with non-existent homedir, `gpgconf --check-programs` produces surprising output.
Open, Needs TriagePublic

Description

I'm trying to figure out how to work around gpgconf complaints in T4866, so i thought i would look into using gpgconf itself to see whether it was safe to run a program if the home directory doesn't exist. --check-programs seems like the obvious choice, but the results are surprising:

0 dkg@alice:~$ HOME=/nonexistent gpgconf --check-programs 
gpg:OpenPGP:/usr/bin/gpg:1:1:
gpg-agent:Private Keys:/usr/bin/gpg-agent:1:0:
scdaemon:Smartcards:/usr/lib/gnupg/scdaemon:1:1:
gpgsm:S/MIME:/usr/bin/gpgsm:1:0:::can't create directory '/nonexistent/.gnupg'%3a No such file or directory:
:::::::keyblock resource '/nonexistent/.gnupg/pubring.kbx'%3a No such file or directory:
dirmngr:Network:/usr/bin/dirmngr:1:1:
pinentry:Passphrase Entry:/usr/bin/pinentry:1:1:
0 dkg@alice:~$

This raises several questions:

  • what does the line between gpgsm and dirmngr mean? Is there documentation to tell me that i should expect some line with empty values in first 7 fields?
  • the avail field is 1 (true) for all of them, meaning "installed and runnable" according to gpgconf(1), but in T4866, @werner says: "GnuPG requires its home directory". Which is correct?
  • Why do gpg-agent and gpgsm both have okay ("config file is syntactically ok") set to 0 (false), but the others claim an OK config file in the same situation?

Details

Version
2.2.19
dkg created this task.Mar 5 2020, 11:01 PM
dkg updated the task description. (Show Details)Mar 6 2020, 12:25 AM
werner added a comment.Mar 6 2020, 9:03 AM

You should not fix stdout with stderr. Granted we could fflush stdout after a line, but rsh is dead and so all software can distinguish between them.

dkg added a comment.Mar 6 2020, 7:06 PM

I think you mean "mix", not "fix". right?

Here's me sending stderr to /dev/null:

0 dkg@alice:~$ HOME=/nonexistent gpgconf --check-programs 2>/dev/null
gpg:OpenPGP:/usr/bin/gpg:1:1:
gpg-agent:Private Keys:/usr/bin/gpg-agent:1:0:
scdaemon:Smartcards:/usr/lib/gnupg/scdaemon:1:1:
gpgsm:S/MIME:/usr/bin/gpgsm:1:0:::can't create directory '/nonexistent/.gnupg'%3a No such file or directory:
:::::::keyblock resource '/nonexistent/.gnupg/pubring.kbx'%3a No such file or directory:
dirmngr:Network:/usr/bin/dirmngr:1:1:
pinentry:Passphrase Entry:/usr/bin/pinentry:1:1:
0 dkg@alice:~$

It looks the same to me. Did it do something different for you?

Well, I misread the output. What you see is what is expected. From the gpgconf man page:

@item error
If an error occurred in the configuration file, this field has the error
text of the failing statement in the configuration file.  It is
@emph{percent-escaped} and @emph{localized}.

The :::::: lines are continuation lines of the error message.

dkg added a comment.Mon, Mar 9, 6:21 PM

Yes, i'd surmised that the ::::: lines are continuation lines of the error message. but why not just percent-escape the newline in the error message too? Where in the documentation of this API does it say to expect continuation lines of error messages? Is gpgconf expected to be used programmatically?

Can you address the other two questions asked above? i'm trying to understand the semantic difference between avail and okay so that i can use them to improve the test to avoid spurious warnings complained about in https://bugs.debian.org/950836, if T4866 is not going to be resolved.

The newlines are not percent escaped because that could lead to very long lines and thus break parsers. Another reason is that the error messages are easier to read this way. An empty first field is anyway not valid and parsers should skip that.

Regarding the difference between avail and okay, I would need to check the history of that command. The command is not used by gpgme.