! Please note that this is a snapshot of our old Bugzilla server, which is read only since May 29, 2020. Please go to gitlab.xfce.org for our new server !
[PATCH] gpg-agent “ping“ code doesn't work with gpg 2.1
Status:
RESOLVED: FIXED
Product:
Xfce4-session
Component:
General

Comments

Description Yves-Alexis Perez editbugs 2015-07-04 21:23:08 CEST
Hi,

with gnupg 2.1, the GPG_AGENT_INFO variable is not needed anymore, the code will use the standard path $GNUPGHOME/S.gpg-agent:0:1.

In Debian, we still set the GNUPG_AGENT_INFO variable because some people might still use gnupg 1 which I guess need the variable. But the variable doesn't contain a PID anymore, so the code to ping the agent won't work. In that case, even if gpg-agent is running, xfce4-session will try to run another one, which won't work since there's already one running, and mess with the GPG_AGENT_INFO variable so it won't work anymore for gpg 1.4.

The code needs to be updated to use a different way to ping the agent.
Comment 1 Simon Steinbeiss editbugs 2019-05-03 10:07:49 CEST
*** Bug 14017 has been marked as a duplicate of this bug. ***
Comment 2 Maciej S. Szmigiero 2019-10-09 00:21:55 CEST
I have created a patch to add a GnuPG 2.1+ mode (with capability to use pre-2.1 GnuPG versions still present).

It is available at https://github.com/maciejsszmigiero/xfce4-session.git Github repository branch gnupg-2-1-mode
(since attaching multiple patches here would corrupt things like a GPG commit signature).
Comment 3 Theo Linkspfeifer editbugs 2020-04-28 00:02:39 CEST
*** Bug 16770 has been marked as a duplicate of this bug. ***
Comment 4 Fab 2020-04-28 10:27:53 CEST
(In reply to Maciej S. Szmigiero from comment #2)
> I have created a patch to add a GnuPG 2.1+ mode (with capability to use
> pre-2.1 GnuPG versions still present).
> 
> It is available at https://github.com/maciejsszmigiero/xfce4-session.git
> Github repository branch gnupg-2-1-mode
> (since attaching multiple patches here would corrupt things like a GPG
> commit signature).

On gentoo I successfully tested following patchs :
 - bc21a2bfab0fd7415f5b924e998f812113186628 : Re-add xfsm_startup_shutdown() call to xfce4-session main()
 - 43259bb61841d39b9f37ecb9b7e2bf487982e471 : Free the intermediate "cmd" variable in xfsm_startup_init()
 - 2ff7b1fde4b8493d9bba920afe7fd1e7091a9809 : Add a GnuPG 2.1+ mode 

with :
 - xfce-base/xfce4-session-4.14.1
 - app-crypt/gnupg-2.2.19
 - gpg-agent on

gpg-agent is successfully started and usable, then it is killed at the end of session. Thank you !

However I'm still getting this warning in ~/.xsession-errors:
> gpg-agent[PID]: WARNING: "--write-env-file" is an obsolete option - it has no effect
> gpg-agent[PID]: gpg-agent (GnuPG) 2.2.19 started
> 
> (xfce4-session:PID): xfce4-session-WARNING **: gpg-agent returned no PID in the variables
Comment 5 Maciej S. Szmigiero 2020-04-28 14:04:30 CEST
Thanks for testing Fab.

> However I'm still getting this warning in ~/.xsession-errors:
> gpg-agent[PID]: WARNING: "--write-env-file" is an obsolete option - it has no effect

You shouldn't be getting this message since GnuPG 2.1+ mode passes no "--write-env-file" parameter to gpg.
Are you sure that this ~/.xsession-errors file isn't from a previous Xfce run? You can delete it and see whether it reappears with this message.

Also, if you are building from the xfce-base/xfce4-session/xfce4-session-4.14.1.ebuild you'll need to regenerate the configure script by adding the following code to the ebuild:

src_prepare() {
       default
       NOCONFIGURE=1 xdt-autogen
}

You'll need to have dev-util/xfce4-dev-tools installed for the above autogen to succeed.
Comment 6 Fab 2020-04-28 15:44:25 CEST
(In reply to Maciej S. Szmigiero from comment #5)
> You'll need to have dev-util/xfce4-dev-tools installed for the above autogen
> to succeed.

You're right : I forgot de regenerate the configure script. After doing it I'm finding in build log file :
> checking which GnuPG mode to use... 2.1+

And the warning disappeared from my ~/.xsession-errors.

But this also means that the first time I thought I was testing the new code but I wasn't.
And in this case I do not understand how gpg-agent could be usable without it, since several months ago it was completely broken (bug#14017).

Thank you.
Comment 7 Maciej S. Szmigiero 2020-04-28 18:21:11 CEST
> But this also means that the first time I thought I was testing the new code but I wasn't.

You actually were testing the new code, but in the "old GPG" mode.
There are bits in these patches that don't depend on the selected GPG version.

@maintainers: Is it possible to merge these patches?
I have been using them personally on multiple machines since the last October and now they have also been tested by Fab.
Comment 8 Skunnyk editbugs 2020-04-28 22:08:36 CEST
Thank you for the patch, I need to test it now :)
I'm not sure we need to keep support for gpg1.x, most distributions provides gpg2 by default (if not all ? https://repology.org/project/gnupg/versions).
Comment 9 Skunnyk editbugs 2020-04-28 22:58:44 CEST
After some tests (thanks xfce-test container !), it seems that it works fine on top of xfce4-session master :)
gpg-agent is stopped when session is exited, no more warning in xsession-errors.log.

I +1 the removal of gpg1.x support btw

Thank you for your work Maciej !
Comment 10 Skunnyk editbugs 2020-04-28 23:17:38 CEST
*** Bug 11686 has been marked as a duplicate of this bug. ***
Comment 11 Maciej S. Szmigiero 2020-04-29 13:40:26 CEST
Will update the patch removing gpg 1.x support the next weekend then.
Comment 12 Skunnyk editbugs 2020-05-01 11:37:28 CEST
Committed in https://gitlab.xfce.org/xfce/xfce4-session/-/commit/d3c2c37c1e68aecee5a2235bd8facdc91cb1f33e ! 
Thank you so much ! (I forgot to add issue number in commit message… :))

I think we need to backport the fix to 4.14
Comment 13 Git Bot editbugs 2020-05-01 12:02:07 CEST
Maciej S. Szmigiero referenced this bugreport in commit 2a31366907572f7942ddb5d50b2b6f75024bad79

Bug #12044: Add a GnuPG 2.1+ mode

https://gitlab.xfce.org/xfce/xfce4-session/commit/2a31366907572f7942ddb5d50b2b6f75024bad79

Bug #12044

Reported by:
Yves-Alexis Perez
Reported on: 2015-07-04
Last modified on: 2020-05-01
Duplicates (3):
  • 11686 xfce4-session does not stop gpg-agent
  • 14017 xfce4-session : gpg-agent support is broken
  • 16770 gpg warns about usage of obsolete option --write-env-file.

People

Assignee:
Xfce Bug Triage
CC List:
10 users

Version

Version:
4.12.0

Attachments

Additional information