"gpg: deleting secret key failed: No pinentry" when in --batch mode with --pinentry=loopback
Open, NormalPublic


when doing --delete-secret-key with --batch --pinentry-mode=loopback --passphrase '' (a common set of parameters for headless test suites, etc), i get these error messages:

gpg: deleting secret key failed: No pinentry
gpg: 0xC66EE6825C56BD2DD7D5249BCD06DA2AF8754C37!: delete key failed: No pinentry

The manual page gives a hint that --yes is required in this case, though --yes also has other side effects that might or might not be desirable. Perhaps --pinentry-mode=loopback should be interpreted in the same way as --yes in this context?

or at least, the error message should be more along the lines of "i'm in batch mode, and i need to prompt, perhaps you mean --yes?"

Here is a reproducer:

and here is sample output:

++ mktemp -d
+ homedir=/home/dkg/tmp/tmp.4sY3eX3qaK
+ trap cleanup exit
+ opts=(--homedir "$homedir" --pinentry-mode loopback --passphrase '' --batch)
+ g --quick-gen-key 'test user <test@example.org>' default default 0
+ gpg --homedir /home/dkg/tmp/tmp.4sY3eX3qaK --pinentry-mode loopback --passphrase '' --batch --quick-gen-key 'test user <test@example.org>' default default 0
gpg: keybox '/home/dkg/tmp/tmp.4sY3eX3qaK/pubring.kbx' created
gpg: /home/dkg/tmp/tmp.4sY3eX3qaK/trustdb.gpg: trustdb created
gpg: key 778F4460EEDF95A1 marked as ultimately trusted
gpg: directory '/home/dkg/tmp/tmp.4sY3eX3qaK/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/dkg/tmp/tmp.4sY3eX3qaK/openpgp-revocs.d/1DB023A18E1573B941CF7754778F4460EEDF95A1.rev'
++ g --list-keys --with-colons
++ gpg --homedir /home/dkg/tmp/tmp.4sY3eX3qaK --pinentry-mode loopback --passphrase '' --batch --list-keys --with-colons
++ get_primary_fpr
++ awk -F: '/^pub:/{ x = 1 } /^sub:/{ x = 0 } /^fpr:/{ if (x) { print $10 } }'
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
+ fpr=1DB023A18E1573B941CF7754778F4460EEDF95A1
+ g --delete-secret-key '0x1DB023A18E1573B941CF7754778F4460EEDF95A1!'
+ gpg --homedir /home/dkg/tmp/tmp.4sY3eX3qaK --pinentry-mode loopback --passphrase '' --batch --delete-secret-key '0x1DB023A18E1573B941CF7754778F4460EEDF95A1!'
gpg: deleting secret key failed: No pinentry
gpg: 0x1DB023A18E1573B941CF7754778F4460EEDF95A1!: delete key failed: No pinentry
+ cleanup
+ printf 'cleaning up ephemeral homedir %s\n' /home/dkg/tmp/tmp.4sY3eX3qaK
cleaning up ephemeral homedir /home/dkg/tmp/tmp.4sY3eX3qaK
+ rm -rf /home/dkg/tmp/tmp.4sY3eX3qaK
dkg created this task.Aug 3 2019, 7:15 PM
werner triaged this task as Normal priority.Aug 5 2019, 7:51 PM
werner added a subscriber: werner.Mar 18 2020, 3:02 PM

This is closely related to T3465 which was fixed in master. Running a gpg-agent 2.3 agent and using gpg 2.2 it works; however, using a gpg 2.3 bails out with an error message that we are in batch mode. I will look at this.

werner claimed this task.Mar 18 2020, 3:02 PM
werner edited projects, added gnupg (gpg23); removed gnupg (gpg22).Mar 18 2020, 3:32 PM

Okay, in 2.2 the output now looks like this:

gpg: deleting secret key failed: No pinentry
gpg: deleting secret subkey failed: No pinentry
gpg: 8105B05E620CF330602EF55FA69B6DC12F23D48A: delete key failed: No pinentry
gpg: (try option "--yes" to delete anyway)

When running with a gpg-agent from master (2.3) it will just work but if you also use a gpg from master we end up in a "Sorry, we are in batchmode" which is clearly not correct either. This needs more fixes but those should be done together with some cleanup of the confirmation message received .

I keep this bug open for 2.3.