GPG hangs after Signing a key
Closed, ResolvedPublic

Description

This issue is connected to T1249 reported by me earlier this year, namely
GnuPG's problems with renaming the pubring.tmp file into pubring.gpg. At that
time the problem happened during key creation (batch method), but I see it also
happens during signing and very likely during other key management tasks in Windows.

Where:
OS: Windows
Especially: Windows 7 (rarely or never observed on Windows XP)

What exacty:
After programmatically signing a key (i.e., the frontend program calls GPG in a
CreateProcess, redirects the StdHandles to 3 anonymous pipes, and gives the
needed input as GPG requests it), GPG hangs *after* having requested the
passphrase and having acknowledged its correctness with "[GNUPG:] GOOD
PASSPHRASE". On my Windows 7 machine this happens maybe 50% of the time. As far
as I could see now, GPG does not write an error message about what's wrong into
logger-fd. (If it did, it would probably not hang but exit gracefully.)

The commandline calling GPG is: GPG.exe --no-greeting --homedir [here:
keydirectory] --default-key [fingerpring of signing key] --command-fd 0
--status-fd 1 --logger-fd 2 --edit-key [fingerprint of key to be signed]. StdIn
then provides the line: "lsign" (for sign locally) and then "UID [number of
keyID]" the calling program then provides the commands such as "Yes" and the
passphrase upon the requests (STATUS statements) by GPG which are read via
StdOut. The hanging happens after having given GPG the command "SAVE", i.e. to
save the key with the successful signature.

What happens then:
I need to call Windows Task Manager (Ctrl-Alt-Del or Ctrl-Shift-Esc) and kill
the process gpg.exe. I can then go into the homedirectory with the keyfiles and
see a file pubring.bak. I also see a file pubring.tmp and sometimes a file
pubring.gpg, which (if existent) is empty. When I manually rename pubring.tmp
into pubring.gpg, everything is as it should be: when I restart, I can see that
the signature has been succesfully made, only the renaming of pubring.tmp to
pubring.gpg had not been done. When I do not do a manual renaming of the file,
GPG reports that there are no keys in the directory.

I researched this problem mainly for the command "--edit-key" and then "sign UID
[plus a number], so here I have the most exact observations. A similar problem
seemed to happen when creating a key (through the interactive process, again
managed by the frontend program) and when importing a key. When creating a key
into a new secret key file, I found secring.gpg empty. All of these things
happen intermittently, as if the problem was race condition or so.

I judge this as critical, because I cannot give my customers a program that
hangs 50% of the time during a routine and fairly important subroutine. And I
have not found a workaround. (I wonder, however, how other frontends deal with
this problem. I am open for suggestions.)

Good luck!
Wolfgang

Details

Version
1.4.11
Wolfgang_Schlage set Version to 1.4.11 (and 1.4.10).Dec 1 2010, 3:51 AM
Wolfgang_Schlage added a subscriber: Wolfgang_Schlage.

Dec. 4, 2010:

I did some more research (I think I can localize the GPG code where the problem
happens, and currently I conclude that it is really a Windows bug) and wrote up
my findings in the attached file GnuPGRenamingBug.rtf, from where you can
download everything and print it out.

Good luck!
Wolfgang

werner added a subscriber: werner.Jan 10 2011, 3:02 PM

Please don't attach files in a more or less proprietary format. We will only
accept plain text files. Further the bug description should be a message and
not an attached file. File may be attached for test data or if you want to
provide long log data.

Regarding the criticalness of your bug and your custumer: Please have a look at
http://www.gnupg.org/service.html

werner closed this task as Resolved.
werner claimed this task.

No response to my last message. It seems to be an IPC bug and not related to
GPG given that other GUIs don't have these problems.

Note: You may want to look into GPGME to see how to do it correctly.

Wolfgang_Schlage reopened this task as Open.Jul 1 2011, 2:43 PM

Thanks, Werner, for your reply and your suggestions. I'll have a look at the
GPGME solution.

By the way: I put the bug description into an RTF-file because the description
of the bug and how I had attempted to narrow down the problem was rather
complicated, and the formatting allowed in the RTF file increased, in my
opinion, the readability.

werner closed this task as Resolved.Jul 4 2011, 12:28 PM
werner changed Version from 1.4.11 (and 1.4.10) to 1.4.11.