Page MenuHome GnuPG
Create Task
Maniphest T4867

with non-existent homedir, `gpgconf --check-programs` produces surprising output.
Closed, ResolvedPublic
Actions

Description

I'm trying to figure out how to work around gpgconf complaints in T4866, so i thought i would look into using gpgconf itself to see whether it was safe to run a program if the home directory doesn't exist. --check-programs seems like the obvious choice, but the results are surprising:

0 dkg@alice:~$ HOME=/nonexistent gpgconf --check-programs 
gpg:OpenPGP:/usr/bin/gpg:1:1:
gpg-agent:Private Keys:/usr/bin/gpg-agent:1:0:
scdaemon:Smartcards:/usr/lib/gnupg/scdaemon:1:1:
gpgsm:S/MIME:/usr/bin/gpgsm:1:0:::can't create directory '/nonexistent/.gnupg'%3a No such file or directory:
:::::::keyblock resource '/nonexistent/.gnupg/pubring.kbx'%3a No such file or directory:
dirmngr:Network:/usr/bin/dirmngr:1:1:
pinentry:Passphrase Entry:/usr/bin/pinentry:1:1:
0 dkg@alice:~$

This raises several questions:

  • what does the line between gpgsm and dirmngr mean? Is there documentation to tell me that i should expect some line with empty values in first 7 fields?
  • the avail field is 1 (true) for all of them, meaning "installed and runnable" according to gpgconf(1), but in T4866, @werner says: "GnuPG requires its home directory". Which is correct?
  • Why do gpg-agent and gpgsm both have okay ("config file is syntactically ok") set to 0 (false), but the others claim an OK config file in the same situation?

Details

Version
2.2.19

Revisions and Commits

rG GnuPG
rG1fbf085bc8b4 gpgconf: Make sure the homedir exists for --apply-profile.
rG7d95f2e7e7a0 gpgconf: Make sure the homedir exists for --apply-profile.
rG0847133e4caf sm: Do not require a default keyring for --gpgconf-list.
rGe7677da479c4 sm: Do not require a default keyring for --gpgconf-list.

Related Objects

Event Timeline

dkg created this task.Mar 5 2020, 11:01 PM
dkg updated the task description. (Show Details)Mar 6 2020, 12:25 AM
werner added a comment.Mar 6 2020, 9:03 AM

You should not fix stdout with stderr. Granted we could fflush stdout after a line, but rsh is dead and so all software can distinguish between them.

dkg added a comment.Mar 6 2020, 7:06 PM

I think you mean "mix", not "fix". right?

Here's me sending stderr to /dev/null:

0 dkg@alice:~$ HOME=/nonexistent gpgconf --check-programs 2>/dev/null
gpg:OpenPGP:/usr/bin/gpg:1:1:
gpg-agent:Private Keys:/usr/bin/gpg-agent:1:0:
scdaemon:Smartcards:/usr/lib/gnupg/scdaemon:1:1:
gpgsm:S/MIME:/usr/bin/gpgsm:1:0:::can't create directory '/nonexistent/.gnupg'%3a No such file or directory:
:::::::keyblock resource '/nonexistent/.gnupg/pubring.kbx'%3a No such file or directory:
dirmngr:Network:/usr/bin/dirmngr:1:1:
pinentry:Passphrase Entry:/usr/bin/pinentry:1:1:
0 dkg@alice:~$

It looks the same to me. Did it do something different for you?

werner added a comment.Mar 9 2020, 12:57 PM

Well, I misread the output. What you see is what is expected. From the gpgconf man page:

@item error
If an error occurred in the configuration file, this field has the error
text of the failing statement in the configuration file.  It is
@emph{percent-escaped} and @emph{localized}.

The :::::: lines are continuation lines of the error message.

dkg added a comment.Mar 9 2020, 6:21 PM

Yes, i'd surmised that the ::::: lines are continuation lines of the error message. but why not just percent-escape the newline in the error message too? Where in the documentation of this API does it say to expect continuation lines of error messages? Is gpgconf expected to be used programmatically?

Can you address the other two questions asked above? i'm trying to understand the semantic difference between avail and okay so that i can use them to improve the test to avoid spurious warnings complained about in https://bugs.debian.org/950836, if T4866 is not going to be resolved.

werner added a comment.Mar 18 2020, 1:42 PM

The newlines are not percent escaped because that could lead to very long lines and thus break parsers. Another reason is that the error messages are easier to read this way. An empty first field is anyway not valid and parsers should skip that.

Regarding the difference between avail and okay, I would need to check the history of that command. The command is not used by gpgme.

werner triaged this task as Low priority.Aug 19 2020, 1:49 PM
werner added a commit: rGe7677da479c4: sm: Do not require a default keyring for --gpgconf-list..Aug 25 2020, 11:38 AM
werner added a commit: rG0847133e4caf: sm: Do not require a default keyring for --gpgconf-list..
werner closed this task as Resolved.Aug 25 2020, 11:41 AM
werner claimed this task.

Was easier to fix than expected. Thanks for the report. Fix goes into 2.2.22.

werner mentioned this in T5030: Release GnuPG 2.2.22 .Aug 27 2020, 3:03 PM
werner added a commit: rG7d95f2e7e7a0: gpgconf: Make sure the homedir exists for --apply-profile..Nov 4 2020, 4:23 PM
werner added a commit: rG1fbf085bc8b4: gpgconf: Make sure the homedir exists for --apply-profile..Nov 4 2020, 7:45 PM