Your message dated Tue, 14 Apr 2015 21:21:20 +0000
with message-id <[email protected]>
and subject line Bug#775702: fixed in signing-party 2.0-1
has caused the Debian Bug report #775702,
regarding caff: The absence of GPG_TTY causes silent caff failures in OSX
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
775702: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775702
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: signing-party
Version: 1.1.4-1
Severity: normal

Initially encountered on OS/X with MacPorts
(https://trac.macports.org/ticket/46601), but reported here
because (a) Debian appears to be the upstream for signing-party/caff
(http://pgp-tools.alioth.debian.org/) and (b) AFAICT by inspection the
same problem would happen on Debian (which I also use), up through the
version in Debian Unstable. (Email generated with reportbug from representative Debian Stable system.)

When using caff with gpg-agent installed and active, but the GPG_TTY
environment variable is not set, certain operations that caff attempts
to get gpg to do silently fail, which cases caff to issue misleading
error messages.  These appear to be primarily the ones where caff is
redirecting stderr to /dev/null (but there may be other cases too).

In particular with GPG_AGENT_INFO=... and GPG_TTY not set, for a
key that _does_ exist, caff is unable to find the key:

-=- cut here -=-
ewen@ashram:~$ caff --keys-from-gnupg -R e4d3e863
[INFO] Key E4D3E863 imported from your normal GnuPGHOME.
[WARN] No public keys found with list-key E4D3E863 (note that caff uses its own keyring in /Users/ewen/.caff/gnupghome).
[NOTICE] No keys to sign found
ewen@ashram:~$
-=- cut here -=-

The problem goes away (ie, caff finds the key) if (a) the caff source
is edited to not redirect stderr in that situation (eg, diff on
https://trac.macports.org/ticket/46601) or (b) GPG_TTY is set.

Even if that particular problem is worked around, caff's use of gpg to
extract the signed subkeys also fails if gpg-agent is in use, but GPG_TTY is not used, resulting in caff exiting without offering to email keys.

By uncommenting trace2 one can see the error report for the latter case:

[trace2] stderr is now GPG_TTY must be set in shell (cannot determine automatically).

which is what (eventually!) gave me the clue to the underlying cause.

In view of how difficult this is for a user to debug (eg, determine this
is the real cause), especially because caff is deliberately redirecting
stderr to /dev/null and thus hiding the gpg generated error messages
(!!) I think it would be best if caff were to warn about this risk.

Eg, if GPG_AGENT_INFO is set in the environment and GPG_TTY is *not*
set in the environment, then caff should at least issue a warning that
there may be silent failures and unpredictable behaviour (and possibly
should refuse to continue in that situation).

Ewen


-- System Information:
Debian Release: 7.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-686-pae (SMP w/1 CPU core)
Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages signing-party depends on:
ii  gnupg                      1.4.12-7+deb7u6
ii  libc6                      2.13-38+deb7u6
ii  libclass-methodmaker-perl  2.18-1+b1
ii  libgnupg-interface-perl    0.45-1
ii  libmailtools-perl          2.09-1
ii  libmime-tools-perl         5.503-1
ii  libterm-readkey-perl       2.30-4+b2
ii  libtext-template-perl      1.45-2
ii  perl                       5.14.2-21+deb7u2
ii  qprint                     1.0.dfsg.2-2

Versions of packages signing-party recommends:
ii  exim4-daemon-light [mail-transport-agent]  4.80-7+deb7u1
ii  libgd-gd2-noxpm-perl                       1:2.46-2+b1
ii  libpaper-utils                             1.1.24+nmu2
ii  libtext-iconv-perl                         1.7-5
ii  whiptail                                   0.52.14-11.1

Versions of packages signing-party suggests:
ii  imagemagick                8:6.7.7.10-5+deb7u3
pn  mutt                       <none>
pn  texlive-latex-recommended  <none>
pn  wipe                       <none>

-- no debconf information

--- End Message ---
--- Begin Message ---
Source: signing-party
Source-Version: 2.0-1

We believe that the bug you reported is fixed in the latest version of
signing-party, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guilhem Moulin <[email protected]> (supplier of updated signing-party package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 14 Apr 2015 20:02:36 +0200
Source: signing-party
Binary: signing-party
Architecture: source i386
Version: 2.0-1
Distribution: unstable
Urgency: low
Maintainer: Guilhem Moulin <[email protected]>
Changed-By: Guilhem Moulin <[email protected]>
Description:
 signing-party - Various OpenPGP related tools
Closes: 771857 775702 780836
Changes:
 signing-party (2.0-1) unstable; urgency=low
 .
   * caff:
     + Fix broken compatibility with GnuPG 2.1 (2.1.3 and later only; earlier
       2.1.x versions remain unsuported), due to --secret-keyring being ignored
       by the most recent gpg(1).  On those we automaticalyl symlink the
       S.gpg-agent (unless 'no-sign') and S.dirmngr (unless 'no-download')
       sockets to avoid spawning new agents in caff's GNUPGHOME.  This require
       an extra call to gpg(1) at the beginning to determine the version.
       (Closes: #771857)
     + Default $CONFIG{'local-user'} to $CONFIG{'keyid'} rather than importing
       the public part of *all* keys found in the secret keyring.  (When not
       pruning the good keys with -u, gpg(1) croaks with exit status 2 when
       there are secret keys without public part.)
     + Print {error,warnings,notice,info} lines on STDERR.
     + Add a --debug flag to enable debug messages.
     + Deprecate $CONFIG{'gpg-sign'} and $CONFIG{'gpg-delsig'}.
     + Never redirect STDERR.  Send the logger output to /dev/null instead
       (unless in debug mode).  (Closes: #775702)
     + Send attachements and non RFC 2822 UIDs to *all* signed addresses, not
       only those for which the UID is exported.  This is useful when the
       signee has some already signed RFC 2822 UIDs and a freshly added
       attribute, for instance.
     + Use Term::ANSIColor to produce fancy colored output.  Can be configured
       by setting $CONFIG{colors} to a suitable hash; in particular setting
       $CONFIG{colors} = {} reverts to the old uncolored output.
     + Prune keys with import-{clean,minimal} not export-{clean,minimal}.
     + Fix $CONFIG{'also-lsign-in-gnupghome'}: local signatures are directly
       imported from caff's GNUPGHOME to our own; in auto-lsign'ing mode, lsign
       UID for which we have an exportable signature (preserving the signer and
       cert level).
     + Pass the 'keyserver-options' specified in ~/.gnupg/gpg.conf to
       $CONFIG{keyserver} when it is left unset.  (Closes: #780836)
   * gpgsigs:
     + Add a legend with the different signature types.
     + Mark local signatures as 'L' (formerly they were marked as 'S'), and
       expiring -- but not expired -- signatures as 'x'.
   * caff, pgp-clean, pgp-fixkey, gpg-key2latex, gpg-key2ps, gpg-mailkeys,
     gpgdir, gpgparticipants, gpgsigs, keyart, keylookup:
     + Add the possibility to choose the gpg binary via the "GNUPGBIN"
       environment variable.  (Default: "gpg".)
Checksums-Sha1:
 00ab37dd0566007fb4ddd32341ccacbba75fa8a0 1970 signing-party_2.0-1.dsc
 110fdd81e99e92ae1e27015105ca4a4d7d0be166 236249 signing-party_2.0.orig.tar.gz
 28011013447d79723d30e2e8ffba732d31a29f98 17464 
signing-party_2.0-1.debian.tar.xz
 aa7447596c6e7682388023f1da6326bea7b59706 169512 signing-party_2.0-1_i386.deb
Checksums-Sha256:
 ad7f4fc28823ddec9ca65422a4abe7c2195906d0aae0f19ed2121787714783b6 1970 
signing-party_2.0-1.dsc
 cc23e48b2f06dee7cbf7b80ee4dfbed69908cb4584d3d5fa29ed7b2f962ec16e 236249 
signing-party_2.0.orig.tar.gz
 b39980907139f12d24d749b9c14961ccf22aa61c45197ed1692d430b9ea80b12 17464 
signing-party_2.0-1.debian.tar.xz
 82d6025834c970f7e9a789f44e5d101836fb83fbc4a839c40d3010f3ee298107 169512 
signing-party_2.0-1_i386.deb
Files:
 fa0d1915774a500a7beae2659b8c055d 1970 misc extra signing-party_2.0-1.dsc
 2fa1996ebc9374ac96c8da885fbbc438 236249 misc extra 
signing-party_2.0.orig.tar.gz
 54286ff5faeaab55df96a082ec05dbfc 17464 misc extra 
signing-party_2.0-1.debian.tar.xz
 059d9d10382ce28e2a43a856fa2f2b5a 169512 misc extra signing-party_2.0-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJVLVcKAAoJENOaSZw8IaVSd2wP+QF/eCCN7Gwz727sei0aT/Lm
vzbza+UUV8Aw7b+8o8uVv/oFDxeYW7XGfmSNwSEX+mLC+7bwNsjUuzO9QxLxHb2K
zRP3tk5o/wsjmh2GYIV9/fHO6DdD+U9/pWzTtmrmVN9fZYGjmzDcAeEUkRIw57oN
aVh2JIgnow+P9P7Kxh+fKPfYwrb3/Jz6Gm2GCu760d3PdeB6x75ER86Sij+vjxcJ
nnFxeZ6DuTeXPs7ZIFW/OG+gtyml/oS8PzsJ/lp6xp2QfuentWne5ZV9dVFczfag
J/IC5TplQ6URWlYIgdZK4cJ77lzPHeMBFKaORkMa06qCXmVggCpdOcSyBljKf0bd
OMtCJxr0xabR18xU4FxyFGsCertjeMtb3AajKxo8RCaOR8wJhi5LyF0L3MA11KGu
ptN4//liLCf261vYBo4FKFE84sGB51x2AzVonBF1sw0bS4gU4mPHojNIdRoMuXBp
2gv7wQD18JPEXBLgSaBTzuzCV5N5pqj9N4vSqBdwHos0PyO/KIWPx18pDcU2Czgl
URzONj5x+B5cqT6shoaUEAdnBo5iVU9WEUwP28fPDOWL7NzYKo3ypfqZEjJqf/b9
4gb4p4jo6mzwAPq6AUzCzV9dJdlxS7bcOD7UZdveTbtj6H+ShhGJiAkAMIq4fRx4
w2sUwOmNfyYm3DLUQ0jK
=jGWS
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to