Page MenuHome GnuPG
Feed Advanced Search

Jun 1 2017

ilovezfs added a comment to T3181: GPGME's GpgmeppConfig.cmake uses .so not .dylib on macOS.

@aheinecke thanks! My apologies for not making that clear in the initial report.

Jun 1 2017, 11:27 AM · gpgme, Bug Report
ilovezfs added a comment to T3181: GPGME's GpgmeppConfig.cmake uses .so not .dylib on macOS.

@aheinecke Yes, the issue is with INTERFACE_LINK_LIBRARIES not IMPORTED_LOCATION.

Jun 1 2017, 11:01 AM · gpgme, Bug Report

May 25 2017

ilovezfs created T3181: GPGME's GpgmeppConfig.cmake uses .so not .dylib on macOS.
May 25 2017, 4:35 PM · gpgme, Bug Report

May 17 2017

ilovezfs added a comment to T2980: ssh-import.scm fails during "make check" with gnupg 2.1.19.

Yes that fixes it!

May 17 2017, 4:22 AM · MacOS, Bug Report, gnupg

Apr 5 2017

ilovezfs closed T3047: decrypt-unwrap-verify.scm "make check" failure with gnupg 2.1.20 as Resolved.
Apr 5 2017, 3:45 PM
ilovezfs added a comment to T3047: decrypt-unwrap-verify.scm "make check" failure with gnupg 2.1.20.

@justus no problem. Looks like it works now with 01e84d429aeeb1450012ff0576a6a24de50693c6!

Apr 5 2017, 3:45 PM
ilovezfs added a comment to T3047: decrypt-unwrap-verify.scm "make check" failure with gnupg 2.1.20.

Incidentally, without any of the new commits, it does "work" to reverse the order of make check and make install again.

Apr 5 2017, 3:10 PM
ilovezfs added a comment to T3047: decrypt-unwrap-verify.scm "make check" failure with gnupg 2.1.20.

@justus hmm … still seems to be failing even with the new commits:

Apr 5 2017, 2:51 PM

Apr 4 2017

ilovezfs created T3047: decrypt-unwrap-verify.scm "make check" failure with gnupg 2.1.20 in the S1 Public space.
Apr 4 2017, 4:55 PM

Mar 15 2017

ilovezfs reopened T2979: "make check" cannot run before "make install" with gnupg 2.1.19 as "Open".
Mar 15 2017, 3:30 PM · gnupg, Bug Report, Duplicate
ilovezfs added a comment to T2979: "make check" cannot run before "make install" with gnupg 2.1.19.

Yup! Fix works. Thanks, Justus.

Mar 15 2017, 3:30 PM · gnupg, Bug Report, Duplicate
ilovezfs added a comment to T2979: "make check" cannot run before "make install" with gnupg 2.1.19.

voilà: https://gist.github.com/ilovezfs/7979ace5e07e08fbb63155fd78c70d38

Mar 15 2017, 2:08 PM · gnupg, Bug Report, Duplicate
ilovezfs added a comment to T2979: "make check" cannot run before "make install" with gnupg 2.1.19.

You're welcome. By the way, you may be interested in this PR since you are
obviously a stakeholder in the matter:
https://github.com/Homebrew/homebrew-core/pull/11083

Please feel free to comment/suggest/etc. if you have any thoughts!

Mar 15 2017, 11:02 AM · gnupg, Bug Report, Duplicate
ilovezfs added a comment to T2979: "make check" cannot run before "make install" with gnupg 2.1.19.

Any other suggestions?

Mar 15 2017, 9:30 AM · gnupg, Bug Report, Duplicate

Mar 9 2017

ilovezfs added a comment to T2980: ssh-import.scm fails during "make check" with gnupg 2.1.19.

4ce4f2f683a17be3ddb93729f3f25014a97934ad allows make check to complete without
the other workaround. So it works as advertised! Thanks, Niibe and Justus.

Mar 9 2017, 3:35 PM · MacOS, Bug Report, gnupg
ilovezfs added a comment to T2979: "make check" cannot run before "make install" with gnupg 2.1.19.

Sure: https://gist.github.com/ilovezfs/c0754cd0f5795b4830cc55cec1b0d016

Mar 9 2017, 2:58 PM · gnupg, Bug Report, Duplicate

Mar 2 2017

ilovezfs added a comment to T2980: ssh-import.scm fails during "make check" with gnupg 2.1.19.

Thanks to you and thanks to Niibe in advance :)

Mar 2 2017, 3:05 PM · MacOS, Bug Report, gnupg
ilovezfs added a comment to T2980: ssh-import.scm fails during "make check" with gnupg 2.1.19.

And it has now passed CI:
https://github.com/Homebrew/homebrew-versions/pull/1536
https://bot.brew.sh/job/Homebrew%20Versions%20Pull%20Requests/1824/

So I've merged the PR.

Mar 2 2017, 2:37 PM · MacOS, Bug Report, gnupg
ilovezfs added a comment to T2980: ssh-import.scm fails during "make check" with gnupg 2.1.19.

The patch works!

Mar 2 2017, 2:16 PM · MacOS, Bug Report, gnupg
ilovezfs added a comment to T2980: ssh-import.scm fails during "make check" with gnupg 2.1.19.

Here's the referenced crash file:
https://gist.github.com/ilovezfs/ebfccf2515fc7d7952edcc4c13ff8013

Mar 2 2017, 12:09 PM · MacOS, Bug Report, gnupg
ilovezfs added a comment to T2980: ssh-import.scm fails during "make check" with gnupg 2.1.19.

Here's what's happening in the system log when the failed test runs:

Mar  2 03:06:53 iMac-TMP com.apple.xpc.launchd[1] (com.apple.auditd[39537])
<Warning>: Endpoint has been activated through legacy launch(3) APIs. Please
switch to XPC or bootstrap_check_in(): com.apple.auditd
Mar  2 03:06:53 iMac-TMP com.apple.ctkpcscd[39536] <Notice>:
SecTaskLoadEntitlements failed error=22
Mar  2 03:06:53 iMac-TMP com.apple.ctkpcscd[39536] <Warning>: Refusing sandboxed
PCSC.framework client without com.apple.security.smartcard entitlement
Mar  2 03:06:53 iMac-TMP joe[39540] <Warning>: audit warning: soft /var/audit
Mar  2 03:06:53 iMac-TMP joe[39541] <Warning>: audit warning: allsoft 
Mar  2 03:06:54 iMac-TMP joe[39544] <Warning>: audit warning: closefile
/var/audit/20170302110453.20170302110653
Mar  2 03:06:54 iMac-TMP com.apple.ctkpcscd[39536] <Notice>:
SecTaskLoadEntitlements failed error=22
Mar  2 03:06:54 iMac-TMP com.apple.ctkpcscd[39536] <Warning>: Refusing sandboxed
PCSC.framework client without com.apple.security.smartcard entitlement
Mar  2 03:06:54 iMac-TMP com.apple.xpc.launchd[1] (com.apple.ReportCrash[39548])
<Warning>: Endpoint has been activated through legacy launch(3) APIs. Please
switch to XPC or bootstrap_check_in(): com.apple.ReportCrash
Mar  2 03:06:54 iMac-TMP ReportCrash[39548] <Notice>: Saved crash report for
scdaemon[39535] version 0 to
/Users/joe/Library/Logs/DiagnosticReports/scdaemon_2017-03-02-030654_iMac-TMP.crash
Mar 2 2017, 12:07 PM · MacOS, Bug Report, gnupg
ilovezfs added a comment to T2980: ssh-import.scm fails during "make check" with gnupg 2.1.19.

Can you please give us ssh -V, and describe the sandbox environment? Does it
affect which ssh version is used?

It's the system default. There's no other version of ssh that gets installed.
Our own ssh formula is homebrew/dupes/openssh and is explicitly barred from
being used as a dependency by anything else, as is anything else in homebrew/dupes.

10.12.3
robotunicorn ~ # ssh -V
OpenSSH_7.3p1, LibreSSL 2.4.1

10.11.6
iMac-TMP:~ joe$ ssh -V
OpenSSH_6.9p1, LibreSSL 2.1.8

yosemitevm ~ # ssh -V
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011

Regarding the sandbox, here's where it's implemented:
https://github.com/Homebrew/brew/blob/master/Library/Homebrew/sandbox.rb

It's invoked as

/usr/bin/sandbox-exec -f /tmp/homebrew20170302-24230-1xmlw7l.sb nice
/System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/bin/ruby -W0 -I
/usr/local/Homebrew/Library/Homebrew --
/usr/local/Homebrew/Library/Homebrew/build.rb
/usr/local/Homebrew/Library/Taps/homebrew/homebrew-versions/gnupg21.rb

The contents of the .sb file are as follows:

iMac-TMP:~ joe$ cat /tmp/homebrew20170302-24230-1xmlw7l.sb
(version 1)
(debug deny) ; log all denied operations to /var/log/system.log
(allow file-write* (subpath "/private/tmp"))
(allow file-write* (subpath "/private/var/tmp"))
(allow file-write* (regex #"^/private/var/folders/[^/]+/[^/]+/[C,T]/"))
(allow file-write* (subpath "/private/tmp"))
(allow file-write* (subpath "/Users/joe/Library/Caches/Homebrew"))
(allow file-write* (subpath "/Users/joe/Library/Logs/Homebrew/gnupg21"))
(allow file-write* (subpath "/Users/joe/Library/Developer"))
(allow file-write* (subpath "/usr/local/Cellar/gnupg21"))
(allow file-write* (subpath "/usr/local/etc"))
(allow file-write* (subpath "/usr/local/var"))
(allow file-write*
    (literal "/dev/ptmx")
    (literal "/dev/dtracehelper")
    (literal "/dev/null")
    (literal "/dev/zero")
    (regex #"^/dev/fd/[0-9]+$")
    (regex #"^/dev/ttys?[0-9]*$")
    )
(deny file-write*) ; deny non-whitelist file write operations
(allow process-exec
    (literal "/bin/ps")
    (with no-sandbox)
    ) ; allow certain processes running without sandbox
(allow default) ; allow everything else

The environment variables themselves are not different between sandboxed and
non-sandboxed builds.

Mar 2 2017, 11:46 AM · MacOS, Bug Report, gnupg
ilovezfs added a comment to T2980: ssh-import.scm fails during "make check" with gnupg 2.1.19.

Here's the successful log with --no-sandbox:
https://gist.githubusercontent.com/ilovezfs/a886421569e625d0b7051cf8e9bfea53/raw/77aec417f54ed3d996eb340f826de9d7569088f5/gistfile1.txt

Mar 2 2017, 10:52 AM · MacOS, Bug Report, gnupg
ilovezfs added a comment to T2980: ssh-import.scm fails during "make check" with gnupg 2.1.19.

mkdir /run/user/YOURUID

/run is not a thing on macOS. /var/run is but requires root access. The default
socket location on macOS is

iMac-TMP:~ joe$ ls -al /tmp/com.apple.launchd.OWt2QNcw7V
total 0
drwx------   2 joe   wheel   102 Mar  1 21:13 .
drwxrwxrwt  76 root  wheel  2686 Mar  2 00:44 ..
srw-rw-rw-   1 joe   admin     0 Mar  1 21:13 Listeners

One such directory and socket are created for each user when using ssh.

Note that I had tried hacking in /usr/local/var/run in place of your /run, and
creating the directory, etc., which the test did proceed to use but it didn't
resolve the problem. (I had done that before reporting here.)

Mar 2 2017, 10:16 AM · MacOS, Bug Report, gnupg
ilovezfs added a comment to T2980: ssh-import.scm fails during "make check" with gnupg 2.1.19.

Yup! And remember, that was only a <= 10.10 issue, whereas the new "fun" is
across the board, 10.10, 10.11, and 10.12 (probably <= 10.9 too but we don't
test those).

Mar 2 2017, 10:11 AM · MacOS, Bug Report, gnupg
ilovezfs added a comment to T2980: ssh-import.scm fails during "make check" with gnupg 2.1.19.

Your T2947 says otherwise. So does T2847. Can you please clarify that?

Sure. I'm referring to 2.1.18 with your subsequent fixes. See
https://github.com/Homebrew/homebrew-versions/commit/8243792932da5b7746bf229d4b63abd7592b21b3
which has the relevant patches (thank you) on the left side of the diff.

Mar 2 2017, 9:54 AM · MacOS, Bug Report, gnupg
ilovezfs added a comment to T2979: "make check" cannot run before "make install" with gnupg 2.1.19.

macOS 10.10, 10.11, 10.12

They're nearly the same, but T2980 has the workaround for this issue in
place (running make install first), so that it's clear the ssh-import.scm
problem is an independent issue.

Mar 2 2017, 9:33 AM · gnupg, Bug Report, Duplicate
ilovezfs added a comment to T2980: ssh-import.scm fails during "make check" with gnupg 2.1.19.

Mar 2 2017, 7:21 AM · MacOS, Bug Report, gnupg
ilovezfs added projects to T2980: ssh-import.scm fails during "make check" with gnupg 2.1.19: gnupg, Bug Report.
Mar 2 2017, 7:21 AM · MacOS, Bug Report, gnupg
ilovezfs added a project to T2979: "make check" cannot run before "make install" with gnupg 2.1.19: Bug Report.
Mar 2 2017, 7:04 AM · gnupg, Bug Report, Duplicate

Feb 17 2017

ilovezfs added a comment to T2933: gnupg-2.1.18 fails to read a Yubikey Neo that gnupg-2.1.17 reads fine.

dkg thank you. One of the user reporting the issue has confirmed that fixes it:
https://github.com/Homebrew/homebrew-versions/pull/1527#issuecomment-280667350

Feb 17 2017, 4:18 PM · Bug Report, gnupg

Feb 16 2017

ilovezfs added a comment to T2933: gnupg-2.1.18 fails to read a Yubikey Neo that gnupg-2.1.17 reads fine.

We have Homebrew users reporting this problem to us.

https://github.com/Homebrew/homebrew-versions/commit/bece3fdbb732bcf646589c051f2f882e2bbf0875#commitcomment-20846337
https://github.com/Homebrew/homebrew-versions/commit/bece3fdbb732bcf646589c051f2f882e2bbf0875#commitcomment-20910048

"I had to revert to 2.1.17, gnupg was unable to access my yubikey with 2.1.18.
The error was "gpg: selecting openpgp failed: Operation not supported by
device". Not sure if I'm the only one with the problem, if not I'd recommend
reverting the version."

Feb 16 2017, 2:41 PM · Bug Report, gnupg

Feb 7 2017

ilovezfs added a comment to T2847: ssh.scm fails to import ecdsa key on macOS.

Here's the make check verbose=2 log for 2.1.18 on macOS 10.10.5 Yosemite:
https://gist.github.com/ilovezfs/d9de58955697858a1eb3c6d3a5e48bea

And ssh -V:
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011

Feb 7 2017, 12:12 PM · MacOS, Bug Report, gnupg
ilovezfs added a comment to T2947: ssh-import.scm test fails on Yosemite.

I feel that this is the very same issue as T2847

I assumed they were different issues since this is ssh-import.scm and that was
ssh.scm.

I asked what version of ssh you were using over there, and sadly you

did not react.

Sorry

Feb 7 2017, 11:48 AM · Bug Report, gnupg
ilovezfs added a comment to T2947: ssh-import.scm test fails on Yosemite.

Additional findings. If I depend on homebrew/dupes/openssh (which is not
actually permissible in homebrew/core, but just for the sake of testing this
here), then the test passes. The homebrew/dupes/openssh formula is 7.4p1, so
this bug appears to be specific to 6.2p2 (possible all of 6.2 or all of 6.x?)

Feb 7 2017, 9:51 AM · Bug Report, gnupg
ilovezfs added a comment to T2947: ssh-import.scm test fails on Yosemite.

Note this is

yosemitevm:brew brew$ ssh -V
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
Feb 7 2017, 9:36 AM · Bug Report, gnupg
ilovezfs added projects to T2947: ssh-import.scm test fails on Yosemite: gnupg, Bug Report.
Feb 7 2017, 9:34 AM · Bug Report, gnupg
ilovezfs set Version to 2.18 on T2947: ssh-import.scm test fails on Yosemite.
Feb 7 2017, 9:34 AM · Bug Report, gnupg

Nov 20 2016

ilovezfs added a comment to T2425: 2.1.14 intermittent `make check` failure on gpgtar.scm.

The ssh.scm failure is still happening intermittently with 2.1.16

https://bot.brew.sh/job/Homebrew%20Versions%20Pull%20Requests/1733/version=yosemite/console

$ ssh -V
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011

Nov 20 2016, 6:53 PM · MacOS, gnupg, gnupg (gpg22), Bug Report
ilovezfs added a comment to T2847: ssh.scm fails to import ecdsa key on macOS.

Ah I spoke too soon. Just got the ssh.scm:
https://bot.brew.sh/job/Homebrew%20Versions%20Pull%20Requests/1733/version=yosemite/console

Nov 20 2016, 6:49 PM · MacOS, Bug Report, gnupg
ilovezfs added a comment to T2846: Regression: build needs -lintl for macOS.

No problem. Thanks for looking into it.

Nov 20 2016, 6:47 PM · Bug Report, gnupg
ilovezfs added a comment to T2847: ssh.scm fails to import ecdsa key on macOS.

Everything looks fine now that I removed all of the dependencies and started
from a blank slate. Sorry for the noise.

So far I'm not seeing the old "FAIL: gpgtar.scm" and "FAIL: ssh.scm"

Were those specifically fixed in some new commit(s), or am I just lucky so far?

Nov 20 2016, 6:32 PM · MacOS, Bug Report, gnupg

Nov 19 2016

ilovezfs set Version to 2.1.16 on T2847: ssh.scm fails to import ecdsa key on macOS.
Nov 19 2016, 12:31 PM · MacOS, Bug Report, gnupg
ilovezfs added projects to T2847: ssh.scm fails to import ecdsa key on macOS: gnupg, Bug Report.
Nov 19 2016, 12:31 PM · MacOS, Bug Report, gnupg
ilovezfs set Version to 2.1.16 on T2846: Regression: build needs -lintl for macOS.
Nov 19 2016, 12:17 PM · Bug Report, gnupg
ilovezfs added projects to T2846: Regression: build needs -lintl for macOS: gnupg, Bug Report.
Nov 19 2016, 12:17 PM · Bug Report, gnupg

Jul 26 2016

ilovezfs added a comment to T2425: 2.1.14 intermittent `make check` failure on gpgtar.scm.

Hi Justus,

Thanks for your response. In further testing, I was able to trigger the "FAIL:
gpgtar.scm" during a make check for 2.1.13 (actually "FAIL: gpgtar.test" for
2.1.13 since it's pre-tiny-scheme). In particular, it's vanilla 2.1.13 + your
fix in 8f79c31b. So I think what may be going on is that 8f79c31b didn't
actually fully resolve that problem after all since I've now seen it occur, with
that commit included, in 2.1.13, and in 2.1.14, and in HEAD.

Tbere were two cases where a more specific error was emitted:

In one run, I saw this:

((/private/tmp/gnupg21-20160725-43964-l18ixl/gnupg-2.1.14/tools/gpgtar --gpg
/private/tmp/gnupg21-20160725-43964-l18ixl/gnupg-2.1.14/g10/gpg --gpg-args
--no-permission-warning --always-trust --tar-args --directory=. --decrypt
/tmp/gpgscm-PgAlmV/archive) failed: gpgtar: gpg: [don't know]: invalid packet
(ctb=2d)
gpgtar: gpg: [don't know]: invalid packet (ctb=2a)
gpgtar: error running
'/private/tmp/gnupg21-20160725-43964-l18ixl/gnupg-2.1.14/g10/gpg': exit status 2
) 
FAIL: gpgtar.scm

and in another run I saw this

Checking gpgtar with signature 
((/private/tmp/gnupg21-20160726-74591-maikty/gnupg-2.1.14/tools/gpgtar --gpg
/private/tmp/gnupg21-20160726-74591-maikty/gnupg-2.1.14/g10/gpg --gpg-args
--no-permission-warning --always-trust --tar-args --directory=. --decrypt
/tmp/gpgscm-0U4bUB/archive) failed: gpgtar: gpg: Fatal: zlib inflate problem:
invalid block type
gpgtar: error running
'/private/tmp/gnupg21-20160726-74591-maikty/gnupg-2.1.14/g10/gpg': exit status 2
) 
FAIL: gpgtar.scm

It's also worth noting that I've only been able to trigger the problem on
Jenkins during CI, not locally, so I don't know if the lack of TTY is relevant
or something like that.

I will do the ssh check you requested.

Jul 26 2016, 6:37 PM · MacOS, gnupg, gnupg (gpg22), Bug Report
ilovezfs added a comment to T2425: 2.1.14 intermittent `make check` failure on gpgtar.scm.

I have now tested HEAD at revision 4ba11251aff578394000bf480f47160f0879c763 and
2.1.13 (including this patch
https://raw.githubusercontent.com/Homebrew/formula-patches/7b2211b/gnupg21/spawned_child_8f79c31b.diff)

The results are

  1. The "FAIL: gpgtar.scm" does *not* affect the patched 2.1.13, so it appears to

be a regression.

  1. The "FAIL: gpgtar.scm" is not fixed in HEAD at

4ba11251aff578394000bf480f47160f0879c763.

  1. There is a further regression in HEAD at

4ba11251aff578394000bf480f47160f0879c763, which seems not to be found in 2.1.14:

PASS: default-key.scm
Checking key export 
    > D74C5F22 C40FDECF ECABF51D <  
PASS: export.scm
Importing ssh keys... 
    > dsa key not added 
FAIL: ssh.scm
Checking passphrase cache (issue2015)... 
PASS: T2015.scm
Checking import statistics (issue2346)... 
PASS: T2346.scm
Jul 26 2016, 12:19 AM · MacOS, gnupg, Bug Report, gnupg (gpg22)

Jul 25 2016

ilovezfs added a comment to T2425: 2.1.14 intermittent `make check` failure on gpgtar.scm.

Here's the relevant snippet:

PASS: tofu.scm
Checking gpgtar without encryption 
Checking gpgtar without encryption with nicer actions 
Checking gpgtar with asymmetric encryption 
Checking gpgtar with asymmetric encryption and signature 
Checking gpgtar with signature 
((/private/tmp/gnupg21-20160725-43964-l18ixl/gnupg-2.1.14/tools/gpgtar --gpg
/private/tmp/gnupg21-20160725-43964-l18ixl/gnupg-2.1.14/g10/gpg --gpg-args
--no-permission-warning --always-trust --tar-args --directory=. --decrypt
/tmp/gpgscm-PgAlmV/archive) failed: gpgtar: gpg: [don't know]: invalid packet
(ctb=2d)
gpgtar: gpg: [don't know]: invalid packet (ctb=2a)
gpgtar: error running
'/private/tmp/gnupg21-20160725-43964-l18ixl/gnupg-2.1.14/g10/gpg': exit status 2
) 
FAIL: gpgtar.scm
Importing public key. 
Checking that the most recent, valid signing subkey is used by default 
    > 8BC90111 3E880CFF F5F77B83 45117079 1EA97479 <  
Checking that we can select a specific signing key 
    > 8BC90111 F5F77B83 1EA97479 <  
PASS: use-exact-key.scm
Importing public key.
Jul 25 2016, 6:40 PM · MacOS, gnupg, Bug Report, gnupg (gpg22)
ilovezfs added a comment to T2425: 2.1.14 intermittent `make check` failure on gpgtar.scm.

Yeah, unfortunately this is still happening even with my attempt to fix it with
deparallelization, so that's not the issue.

macOS 10.9 build bot has failed in the same place again.

Jul 25 2016, 6:38 PM · MacOS, gnupg, Bug Report, gnupg (gpg22)
ilovezfs added a project to T2425: 2.1.14 intermittent `make check` failure on gpgtar.scm: Bug Report.
Jul 25 2016, 4:01 PM · MacOS, gnupg, Bug Report, gnupg (gpg22)