gpg hangs when asking for passphrase

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

gpg hangs when asking for passphrase

Joey Morris
I'm pretty new to GnuPG, having installed it a couple months ago for use with
the pass password manager. Everything was working fine until I rebooted my
computer yesterday, and now gpg hangs at the point where I believe it should ask
me for my key's passphrase. For example, the following command hangs:

  $ cat test.encrypted | gpg --decrypt

After several minutes I kill it with Ctrl-C.

I've tried several things without figuring out the problem:

  - Verified that gpg-agent is running with `pgrep -u "${USER}" gpg-agent`.
  - Restarted gpg-agent with `killall gpg-agent`.
  - Verified that the socket referenced by $GPG_AGENT_INFO exists.
  - Ran `export GPG_TTY=$(tty)` in my terminal.
  - Tried several pinentry variants (tty, curses, qt, gtk). Before rebooting,
    I'd been using pinentry-tty without a problem.

A couple other examples of commands that hang:

  $ gpg-connect-agent reloadagent /bye
  $ gpg --edit-key userid

I'm running version 2.1.18 on debian sid. Does anyone have thoughts on what
might be happening or suggestions for additional troubleshooting?

Thanks.
Joey


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: gpg hangs when asking for passphrase

Peter Lebbing
On 09/05/17 04:34, Joey Morris wrote:
> I'm running version 2.1.18 on debian sid. Does anyone have thoughts on what
> might be happening or suggestions for additional troubleshooting?

Is it possible that this started occuring after upgrading the gnupg
package? 2.1.17-4 (from 10 Jan) introduced using systemd user sessions
for gpg-agent and dirmngr by default. When I had this enabled on Debian
jessie, a connection to the agent would just hang. I figured this had to
do with a difference in systemd between jessie and stretch/sid. But
perhaps you're experiencing a variant of it. Do you have the package
dbus-user-session installed?

I don't know much about systemd, and I don't run stretch or sid. So I
can't help you much. I just recognised your description of connections
hanging. However, that change was introduced several months ago. Perhaps
something else changed more recently that still broke the user session
thingy for you?

HTH,

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: gpg hangs when asking for passphrase

Joey Morris
Peter Lebbing <[hidden email]> wrote on Tue, May 09, 2017 at 11:50:33AM +0200:
> Is it possible that this started occuring after upgrading the gnupg
> package? 2.1.17-4 (from 10 Jan) introduced using systemd user sessions
> for gpg-agent and dirmngr by default. When I had this enabled on Debian
> jessie, a connection to the agent would just hang. I figured this had to
> do with a difference in systemd between jessie and stretch/sid. But
> perhaps you're experiencing a variant of it. Do you have the package
> dbus-user-session installed?

Thanks Peter, I think this is indeed related to the systemd user sessions. Just
to clarify, did you solve your problem by disabling the systemd units, or did
you end up getting it working with them?

Checking my apt logs, I upgraded from gnupg-1.4.19-3 and gnupg2-2.0.28-3 to just
gnupg2-2.1.18-6 on March 18. (So it wasn't a new install of gnupg as I implied
originally.) March 18 is the day I installed pass and started using it, and by
extension, gpg, succesfully. I didn't install dbus-user-session. Then I rebooted
on May 7. My guess is that gpg-agent didn't start running through systemd until
I rebooted.

I installed dbus-user-session this morning, logged out and back in, and the
agent connection still hung. Then I masked the systemd user units per the Debian
README for gpg-agent, and now everything is working again.

I have a working setup now, which is my top priority, although I'm also
interested in figuring out why the default method isn't working. But perhaps
that's more of a question for Debian.

Joey


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: gpg hangs when asking for passphrase

Peter Lebbing
On 09/05/17 15:32, Joey Morris wrote:
> Thanks Peter, I think this is indeed related to the systemd user sessions. Just
> to clarify, did you solve your problem by disabling the systemd units, or did
> you end up getting it working with them?

I removed the following symlinks (format: destination - space - symlink):

usr/lib/systemd/user/gpg-agent-browser.socket usr/lib/systemd/user/sockets.target.wants/gpg-agent-browser.socket
usr/lib/systemd/user/gpg-agent-extra.socket usr/lib/systemd/user/sockets.target.wants/gpg-agent-extra.socket
usr/lib/systemd/user/gpg-agent-ssh.socket usr/lib/systemd/user/sockets.target.wants/gpg-agent-ssh.socket
usr/lib/systemd/user/gpg-agent.socket usr/lib/systemd/user/sockets.target.wants/gpg-agent.socket
usr/lib/systemd/user/dirmngr.socket /usr/lib/systemd/user/sockets.target.wants/dirmngr.socket

(To be exact, I prevented them from being installed in the first place.)

So I don't use the user session functionality. In Debian jessie, there also is
no package dbus-user-session to install in the first place.

> I have a working setup now, which is my top priority, although I'm also
> interested in figuring out why the default method isn't working. But perhaps
> that's more of a question for Debian.

It's a question /I/ can't answer, but Daniel Kahn Gillmor is probably the one
who introduced the functionality and he also frequents this mailing list.

HTH,

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: gpg hangs when asking for passphrase

Daniel Kahn Gillmor-7
In reply to this post by Joey Morris
Hi Joey--

On Mon 2017-05-08 22:34:35 -0400, Joey Morris wrote:

> I've tried several things without figuring out the problem:
>
>   - Verified that gpg-agent is running with `pgrep -u "${USER}" gpg-agent`.
>   - Restarted gpg-agent with `killall gpg-agent`.
>   - Verified that the socket referenced by $GPG_AGENT_INFO exists.
>   - Ran `export GPG_TTY=$(tty)` in my terminal.
>   - Tried several pinentry variants (tty, curses, qt, gtk). Before rebooting,
>     I'd been using pinentry-tty without a problem.
>
> A couple other examples of commands that hang:
>
>   $ gpg-connect-agent reloadagent /bye
>   $ gpg --edit-key userid
>
> I'm running version 2.1.18 on debian sid. Does anyone have thoughts on what
> might be happening or suggestions for additional troubleshooting?

are you using systemd?  do you have dbus-user-session installed?  how
are you logged into the machine (e.g. X11 via gdm, wayland with gdm, a
text-mode-only vt console, etc, ssh session only)?  do you have
libpam-systemd installed?  are you logged into the machine in multiple
concurrent sessions?  does "gpg-connect-agent" on its own hang, rather
than giving you a "> " prompt that you can interact with?  what version
of the debian package are you running?  when you say you've tried
several pinentry variants, how did you try them all?

        --dkg

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: gpg hangs when asking for passphrase

Daniel Kahn Gillmor-7
In reply to this post by Joey Morris
On Tue 2017-05-09 09:32:43 -0400, Joey Morris wrote:

>
> Thanks Peter, I think this is indeed related to the systemd user sessions. Just
> to clarify, did you solve your problem by disabling the systemd units, or did
> you end up getting it working with them?
>
> Checking my apt logs, I upgraded from gnupg-1.4.19-3 and gnupg2-2.0.28-3 to just
> gnupg2-2.1.18-6 on March 18. (So it wasn't a new install of gnupg as I implied
> originally.) March 18 is the day I installed pass and started using it, and by
> extension, gpg, succesfully. I didn't install dbus-user-session. Then I rebooted
> on May 7. My guess is that gpg-agent didn't start running through systemd until
> I rebooted.
>
> I installed dbus-user-session this morning, logged out and back in, and the
> agent connection still hung. Then I masked the systemd user units per the Debian
> README for gpg-agent, and now everything is working again.

hm, masking the user units really shouldn't be necessary.  if you can
explain your system setup to me (see the questions asked elsewhere in
the thread), i'd be happy to try to replicate the problem and give a
better diagnosis.

        --dkg

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: gpg hangs when asking for passphrase

Joey Morris
In reply to this post by Daniel Kahn Gillmor-7
Thanks for thinking about this, Daniel. Answers to your questions below.

Daniel Kahn Gillmor <[hidden email]> wrote on Tue, May 09, 2017 at 12:38:56PM -0400:
> are you using systemd?

Yes.

> do you have dbus-user-session installed?

I didn't at first, but I do now. I saw the hanging behavior both before and
after I installed it.

> how are you logged into the machine (e.g. X11 via gdm, wayland with gdm, a
> text-mode-only vt console, etc, ssh session only)?

X11 via startx. I run openbox-session at the end of .xsession.

> do you have libpam-systemd installed?

Yes. Version 222-1.

> are you logged into the machine in multiple concurrent sessions?

No.

> does "gpg-connect-agent" on its own hang, rather
> than giving you a "> " prompt that you can interact with?

Yes, gpg-connect-agent on its own hangs. (Because I had masked my systemd units
as a workaround, as mentioned in my other email, I unmasked them to reproduce
the hanging scenario in order to test this.)

> what version of the debian package are you running?

Originally 2.1.18-6, and then I upgraded to 2.1.18-7. Same behavior in both
cases.

> when you say you've tried several pinentry variants, how did you try them all?

For a couple of them, I edited ~/.gnupg/gpg-agent.conf. For the others, I put
the generic "pinentry-program /usr/bin/pinentry" in gpg-agent.conf and used
Debian's alternatives to specify the preferred variant. In each case, I re-ran
one of the hanging commands after making the change.

I also tried pinentry-gnome3 just now, because I noticed that it's specifically
mentioned in Debian's gnupg-agent README, but it still hangs.

Joey


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

debugging systemd user services for gpg-agent and dirmngr [was: Re: gpg hangs when asking for passphrase]

Daniel Kahn Gillmor-7
Hi Joey--

thanks for these details!

On Tue 2017-05-09 21:43:47 -0400, Joey Morris wrote:

> X11 via startx. I run openbox-session at the end of .xsession.

cool, we actually have fairly similar setups -- i'm also running
systemd, debian testing/unstable, with dbus-user-session, and
libpam-systemd, and i use openbox as well :)

However, i'm not seeing the behavior you're seeing.

One difference i note is that you're using ~/.xsession, and i'm just
relying on the alternatives system to launch openbox:

    0 dkg@alice:~$ readlink -f $(which x-session-manager)
    /usr/bin/openbox-session
    0 dkg@alice:~$

( For the programs that i want launched per-graphical-session that can't
  be handled as systemd user services, i include them in
  ~/.config/openbox/autostart )

Do you think you could try that approach (with the systemd user services
unmasked) and see whether the agents respond properly?  if so, it'd give
us something specific to debug (we would look into your .xsession to try
to figure out how it differs from the standard startup).

also, when the systemd user services are unmasked, what is shown by:

    journalctl --user-unit gpg-agent dirmngr

Regards,

        --dkg

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (847 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: debugging systemd user services for gpg-agent and dirmngr [was: Re: gpg hangs when asking for passphrase]

Joey Morris
Daniel Kahn Gillmor <[hidden email]> wrote on Wed, May 10, 2017 at 02:10:27PM -0400:

> One difference i note is that you're using ~/.xsession, and i'm just
> relying on the alternatives system to launch openbox:
>
>     0 dkg@alice:~$ readlink -f $(which x-session-manager)
>     /usr/bin/openbox-session
>     0 dkg@alice:~$
>
> ( For the programs that i want launched per-graphical-session that can't
>   be handled as systemd user services, i include them in
>   ~/.config/openbox/autostart )

I've been using my .xession setup for a number of years, and actually when this
issue came up it was the first I'd heard of systemd user services. (I was aware
of the system-level systemd, just not the user-specific part.) I'll spend some
time getting up to speed on it.

> Do you think you could try that approach (with the systemd user services
> unmasked) and see whether the agents respond properly?  if so, it'd give
> us something specific to debug (we would look into your .xsession to try
> to figure out how it differs from the standard startup).

Sure, I'll give it a try. It will probably be a few days before I can spend more
time on this, though.

> also, when the systemd user services are unmasked, what is shown by:
>
>     journalctl --user-unit gpg-agent dirmngr

I get:

    No journal files were found.
    Failed to add match 'dirmngr': Invalid argument

Running just `journalctl --user-unit gpg-agent`, I get:

    No journal files were found.
    Failed to get journal fields: Cannot assign requested address

I have systemd version 222-1 installed, which appears to be wildly out of date.
The first thing I'll try when I get back to this is to upgrade systemd.

Thanks!
Joey


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: debugging systemd user services for gpg-agent and dirmngr [was: Re: gpg hangs when asking for passphrase]

Daniel Kahn Gillmor-7
On Wed 2017-05-10 22:17:28 -0400, Joey Morris wrote:
> I've been using my .xession setup for a number of years, and actually when this
> issue came up it was the first I'd heard of systemd user services. (I was aware
> of the system-level systemd, just not the user-specific part.) I'll spend some
> time getting up to speed on it.

i wasn't trying to suggest that you should transition ~/.xsession
entirely to systemd user services.  I was aiming to suggest that you
could move most of whatever's in your ~/.xsession to
~/.config/openbox/autostart and see whether that changes anything.  Feel
free to ignore creation of any new systemd user services in the meantime
:)


> Running just `journalctl --user-unit gpg-agent`, I get:

as you guessed, this was the command i meant to have you run.  thanks!

>     No journal files were found.
>     Failed to get journal fields: Cannot assign requested address

my guess is that you have no /var/log/journal directory, so everything
stored by the journal will be in the ephemeral /run/log/journal.
/run/log/journal (even the per-user stuff) isn't readable by non-root
users (this is an outstanding request for enhancement for systemd:
https://github.com/systemd/systemd/issues/2744)

That said, you can still examine the stuff in /run/log/journal as root
with:

    journalctl _SYSTEMD_USER_UNIT=gpg-agent.service _UID=1000

(assuming that your non-privileged user ID is 1000).

> I have systemd version 222-1 installed, which appears to be wildly out of date.
> The first thing I'll try when I get back to this is to upgrade systemd.

yes, please!

thanks for checking up on this,

       --dkg

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (847 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: debugging systemd user services for gpg-agent and dirmngr [was: Re: gpg hangs when asking for passphrase]

Joey Morris
Daniel Kahn Gillmor <[hidden email]> wrote on Wed, May 10, 2017 at 10:58:21PM -0400:
> On Wed 2017-05-10 22:17:28 -0400, Joey Morris wrote:
> > I have systemd version 222-1 installed, which appears to be wildly out of date.
> > The first thing I'll try when I get back to this is to upgrade systemd.
>
> yes, please!

After upgrading systemd, I'm happy to report that my agent connections no longer
hang and everything seems to be working well. (Because the upgrade fixed my
problem, I didn't attempt your other suggestion of moving my .xsession startup
tasks to .config/openbox/autostart.) Thank you for the assistance!

Joey


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: debugging systemd user services for gpg-agent and dirmngr [was: Re: gpg hangs when asking for passphrase]

Daniel Kahn Gillmor-7
On Mon 2017-05-15 19:10:35 -0400, Joey Morris wrote:

> Daniel Kahn Gillmor <[hidden email]> wrote on Wed, May 10, 2017 at 10:58:21PM -0400:
>> On Wed 2017-05-10 22:17:28 -0400, Joey Morris wrote:
>> > I have systemd version 222-1 installed, which appears to be wildly out of date.
>> > The first thing I'll try when I get back to this is to upgrade systemd.
>>
>> yes, please!
>
> After upgrading systemd, I'm happy to report that my agent connections no longer
> hang and everything seems to be working well. (Because the upgrade fixed my
> problem, I didn't attempt your other suggestion of moving my .xsession startup
> tasks to .config/openbox/autostart.) Thank you for the assistance!
yay, glad to hear it!  I'm still a bit perplexed by what happened there,
but hopefully having this note in the archives will help folks find it
if they have a similar problem with an older version of systemd.

     --dkg

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (847 bytes) Download Attachment