2009/5/20 Chris Babcock <cbabc...@kolonelpanic.com>: > > In .bash_profile, you will have something *like* this: > if test -f $HOME/.gpg-agent-info && kill -0 `cut -d: -f 2 > [cut]
Nothing like that b...@foo:~> grep -ir gpg-agent /etc/bash* 2>/dev/null b...@foo:~> grep -ir gpg-agent /etc/profile* 2>/dev/null b...@foo:~> Nothing in ~/.bash* or ~/.profile* either. 2009/5/20 Steven W. Orr <ste...@syslang.net>: > > If you log in via X I don't. Never have. The machine doesn't have X installed. Both the replies so far have made me realised that I'm guilty of neglecting to include some relevant info. When logged in via ssh, the session in which I do get prompted to enter the passphrase, the output is as follows. gpg: using PGP trust model gpg: key B97DE878: accepted as trusted key You need a passphrase to unlock the secret key for user: "Bob" 4096-bit RSA key, ID B97DE878, created 2009-05-19 can't connect to `/home/bob/.gnupg/S.gpg-agent': No such file or directory gpg: no running gpg-agent - starting one [I am prompted to enter my passphrase via some sort of ncurses interface. From output of strace it appears to be /usr/bin/pinentry-curses] File `/home/bob/rpmbuild/RPMS//repodata/repomd.xml.asc' exists. Overwrite? (y/N) y gpg: writing to `/home/bob/rpmbuild/RPMS//repodata/repomd.xml.asc' gpg: RSA/SHA1 signature from: "B97DE878 Bob" The "can't connect to `/home/bob/.gnupg/S.gpg-agent': No such file or directory" message appears in both sessions. Hence the appearance of this message does not appear to be related to my not being prompted to enter the passphrase. Also GPG_AGENT_INFO is not set in either the ssh or su sessions. Hence it being set up properly or otherwise does not appear to be relevant to my not being prompted to enter the passphrase in a su session. Further investigation today reveals: If I dump the output of env in the ssh session and in the su session to files and then run diff I get b...@foo:~> diff /tmp/env_ssh /tmp/env_su 8d7 < TERM=xterm 9a9 > TERM=xterm 12d11 < SSH_CLIENT=XXX.XXX.XXX.XXX 56278 22 15d13 < SSH_TTY=/dev/pts/0 26c24 < MAIL=/var/mail/bob --- > MAIL=/var/spool/mail/bob 29d26 < SSH_SENDS_LOCALE=yes 47d43 < SSH_CONNECTION=XXX.XXX.XXX.XXX 56278 YYY.YYY.YYY.YYY 22 SSH_TTY is set in the ssh session but not the su session. Setting it in the su session to the value it's set for by the user that ran su doesn't help. (I.e. if I log in via ssh then check the value of SSH_TTY, su to bob then set SSH_TTY to that value.) When bob logs in, via ssh or via su, no gpg-agent process is started. Under both sessions, after the attempt is made to sign a file, no gpg-agent process is running. So when gpg says "gpg: no running gpg-agent - starting one" presumably it starts one then kills it again after the passphrase entry. Under the su session, if I start a gpg-agent process manually I get this: b...@foo:~> eval $(gpg-agent --daemon) b...@foo:~> ps aux | grep gpg bob 356 0.0 0.0 4016 480 ? Ss 11:14 0:00 gpg-agent --daemon bob 358 0.0 0.0 3232 728 pts/0 S+ 11:14 0:00 grep gpg b...@foo:~> echo $GPG_AGENT_INFO /tmp/gpg-K81hbj/S.gpg-agent:356:1 b...@foo:~> gpg -a --detach-sign ~/rpmbuild/RPMS/repodata/repomd.xml You need a passphrase to unlock the secret key for user: "Bob" 4096-bit RSA key, ID B97DE878, created 2009-05-19 gpg: cancelled by user gpg: no default secret key: General error gpg: signing failed: General error Again I'm not prompted to enter the passphrase. So maybe the problem is that under su, gpg-agent fails to launch /usr/bin/pinentry (which in turn decides whether to launch pinentry-curses, or a QT or GTK equivalent). If I run gpg under strace and look through the output there is no mention of /usr/bin/pinentry being called, but there is in the ssh session. Why no attempt is to launch /usr/bin/pinentry though I have not been able to determine. thanks, mike _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
