Your message dated Sun, 05 Feb 2017 18:47:39 -0500
with message-id <[email protected]>
and subject line Re: problems with misconfigured gnupg-agent and
/etc/X11/Xsession.d/90gpg-agent
has caused the Debian Bug report #367058,
regarding existing wrong ~/.gnupg/gpg-agent.conf prevents window manager from
starting, X still runs
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
367058: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=367058
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: gnupg
Version: 1.4.3-1
Severity: critical
Tags: security
Justification: breaks unrelated software
An exsiting file ~/.gnupg/gpg-agent.conf that is syntactically wrong
disables the window manager from starting. The display manager and x.org
are still running. Even
$ startx /usr/bin/startfluxbox -- :1
does not start a working Fluxbox. Interestingly
$ startx /usr/bin/fluxbox -- :1
works. But it dosn't seem to be an error in /usr/bin/startfluxbox because
the same happens with /usr/bin/startkde and /usr/bin/icewm. One can also
$ startx /usr/X11R6/bin/xterm -- :1
start a plain xterm as window manager. With that one can start kde via
$ startkde
in the xterm. Then one recieves the gpg message that the file
~/.gnupg/gpg-agent.conf has errors. ~/.xsession-errors tells the
errornous lines in ~/.gnupg/gpg-agent.conf.
All this occours in sarge and sid.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-1-amd64-k8
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15)
Versions of packages gnupg depends on:
ii libbz2-1.0 1.0.3-2 high-quality block-sorting file co
ii libc6 2.3.6-7 GNU C Library: Shared libraries
ii libldap2 2.1.30-13 OpenLDAP libraries
ii libreadline5 5.1-7 GNU readline and history libraries
ii libusb-0.1-4 2:0.1.12-2 userspace USB programming library
ii makedev 2.3.1-81 creates device files in /dev
ii zlib1g 1:1.2.3-11 compression library - runtime
gnupg recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 2.1.13-3
On Fri 2014-09-26 17:31:50 -0400, Daniel Kahn Gillmor wrote:
> Reviewing bugs in GnuPG packages, i'm a little worried about
> https://bugs.debian.org/367058 -- it hasn't been resolved in years, and
> it's pretty simple:
>
> On a machine that uses the standard X11 session startup scripts in
> /etc/X11/Xsession.d (this is chosen by
> /etc/alternatives/x-session-manager, i think, and does not include
> gnome-session, but does include openbox-session), a user can lock
> themselves out of X11 entirely with the following changes to their home
> directory:
>
> echo use-agent >> ~/.gnupg/gpg.conf
> echo no-such-option >> ~/.gnupg/gpg-agent.conf
>
> I just tried this on a debian unstable system with gdm3 as the display
> manager and x-session-manager pointing to openbox-session.
I'm happy to say that i think this has been resolved in recent versions
of gnupg-agent. Since the adoption of the standard socket and the
systemd user services (and upstream's auto-launching for non-systemd
machines) were introduced in version 2.1.13-3, the Xsession.d snippet no
longer needs to launch the daemon.
The remaining business of the Xsession.d snippet is to set environment
variables, but those can be pulled directly from gpgconf (which doesn't
return non-zero even when the underlying program it queries does fail
(see the error handling logic in retrieve_options_from_program(), around
line 2156 of tools/gpgconf-comp.c).
So i don't think that a misconfigured gpg-agent.conf file will cause the
same types of login failures as it used to.
--dkg
signature.asc
Description: PGP signature
--- End Message ---
