Page MenuHome GnuPG
Create Task
Maniphest T6400

Improve Pinentry error message for a bad $TERM
Open, NormalPublic
Actions

Description

Full output of the session:

capitol@freebsd:~/ripasso $ gpg --expert --full-generate-key
gpg (GnuPG) 2.3.8; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: directory '/home/capitol/.gnupg' created
gpg: keybox '/home/capitol/.gnupg/pubring.kbx' created
Please select what kind of key you want:
   (1) RSA and RSA
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
   (9) ECC (sign and encrypt) *default*
  (10) ECC (sign only)
  (11) ECC (set your own capabilities)
  (13) Existing key
  (14) Existing key from card
Your selection? 9
Please select which elliptic curve you want:
   (1) Curve 25519 *default*
   (2) Curve 448
   (3) NIST P-256
   (4) NIST P-384
   (5) NIST P-521
   (6) Brainpool P-256
   (7) Brainpool P-384
   (8) Brainpool P-512
   (9) secp256k1
Your selection? 1
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 2y
Key expires at Mon Mar  3 14:56:32 2025 CET
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: Alexander Kjäll
Email address: alexander.kjall@gmail.com
Comment:
You are using the 'utf-8' character set.
You selected this USER-ID:
    "Alexander Kjäll <alexander.kjall@gmail.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: agent_genkey failed: Screen or window too small
Key generation failed: Screen or window too small
capitol@freebsd:~ $ gpg --version
gpg (GnuPG) 2.3.8
libgcrypt 1.9.4
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/capitol/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
AEAD: EAX, OCB
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Details

Version
2.3.8

Related Objects

Event Timeline

capitol created this task.Mar 4 2023, 3:41 PM
saper added a subscriber: saper.Mar 5 2023, 12:14 AM

I tried to reproduce on my FreeBSD 14 machine and didn't get an error....

Can you try again but create $HOME/.gnupg/gpg-agent.conf file with

debug 0xffff
log-file /tmp/agent.log

What are your locale settings - the output of locale?

capitol added a comment.Mar 5 2023, 12:40 PM

Hi, thanks for the quick turnaround

This is the locale output:

LC_CTYPE="C.UTF-8"
LC_COLLATE="C.UTF-8"
LC_TIME="C.UTF-8"
LC_NUMERIC="C.UTF-8"
LC_MONETARY="C.UTF-8"
LC_MESSAGES="C.UTF-8"
LC_ALL=

I also got the suggestion to try with --pinentry-mode=loopback and that resolved the issue. I guess it maybe tried to open an X session back over ssh and failed with that, or something similar.

I attached the agent log also. It seems to maybe contain sensitive data, but this was all just for a test, so no problem to share. It contains two runs, first the reproduction of the failure and then the working one.

agent.log31 KBDownload

saper added a comment.Mar 5 2023, 9:15 PM

The agent.log says that the error comes from pinentry-curses:

`
2023-03-05 12:32:15 gpg-agent[928] DBG: chan_8 -> INQUIRE PINENTRY_LAUNCHED 929 curses 1.2.1 /dev/pts/0 alacritty - 20620/1001/4 1001/1001 0
2023-03-05 12:32:15 gpg-agent[928] DBG: chan_8 <- END
2023-03-05 12:32:16 gpg-agent[928] DBG: error calling pinentry: Screen or window too small <Pinentry>
2023-03-05 12:32:16 gpg-agent[928] command 'GENKEY' failed: Screen or window too small <Pinentry>
2023-03-05 12:32:16 gpg-agent[928] DBG: chan_8 -> ERR 83886381 Screen or window too small <Pinentry>
2023-03-05 12:32:16 gpg-agent[928] DBG: chan_8 <- [eof]
`

What is the value of the $TERM variable? What does stty -a say?

I have tried the same connecting via ssh to the FreeBSD server (with X11 enabled as well as disabled) and the pinentry-curses terminal popped up fine, even on a very narrow terminal window (42 characters wide). My TERM is rxvt-unicode-256color and I am using urxvt as my terminal emulator.

capitol added a comment.Mar 6 2023, 7:09 AM

$term is 'alacritty', stty -a is:

speed 38400 baud; 54 rows; 180 columns;
lflags: icanon isig iexten echo echoe echok echoke -echonl echoctl
	-echoprt -altwerase -noflsh -tostop -flusho -pendin -nokerninfo
	-extproc
iflags: -istrip icrnl -inlcr -igncr ixon -ixoff -ixany -imaxbel -ignbrk
	brkint -inpck -ignpar -parmrk
oflags: opost onlcr -ocrnl tab0 -onocr -onlret
cflags: cread cs8 -parenb -parodd hupcl -clocal -cstopb -crtscts -dsrflow
	-dtrflow -mdmbuf rtsdtr
cchars: discard = ^O; dsusp = ^Y; eof = ^D; eol = <undef>;
	eol2 = <undef>; erase = ^?; erase2 = ^H; intr = ^C; kill = ^U;
	lnext = ^V; min = 1; quit = ^\; reprint = ^R; start = ^Q;
	status = ^T; stop = ^S; susp = ^Z; time = 0; werase = ^W;
ikloecker added a subscriber: ikloecker.Mar 6 2023, 8:57 AM

Could this be a duplicate of T4924: pinentry: pinentry-curses doesn't allow to set no password or weak passwords on 80 char width and smaller terminals?

saper added a comment.EditedMar 6 2023, 12:06 PM

@ikloecker not sure we are there yet. I was able to set a weak password on a terminal that was 42 characters wide. I think the problem here is unrelated to FreeBSD but to the fact that @capitol uses alacritty https://github.com/alacritty/alacritty

@capitol does this problem happen also if you use something like a classic xterm ? (I hope you meant $TERM not $term). Are you running the command on the remote server connected via SSH?

Can you run tput -T alacritty longname on the same machine you were trying to generate the keys ? What does it say?

saper added a comment.EditedMar 6 2023, 1:11 PM

I don't know what is going here really. I have installed alacritty and I can reproduce T4924 easily if I provide an empty passphrase on an narrow window. At least I get pinentry-curses popping up.

However, alacritty installed from FreeBSD port gives me $TERM set to xterm-256color an things seem to be working fine, also over SSH connection to another FreeBSD machine.

If I set TERM to alacritty manually, no terminal definition can be found and pinentry stops with

2023-03-06 11:51:07 gpg-agent[50757] starting a new PIN Entry
2023-03-06 11:51:07 gpg-agent[50757] DBG: connection to PIN e
ntry established
2023-03-06 11:51:07 gpg-agent[50757] DBG: chan_8 -> INQUIRE P
INENTRY_LAUNCHED 50768 curses 1.1.1 /dev/pts/2 alacritty loca
lhost:10.0 20620/169/4 169/20 0
2023-03-06 11:51:07 gpg-agent[50757] DBG: chan_8 <- END
2023-03-06 11:51:08 gpg-agent[50757] DBG: error calling pinen
try: Required environment variable not set <Pinentry>
2023-03-06 11:51:08 gpg-agent[50757] command 'GENKEY' failed:
 Required environment variable not set <Pinentry>
2023-03-06 11:51:08 gpg-agent[50757] DBG: chan_8 -> ERR 83886
383 Required environment variable not set <Pinentry>
2023-03-06 11:51:08 gpg-agent[50757] DBG: chan_8 <- [eof]

(but this is kind of expected).

I get some errors compiling alacritty terminfo https://github.com/alacritty/alacritty/blob/e0b9771dbcab56f666daa3bd02fc7a889107ccfa/extra/alacritty.info with FreeBSD's /usr/bin/tic - and then, when I use TERM set to alacritty my agent complains right away trying to start pinentry-curses

2023-03-06 13:21:50 gpg-agent[77861] starting a new PIN Entry
2023-03-06 13:21:50 gpg-agent[77861] DBG: connection to PIN entry established
2023-03-06 13:21:50 gpg-agent[77861] DBG: chan_8 -> INQUIRE PINENTRY_LAUNCHED 77862 curses 1.2.1 /dev/pts/7 alacritty - 20620/169/4 1002/1002 0
2023-03-06 13:21:50 gpg-agent[77861] DBG: chan_8 <- END
2023-03-06 13:21:51 gpg-agent[77861] DBG: error calling pinentry: Permission denied <Pinentry>
2023-03-06 13:21:51 gpg-agent[77861] command 'GENKEY' failed: Permission denied <Pinentry>
2023-03-06 13:21:51 gpg-agent[77861] DBG: chan_8 -> ERR 83918849 Permission denied <Pinentry>

So I am pretty sure there is something with termcap vs terminfo vs whatever. Maybe not using alacritty as $TERM is a solution.

capitol added a comment.Mar 6 2023, 5:00 PM

Looks like the TERM alacritty was the culprit, I'm ssh'ing into the freebsd machine from my archlinux laptop.

I can confirm that running TERM=xterm-256color gpg --expert --full-generate-key works.

saper added a comment.Mar 6 2023, 5:23 PM

Thank you!

I think we have an interesting kind of regression:

With the TERM set to the terminal name that cannot be used on the system, pinentry-curses 1.1.1 stops with "Key generation failed: Required environment variable not set".
pinentry-curses 1.2.1 stops with "Key generation failed: Screen or window too small".

I think the message from 1.1.1 is slightly better.

werner triaged this task as Normal priority.Mar 28 2023, 5:01 PM
werner added projects: pinentry, Documentation.
werner added a subscriber: werner.

Actually this is about improving an error message.

werner renamed this task from Key generation on freebsd fails with message about screen size to Improve Pinentry error message for a bad $TERM.Mar 28 2023, 5:02 PM
werner added a project: FreeBSD.