FS#63666 : [libsecret] 0.19.0-1 breaks signing with gpg-agent and pinentry

FS#63666 - [libsecret] 0.19.0-1 breaks signing with gpg-agent and pinentry

Attached to Project: Arch Linux
Opened by Matthew Sexton (wsdmatty) - Thursday, 05 September 2019, 14:34 GMT
Last edited by Jan Alexander Steffens (heftig) - Thursday, 05 September 2019, 18:47 GMT

Task Type	Bug Report
Category	Packages: Testing
Status	Closed
Assigned To	Jan Alexander Steffens (heftig)
Architecture	x86_64
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	2 Chih-Hsuan Yen (yan12125) (2019-09-05) Daniel M. Capella (polyzen) (2019-09-05)
Private	No

Details

Description:
Since updating libsecret to 0.19.0-1, any gpg usage that would call pinentry to receive my passphrase freezes. I noticed it initially with makepkg, but I have tested gpg -s (file) and gpg -e/d (file).

To confirm that it was libsecret, I disabled testing repo and downgraded everything back to stable. I then added libsecret to ignorepkg in /etc/pacman.conf and re-enabled testing repos. pacman -Syu updated everything but libsecret and the problem was gone. I removed libsecret from ignorepkg and upgraded it to 0.19.0.1 and the problem returned.

I am able to run pinentry/pinentry-qt and make it display windows and accept entry, so it seems like gpg-agent and pinentry aren't talking quite right.

I have included a section of logs with annotation.

See attached, or hosted here:
https://bpaste.net/show/d0qC

I searched on le google for any references to this issue and found nothing relevant. One said to kill gpg-agent, but was in response to using gpg over ssh and ttys not matching. Another was from 2008 and spontaneously resolved in a later version (gnupg 2.0.10rc1, pinentry (0.7.5)

Versions:
gnnupg 2.2.17-2
pinentry 1.1.0-4
libsecret 0.19.0-1
libassaun 2.5.3-1
libgcrypt 1.8.5-1

As far as I know, everything is "Most Recent In Repository", as I run pacman -Syu (package) for every install and pacman -Syu daily regardless.

Steps to reproduce:
Upgrade to latest Testing.
Have GPG key
Attempt to sign file, make package, decrypt file with gpg through gpg-agent and pinentry

journalctl.log (2.7 KiB)

This task depends upon

Closed by Jan Alexander Steffens (heftig)
Thursday, 05 September 2019, 18:47 GMT
Reason for closing: Fixed
Additional comments about closing: libsecret 0.19.0-2

Comment by Chih-Hsuan Yen (yan12125) - Thursday, 05 September 2019, 16:00 GMT

For me the freeze issue is gone after installing gnome-keyring.

Alternatively, I also found that add "no-allow-external-cache" to ~/.gnupg/gpg-agent.conf makes gpg works without gnome-keyring. (Don't forget to restart gpg-agent~)

Comment by Jan Alexander Steffens (heftig) - Thursday, 05 September 2019, 16:47 GMT

Should be fixed in libsecret 0.19.0-2.

Comment by Eli Schwartz (eschwartz) - Thursday, 05 September 2019, 16:48 GMT

I was trying to figure out why this worked fine in one place, but I could successfully duplicate it on another box... then I realized the one where it worked had "ignore-cache-for-signing".

Comment by Jan Alexander Steffens (heftig) - Thursday, 05 September 2019, 17:02 GMT

https://gitlab.gnome.org/GNOME/libsecret/merge_requests/36

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#63666 - [libsecret] 0.19.0-1 breaks signing with gpg-agent and pinentry

Details

Loading...