were 3?


pgpTFvqo00XDR.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Restarting gpg-agent

2010-03-15 Thread Werner Koch 
On Mon, 15 Mar 2010 11:58, r...@ringlet.net said:

 # start gpg-agent if no running instance is found
 if test -z ${GPG_AGENT_INFO} ||
! kill -0 `grep GPG_AGENT_INFO ${GA_INFO_FILE} | cut -d: -f 2 -` 
 2/dev/null; then

 In this way, you risk a false positive if gpg-agent has died (or not
 been started at all, but a .gpg-agent.info file has been left over)

I have not follewed this thread.  However the code above is far too
complex.  For years gpg-agent is able to test whether it is already
running, just call gpg-agent and don't pass the --daemon option:

  $ gpg-agent
  gpg-agent: gpg-agent running and available
  $ echo $?
  0
  $ GPG_AGENT_INFO= gpg-agent
  gpg-agent: no gpg-agent running in this session
  $ echo $?
  2



Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Restarting gpg-agent

2010-03-15 Thread Benjamin Donnachie 
On 15 March 2010 16:54, Werner Koch w...@gnupg.org wrote:
 For years gpg-agent is able to test whether it is already
 running, just call gpg-agent and don't pass the --daemon option:

This is what I use the fall back as part of MacGPG2:

(* start-gpg-agent
   Part of the MacGPG2 project - http://macgpg2.sourceforge.net

   Released under v3 of the GPL
 *)

-- Sleep for two seconds.

delay 2

-- Try to contact gpg-agent

set gpgAgentRunning to do shell script /usr/local/bin/gpg-agent 
/dev/null; echo $?; exit 0

-- If that fails, look for env file.

if gpgAgentRunning  0 then
set gpgAgentRunning to do shell script [ -f $HOME/.gpg-agent-info ]
 (source $HOME/.gpg-agent-info  export GPG_AGENT_INFO 
/usr/local/bin/gpg-agent  /dev/null) ; echo $?; exit 0
end if

-- If that also fails, start a new copy of gpg-agent

if gpgAgentRunning  0 then
do shell script /usr/local/bin/gpg-agent --daemon
--use-standard-socket --write-env  /dev/null
end if


Should be easy to understand and implement in another scripting language.

Ben

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Restarting gpg-agent

2010-03-14 Thread James Moe 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello,
  opensuse v11.2, linux 2.6.31.12-0.1-desktop x86_64, gpg v2.0.12.
  The docs at http://www.gnupg.org/ cover starting gpg-agent pretty
well. What is missing is how to re-start it.
  If gpg-agent is terminated for some reason, or the system is booted,
the file .gpg-agent.info is left behind. Because the file exists, when
.bashrc is run it detects the file and does not start gpg-agent.
  Is there some way to:
1. Detect if gpg-agent is running. If not, erase .gpg-agent.info, or
2. Erase .gpg-agent.info at boot time.

- -- 
James Moe
jimoe at sohnen-moe dot com
520.743.3936
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkudN90ACgkQzTcr8Prq0ZMySACgkW6NISv89nIdgQaeTSdGIpgf
1gIAoKJDb4iDdwoi60iNBAjFLVBhORq0
=MkjM
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Restarting gpg-agent

2010-03-14 Thread Doug Barton 
On 03/14/10 12:24, James Moe wrote:
 Hello,
   opensuse v11.2, linux 2.6.31.12-0.1-desktop x86_64, gpg v2.0.12.
   The docs at http://www.gnupg.org/ cover starting gpg-agent pretty
 well. What is missing is how to re-start it.
   If gpg-agent is terminated for some reason, or the system is booted,
 the file .gpg-agent.info is left behind. Because the file exists, when
 .bashrc is run it detects the file and does not start gpg-agent.
   Is there some way to:
 1. Detect if gpg-agent is running. If not, erase .gpg-agent.info, or
 2. Erase .gpg-agent.info at boot time.

http://dougbarton.us/PGP/index.html, click on the link for the gpg-agent
script.


hth,

Doug

-- 

... and that's just a little bit of history repeating.
-- Propellerheads

Improve the effectiveness of your Internet presence with
a domain name makeover!http://SupersetSolutions.com/


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Restarting gpg-agent

2010-03-14 Thread Michel Messerschmidt 
On Sun, Mar 14, 2010 at 12:24:14PM -0700, James Moe wrote:
 Hello,
   opensuse v11.2, linux 2.6.31.12-0.1-desktop x86_64, gpg v2.0.12.
   The docs at http://www.gnupg.org/ cover starting gpg-agent pretty
 well. What is missing is how to re-start it.
   If gpg-agent is terminated for some reason, or the system is booted,
 the file .gpg-agent.info is left behind. Because the file exists, when
 .bashrc is run it detects the file and does not start gpg-agent.
   Is there some way to:
 1. Detect if gpg-agent is running. If not, erase .gpg-agent.info, or
 2. Erase .gpg-agent.info at boot time.


This works for me (in .bashrc):

export GNUPGHOME=${HOME}/.gnupg
GPGAGENT=/usr/bin/gpg-agent
GA_INFO_FILE=${GNUPGHOME}/gpg-agent-info-$(hostname)
# check that gpg-agent is executable and enabled in the gpg config
if grep -qs '^[[:space:]]*use-agent' ${GNUPGHOME}/gpg.conf 
   test -x ${GPGAGENT}; then
# always re-read the gpg-agent info file to find the running instance
if [ -r ${GA_INFO_FILE} ]; then
. ${GA_INFO_FILE}
fi
# start gpg-agent if no running instance is found
if test -z ${GPG_AGENT_INFO} ||
   ! kill -0 `grep GPG_AGENT_INFO ${GA_INFO_FILE} | cut -d: -f 2 -` 
2/dev/null; then
# enable ssh support by default if set in global Xsession options
if grep -qs '^[[:space:]]*use-ssh-agent' /etc/X11/Xsession.options; then
GA_SSH=--enable-ssh-support
fi
# execute gpg-agent and export environment variables
eval $(${GPGAGENT} --daemon ${GA_SSH} --sh 
--write-env-file=${GA_INFO_FILE})
fi
export GPG_AGENT_INFO
export SSH_AUTH_SOCK
export SSH_AGENT_PID
fi


HTH,
Michel

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users