Page MenuHome GnuPG
Create Task
Maniphest T4106

Terminal use case for gpg-agent and gpg-agent for ssh-agent feature
Open, NormalPublic
Actions

Description

Situation is Debian systemd socket activation, and login to terminal (not using Desktop Graphical environment) and use gpg-agent as ssh-agent.

In the socket activation configuration, a user requires UPDATESTARTUPTTY to let gpg-agent knows about his TTY.
(This should be well explained in a document.)

  • If it doesn't have GPG_TTY, pinentry will hang (this should be detected?)
  • Once pinentry hangs, gpg-agent remains there, and next requests keep hanging

After login, a user needs to do:

gpg-connect-agent UPDATESTARTUPTTY /bye

Event Timeline

gniibe created this task.Aug 21 2018, 5:48 AM
werner added a project: Debian.Aug 21 2018, 5:28 PM
werner added a subscriber: werner.

gpg-agent has a pinentry caling timeout - doesn't that trigger?
In any case we agreed that Debian takes care of systemd support because that is not an upstream supported configuration.

gniibe updated the task description. (Show Details)Aug 22 2018, 9:56 AM
gniibe claimed this task.Aug 22 2018, 9:59 AM
gniibe triaged this task as Normal priority.

This entry was created based on the conversation at #gnupg channel.
I can't reproduce keep hanging.
I confirmed that pinentry vanished (perhaps, because of timeout).

gniibe updated the task description. (Show Details)Aug 22 2018, 10:00 AM
gniibe updated the task description. (Show Details)Aug 22 2018, 10:03 AM
gniibe updated the task description. (Show Details)
dkg added a subscriber: dkg.May 19 2019, 9:05 PM

This doesn't sound systemd-specific to me, fwiw, though i don't understand how to reproduce the problem from the given description here.

if there are two textual connections to a given user account on the machine (e.g. two ssh connections), then the second one will likely run into the same problem as that described here, even if systemd is not in use.

If you can describe a clearer way to reproduce, i'm happy to help figure it out, though.

ageis added a subscriber: ageis.May 20 2019, 1:05 AM

Does gpgconf --reload gpg-agent trigger that command? that's the ExecReload setting in the systemd service unit I'm looking at.

dkg added a comment.EditedMay 20 2019, 5:28 AM

trigger what command? i'm pretty sure gpgconf --reload gpg-agent does not trigger updatestartuptty. And it should not do so, afaict -- if you think it should, i'd be interested in hearing the rationale for it.