The reset was due to running gpg-connect-agent reset /bye. I am currently testing something elese will get back as soon as I can turn back to 2.4
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Tue, Mar 19
There are two locks here; (1) rw_lock for card_top (list of cards) access and (2) individual card lock.
It looks for me that:
- don't know how/what the thread 7208.2 does
- the thread 7208.3: KEYINFO, then PKSIGN (gets read lock for card_top, then, individual card lock)
- the thread 7208.4: SERIALNO --all (and wait for write lock for card_top)
Mon, Mar 18
Mon, Mar 4
In case if someone finds it through a search.
Feb 23 2024
Removing gpgrt because we meanwhile have full utf-8 support there.
Feb 20 2024
Jan 30 2024
That is an old bug report with a couple of fixes introduced over the years. As of now we sometimes see hangs on Windows on our test VMs. The common cause here seems to be USB card reader issues. Let's close this bug and wait for another bug report with current software versions.
Jan 24 2024
No regression, assuming things work.
Jan 15 2024
All icons that are available in normal/light mode should now also be available in dark mode.
Jan 11 2024
And another note: In KF6 icon inverting happens automatically in ksvg or so, so that we don't need to ship breeze-dark anymore. And there will be a BreezeIcons library including the icons that can be used instead of the RCC file. This means we just need a quick fix for VSD and not a general solution for upstream.
One more data point: breeze-icons installs a copy of all breeze icons that do not exist in breeze-dark in the breeze-dark icons folder. So, with icon files on disk breeze-dark has all icons that breeze has even without using breeze as fallback icon theme. Looks like an oversight that the breeze-dark RCC generated by breeze-icons doesn't include missing breeze icons.
KIconTheme sets the fallback theme name to breeze, but those icons cannot be found because we only load the icon theme RCC for breeze-dark. I think we need to load both RCC files in dark mode. No, that doesn't work.
Possible reason: There's a kleopatra.svg in breeze-icons/icons, but there's none in breeze-icons/icons-dark.
Jan 10 2024
Jan 5 2024
Dec 26 2023
Dec 22 2023
Nov 28 2023
Nov 27 2023
Nov 14 2023
I'd prefer to not use the spawn helper at all. All currrent Windows versions allow to decide which handles are to be inherited and thus there is no more need for the helper.
Oct 27 2023
Thanks. I'll apply your patch.
Oct 25 2023
Oct 10 2023
I think ".UTF8" is always better than LC_TIME="" if the display string contains non-English Unicode chars.
Oct 6 2023
Oct 2 2023
Do you have any hint how I can test this? I installed Chinese-Simplified (zh_CN) but I fear switching the display Language. Maybe I should just use _wasctime and convert to utf8
Sep 29 2023
Thanks for the report and the helpful suggestion. I was anyway about to change the time format but your suggestion is better.
Sep 21 2023
Tested in VS-Desktop-3.2.0.0-beta214 by encrypting a large file with Kleopatra. The progress bar shows percentage finished, progress looks all right
Sep 8 2023
Was already with gpgme 1.21.0. Note that I used the done column but in future a milestone would be more useful than that catch all "done".
Aug 4 2023
Aug 3 2023
But shouldn't we then rather rename the shortcut of Kleopatra to: GnuPG VS-Desktop - Kleopatra ? That would make it discoverable under both names.
Our sales team gets the support calls and they have to explain that really often.
werner I strongly disagree here. There is no need for this for our software on Windows and that is definitely not the Windows way, esp. with our current feature set. Do you really think a user wants to start "GnuPG VS-Desktop" to then have a selection between Okular, Outlook, and Kleopatra? That is not how this works at all. Definitely not High priority for us if you think Kleopatra is too hard to discover then we could add another start menu entry for Kleopatra called "GnuPG VS-Desktop" but a starter that only offers to switch between Okular and Kleopatra currently does _not_ have high priority, For windows this is solved with the windows registry, If you want to make Okular - GnuPG Edition your default PDF reader you can, similarly for Kleopatra and please also keep in mind that a user wants to "Encrypt" or "Decrypt" a file. And does not necessarily care about Kleopatra.
FWIW, we also need this for Windows. ppl often ask what to do after they installed VSD because they can't find a program. Thus a menu ala Kontact is the way to go. It would be linked directly from a GnUPG Desktop entry from Windows. We can even keep the old Kleopatra becuase it does not harm. Whether the "menu" is a container window or a detached windows can be decided by the user, like GIMP and other tools do this.
Jul 24 2023
Jul 13 2023
Jul 5 2023
Jul 4 2023
Jul 3 2023
Jun 16 2023
I tested this with OpenPGP and 2.4.3-beta19 on Windows. Worked nicely.
Jun 15 2023
And of course we also need to adjust GPGME
We also need PROGRESS lines in gpgsm.
Jun 13 2023
Jun 12 2023
May 9 2023
works, no KIO error. Gpg4win-4.1.1-beta317
May 3 2023
Starting to understand KIO architecture a bit better. We can easily add more protocols if we want to. For now I have just added the file plugin. I tested with moving.
Apr 28 2023
The code for the file Job etc. is definetly in there. I think it somehow tries to intospect supported protocols maybe even through dbus and this fails then. My current expectation is that we need to identify where this happens and then to hardcode some supported jobs / workers etc.
Yes most definetly I am looking it at next
Setting priority to high because this should be fixed before the next release.
Apr 24 2023
Apr 13 2023
Fixed by rGfcbb849c26e9: speedo: Fix regression due to switching from gcc 8.3 to 10.2 for zlib build.
Apr 5 2023
Problem 2 comes from the fact, that gpg4win packages gpg 2.4.0, but the new archive code needs gpg 2.4.1.
Feb 28 2023
A finding has been that the icon theme switch is not detected at runtime. It would be nice if we could add this, especially if customers explicitly test the support for high contrast modes.
Feb 22 2023
works if you use a valid IP address
Feb 1 2023
@MathiasMagnus This change is to support Win32-OpenSSH by gpg-agent emulation of ssh-agent; You can use gpg-agent emulation of ssh-agent when you use Win32-OpenSSH. That is, you can use GPG auth subkey for Win32-OpenSSH.
Jan 31 2023
@gniibe Am I misunderstanding something? I thought that with this change one is able to connect from a Windows box to a Linux box and have GPG agent forwarding work. I am still hitting pretty much the same issue described here: https://github.com/PowerShell/Win32-OpenSSH/issues/1564
On my Windows endpoint I'm running gpg.exe version 2.4.0.49237 and in C:\Users\mate\AppData\Roaming\gnupg\gpg-agent.conf I have a single line enable-win32-openssh-support. Running gpg-connect-agent.exe reloadagent /bye I have a gpg-agent running. Get-Process gpg-agent shows that it's running. In my Windows env I have SSH_AUTH_SOCK set to \\.\pipe\openssh-ssh-agent and my Linux endpoint is configured in SSH config with
ForwardAgent yes AddKeysToAgent yes RemoteForward /run/user/1015/gnupg/S.gpg-agent C\:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra
As the remote end reports /run/user/1015/gnupg/S.gpg-agent that socket for agent-socket when issuing gpgconf --list-dirs and my local gpgconfg.exe --list-dirs reports C%3a\Users\mate\AppData\Local\gnupg\S.gpg-agent.extra where I transform %3a to \: manually. SSH authentication works perfectly, when connecting pinentry-qt pops up to unlock my key and when connecting to yet another machine, my SSH agent is forwarded again. However, gpg fails to use my agent. Issuing gpg --list-secret-keys --verbose prints the following to the console:
gpg --list-secret-keys --verbose gpg: using pgp trust model getsockopt SO_ERROR failed connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed. gpg: no running gpg-agent - starting '/usr/bin/gpg-agent' getsockopt SO_ERROR failed connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed. gpg: waiting for the agent to come up ... (5s) getsockopt SO_ERROR failed connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed. getsockopt SO_ERROR failed connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed. getsockopt SO_ERROR failed connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed. getsockopt SO_ERROR failed connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed. getsockopt SO_ERROR failed connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed. getsockopt SO_ERROR failed connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed. gpg: waiting for the agent to come up ... (4s) gpg: waiting for the agent to come up ... (3s) gpg: waiting for the agent to come up ... (2s) gpg: waiting for the agent to come up ... (1s) gpg: can't connect to the agent: End of file
What is missing to tie the knot on both ends without having to resort to 3rd party tools like @rupor-github 's agent-gui? The remote gpg version is 2.2.19, is that the issue? Must that also be 2.3.9+?
Jan 19 2023
Jan 11 2023
Putting up for grabs and removing Kleopatra tag since for Kleopatra users this has been fixed (unless they manage to trigger multiple separate concurrent imports in Kleopatra).
Dec 23 2022
@ikloecker You are right, I only thought of public key import. Then lets serialize this. Might even make for a nicer Progressbar if we count the outstanding files.
Dec 22 2022
In T4505#166463, @aheinecke wrote:I have an Idea. Can't we read all data into memory in Kleopatra (for Certificates this should be ok) and then give this to GPGME as a single data object. So that only one process imports multiple files?
In T4505#166390, @ikloecker wrote:I really don't want to bypass gpgme and then parse the import results and all other status output of gpgsm ourselves. I'll go for Andre's suggestion and serialize imports of multiple files.
Thanks all. It is a bug in Win32 OpenSSH. https://github.com/PowerShell/Win32-OpenSSH/issues/1953 it is already fixed. I think the issue will be resolved after the update is shipped. I could use ssh -T git@github.com as a workaround.
Well, not our bug... it's a kind of support question and answer:
This might help: https://stackoverflow.com/questions/3844393/what-to-do-about-pty-allocation-request-failed-on-channel-0
Dec 21 2022
I really don't want to bypass gpgme and then parse the import results and all other status output of gpgsm ourselves. I'll go for Andre's suggestion and serialize imports of multiple files.
This does not look like a problem in GnuPG/gpg4win because gnupg implements the ssh-agent protocol and not the ssh server or client functionality. ssh tells sshd whether it shall allocate a PTY (Pseudo TTY). I don't use ssh with github but it is likely that you may only run commands (which don't require a PTY). Usually you would invoke a "git" command cia ssh.
I meant bypass the gpgme engine and call gpgsm directly. Maybe using gpgme's spawn engine. But I am not sure whether this is really a good idea. If we can find a way to pass multiple filenames to gpgsm --server that would be better. But requires updates to gpgsm.
Authentication succeed if I pressed enter after:PTY allocation request failed on channel 0
I try WinGPG 4.1.0, and I receive an error:
ssh git@github.com
PTY allocation request failed on channel 0
@werner Do I understand correctly that by "It might be easier to bypass the gpgsm and run gpgsm directly" you mean using gpgsm in server mode? Or what do you mean with "bypass gpgsm and run gpgsm" (which seems contradictory).
Dec 20 2022
With 100 concurrently running gpgsm processes they all try to get the lock for the keyring. And they need to do this several times and often also for the same certificate (fetched from an external resource to complete the chain). Not good. It might be easier to bypass the gpgsm and run gpgsm directly instead of adding a feature to gpgsm to directly import from many files.
Sure, we could do this. Shouldn't make the ImportCertificatesCommand much more complex than it already is.
Reopening this as there still seem to be ways to run into a deadlock as was reported in RT#13361. While I still think this points to some issue in gpgsm, when Testing this I found the behavior of Kleopatra to be wrong.
Dec 16 2022
@raysatiro: Please re-open if you are able to give us a reproducer
Dec 6 2022
Not so fun fact: If you enter tcp://1.2.3.4:10001 (literally) as value for gpg-agent's log file, then on save gpgconf calls
gpg-connect-agent --homedir /home/ingo/dev/g10/.gnupghomes/utf16 --no-autostart RELOADAGENT
which hangs (probably trying to connect to the not existing IP address or to the blocked port). This also makes Kleopatra hang.
Dec 5 2022
Windows accepts forward slashes in all API calls. Users are sometimes confused by this but this is a documented feature for ages in the API.
But what about real Windows filenames?