Which version of Scute are you using?
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Sep 27 2022
Using Scute as a drop-in replacement doesn't currently work. Perhaps my config needs more adjustments than just:
module = /usr/lib/x86_64-linux-gnu/scute/scute.so
Sep 26 2022
Yes, I meant to use Scute as pkcsc11 module for pam_pkcs11. Thanks for explaining more verbosely what I meant.
I think Werner may have confused pam_pkcs11 with gnupg-pkcs11-scd. :)
I'm not sure what you mean with using Scute as PKCS#11 provider instead of pam_pkcs11, as pam_pkcs11 is not a provider but a user of PKCS#11
BTW, I have also in mind to use an AD entry to figure out the used keyserver. It turned out that people don't like to modify the schema of their AD but instead use a separate LDS.
To proceed, I pushed an initial part as rG993820c31521: dirmngr: Factor out interrogate_ldap_dn function., which doesn't change any behavior.
Then, the point of the change will be clearer.
There is a reason why pcsc-shared is not the default ;-). Please try using Scute (best the t6002 branch until it has been merged) as pkcs#11 provider instead of pam_pkcs11. And you should of course use the stable version of GnuPG and not the LTS (2.2).
Sep 23 2022
This still did not seem to help me in making the tests working on Fedora with git master. I am still getting wrong paths to the gpgconf
gpgscm: error running '/root/gnupg/tests/tools/gpgconf': probably not installed
There is a full reproducer and more complete log in https://bugzilla.redhat.com/show_bug.cgi?id=2089075#c11
Sep 22 2022
Sep 19 2022
We want to get rid of sshcontrol but we could keep it as an optional configuration to sort keys. I won't say it is a bug, though.
just checking in about getting this patch reviewed
I hacked configure.ac of gnupg to force it build with libgpg-error 1.45, and OpenSSH works with the created pipe. Maybe the libgpg-error fix is only necessary in some certain circumstances?
Sep 14 2022
Awesome, thanks all! From an end user perspective that would be a perfectly acceptable outcome, the warning just serves to confuse people. Appreciate the help!
I have created the spin-off T6202: Kleopatra: Suppress errors of WKD lookups to deal with not bothering Kleopatra's users with error messages when doing a WKD lookup in the background. This task is for improving dirmngr.
I see what I can do
Real Passphrase is "test"
In T6014#163086, @ikloecker wrote:In T6014#163083, @aheinecke wrote:I think it is problematic that the WKD errors are shown to the user at all. Doing some random searches gives an error each time something can't be accessed.
Can you give an example other than the Syntax error issue? So far, I haven't seen any errors when doing random searches with ASCII-only "email addresses". I simply get zero results, but I don't see error messages, e.g. if the host cannot be found.
Sep 7 2022
Here is a list of possible issues:
It's not yet pushed, because it requires new release of libgpg-error (for T6112: libgpg-error,w32: bidirectional Pipe support for estream).
Sep 6 2022
I was looking for this when writing the update NEWS for the latest release and noticed that this has not been pushed yet. I really think that it would be nice to have that. Especially for Smartcard use cases.
Sep 5 2022
Sep 3 2022
Sep 2 2022
Sep 1 2022
Should be OK for mingw.org's MinGW. I cannot test the MinGW64 bits, but I trust that you did.
I encountered this issue of struct stat when compiling for x86_64 of Windows.
I'm considering this patch:
diff --git a/common/sysutils.c b/common/sysutils.c index c30f9a0ce..bbed309a8 100644 --- a/common/sysutils.c +++ b/common/sysutils.c @@ -1237,10 +1237,20 @@ int gnupg_stat (const char *name, struct stat *statbuf) { # ifdef HAVE_W32_SYSTEM +# if __MINGW32_MAJOR_VERSION > 3 + /* mingw.org's MinGW */ +# define STRUCT_STAT _stat +# elif defined(_USE_32BIT_TIME_T) + /* MinGW64 for i686 */ +# define STRUCT_STAT _stat32 +# else + /* MinGW64 for x86_64 */ +# define STRUCT_STAT _stat64i32 +# endif if (any8bitchar (name)) { wchar_t *wname; - struct _stat32 st32; + struct STRUCT_STAT st32; int ret;
Thank you for reporting, and sorry for late handling of this report.
Aug 30 2022
This looks like a different but not too uncommon problem. For T6169 we need to get a PKCS#12 file to be able to replicate the problems - obviously that PKCS#12 should hold only test keys/certs.
Aug 26 2022
Aug 24 2022
Needs to be forward ported to master
The delays are due to /usr/sbin/laptop_mode from the laptop-mode-tools package.
Inserting as well as removal is detected on my machine always only after 25 seconds
I wrote a simple testusb.c if monitoring USB devices works:
#include <stdlib.h> #include <libusb.h> #include <poll.h> #include <stdio.h>
Aug 23 2022
Aug 22 2022
exact v.2.3.8 is expected, generally I don't import Key on yubico I generate them directly from yubico itself in order to have the private Key created directly on yubico and not exportable.
Hi! I would like to add my experience about this issue.
Aug 21 2022
what's new for a possible gnupg 2.3.8 or gpg4win 4.0.4 release?
Aug 19 2022
Probably, PIPE_REJECT_REMOTE_CLIENTS mode and lpSecurityAttributes=NULL is OK.
Aug 18 2022
Yes, that patch is not a great solution. Ideally there would be an interactive choice in the gpg CLI between encrypting/signing subkey during the add-existing-subkey operation.
Aug 17 2022
This patch breaks adding existing ECDH encryption subkeys to a key because now gpg tries to treat the encryption subkey as signing subkey. This can be reproduced with test t-addexistingsubkey in gpgme.
Aug 9 2022
I am adding the gpgcom tag as this causes support problems because we do not really know if it is an invalid object with the correct passphrase or if just the passphrase is incorrect.
Aug 8 2022
Aug 4 2022
@gniibe Perfect, I got the update during the night actually. Thanks a lot for your work 🙏 .
For the firmware 5.4.3, I confirmed that it works well with the changes:
https://dev.gnupg.org/T6070#160150
Aug 3 2022
Hi lovely people,
Aug 2 2022
I have exactly this problem with yubikey here,
since i upgraded to gpg4win version 4.0.3 which contains gnupg 2.3.7 i get the same error as openpgp key not recognized.
@tigernero 2.3.8 is not yet released. Pretty sure gpg4win is a separate project, presumably you'll see a changelog entry here (as there is bumping to 2.3.7 in the latest 4.0.3) when it's in:
https://www.gpg4win.org/change-history.html
https://www.gpg4win.org/support.html
Aug 1 2022
I don't think that we need to fix things here. Important is that the WKD import uses a filter which imports only keys with the requested mail address. However, if a key with the same fingerprint already exists it will be merged.
The provided change does not look like fixing the problem for me. The path to gpgconf is still wrong and I am getting the same error both with master and with the patched tarballs:
make[2]: Entering directory '/home/jjelen/devel/gnupg/tests/tpm2dtests' LC_ALL=C EXEEXT= PATH="../gpgscm:/home/jjelen/.local/bin:/home/jjelen/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin" abs_top_srcdir="/home/jjelen/devel/gnupg" objdir="/home/jjelen/devel/gnupg" TPMSERVER="" SWTPM="/bin/swtpm" SWTPM_IOCTL="/bin/swtpm_ioctl" GNUPG_BUILD_ROOT="/home/jjelen/devel/gnupg/tests" GPGSCM_PATH="/home/jjelen/devel/gnupg/tests/gpgscm" /home/jjelen/devel/gnupg/tests/gpgscm/gpgscm \ /home/jjelen/devel/gnupg/tests/tpm2dtests/run-tests.scm gpgscm: error running '/home/jjelen/devel/gnupg/tests/tools/gpgconf': probably not installed (wait-process "/home/jjelen/devel/gnupg/tests/tools/gpgconf" 2693795 #t): Configuration error
Jul 30 2022
I can't find a url to download gnupg 2.3.8 for windows is it possible to know when gpg4win v.4.0.4 is out which fixes this bug? because currently on windows systems I am stuck using yubikey.
Jul 29 2022
It is unlikely that the tofu stuff will get into widespread use in the 2.2 version - if at all.
As 2.3.7 was released on the 11th of July, see https://lists.gnupg.org/pipermail/gnupg-announce/2022q3/000474.html
I guess that this issue should be closed and some issues moved to one with 2.3.8.
Jul 28 2022
Probably, PIPE_REJECT_REMOTE_CLIENTS mode and lpSecurityAttributes=NULL is OK.
Here is the parser output:
$ python3 sd.py --type=pipe "D:P(A;;GA;;;SY)(A;;GA;;;BA)(A;;0x12019b;;;AU)" D:P(A;;GA;;;SY)(A;;GA;;;BA)(A;;0x12019b;;;AU) Discretionary ACL: P(A;;GA;;;SY)(A;;GA;;;BA)(A;;0x12019b;;;AU) Flags: P: SE_DACL_PROTECTED (Blocks inheritance of parent's ACEs)
I think that the last argument of CreateNamedPipeA can limit the access to the named pipe.
Here is a patch to implement the functionality with --enable-win32-openssh-support.
Jul 27 2022
Backported for for 2.2.37
I just confirmed that firmware 5.4.3 works fine with the changes (to be 2.2.37 and 2.3.8).
Jul 26 2022
Jul 18 2022
as of 2.3.7 (which I just updated to) this works. ticket can be closed
Please give us more information.
- Do you change SSH program?
- If so, please check if adding configuration https://dev.gnupg.org/T5935#157674 for ssh works.
- Do you mean, reinstalling gpg 2.3.4 fixes your issue?
- Are you using with smartcard/token? Which one (Yubikey/Zeitcontrol/Gnuk), if it's the case?
Jul 15 2022
Does Yubico furnish you with devices for test...
Jul 14 2022
Thanks @gniibe. Does Yubico furnish you with devices for test, or did you have to order that at your own/the project's expense?
Jul 12 2022
I'm going to backport this to 2.2, as it found useful.
It's in 2.3.7.
Changed the tags and the title.
Fixed in 2.3.7.
Fixed in 2.3.7.
Jul 10 2022
Due to vacation the review may take some time.
Jul 8 2022
Any chance someone is able to review the posted patch?
Jul 5 2022
Let me know how best to submit it
I tried to submit the below patch to gnupg-devel@lists.gnupg.org, but get an Unrouteable address error. Let me know how best to submit it