Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#75746 - [gnupg] ssh-authenticaton broken in 2.2.37-1

Attached to Project: Arch Linux
Opened by Max Berndt (Mexx77) - Tuesday, 30 August 2022, 13:08 GMT
Last edited by David Runge (dvzrv) - Friday, 02 September 2022, 21:16 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Lukas Fleischer (lfleischer)
David Runge (dvzrv)
Levente Polyak (anthraxx)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:
ssh authentication does not work. with previous version (2.2.36) it works.
I can do
$ ssh-add -l
4096 SHA256:9xxxxxxxxxxxxxxxxxxxxxxxxxxxx
$ ssh -T git@github.com
(pinentry prompt)
Successfully authenticated at Github

Additional info:
* package version: 2.2.37-1

Steps to reproduce:
$ ssh-add -l
4096 SHA256:9xxxxxxxxxxxxxxxxxxxxxxxxxxxx
$ ssh -T git@github.com
(no pinentry prompt)
sign_and_send_pubkey: signing failed for RSA "cardno:9" from agent: communication with agent failed
git@github.com: Permission denied (publickey).
This task depends upon

Closed by  David Runge (dvzrv)
Friday, 02 September 2022, 21:16 GMT
Reason for closing:  Fixed
Additional comments about closing:  Fixed with gnupg 2.2.39-1
Comment by Maik Schaefer (linxpert) - Wednesday, 31 August 2022, 11:26 GMT
I can confirm this. Using a Yubikey for SSH authentication is not working anymore.
It seems gpg-agent process cannot be started anymore.

Aug 31 13:37:22 xxxx systemd[714]: Started GnuPG cryptographic agent and passphrase cache.
Aug 31 13:37:22 xxxx gpg-agent[42854]: gpg-agent[42854]: enabled debug flags: ipc
Aug 31 13:37:22 xxxx gpg-agent[42856]: scdaemon[42856]: enabled debug flags: ipc
Aug 31 13:37:22 xxxx systemsettings[42466]: Refreshing user units...
Aug 31 13:37:22 xxxx kernel: gpg-agent[42855]: segfault at 0 ip 0000556412172379 sp 00007f2dcc5db9f0 error 4 in gpg-agent[556412145000+33000]
Aug 31 13:37:22 xxxx kernel: Code: 01 00 4c 89 e7 ff 15 46 84 01 00 e9 be fe ff ff 48 89 ef 4c 8d 25 a9 a6 00 00 ff 15 79 84 01 00 48 89 44 24 18 48 8b 44 24 58 <4c> 8b 38 48 89 44 24 20 4d 89 fd 4d 85 ff 0f 84 c8 04 00 00 0f 1f
Aug 31 13:37:22 xxxx systemd[1]: Started Process Core Dump (PID 42862/UID 0).
Aug 31 13:37:22 xxxx systemsettings[42466]: Refreshing user units...
Aug 31 13:37:22 xxxx systemd-coredump[42863]: Resource limits disable core dumping for process 42854 (gpg-agent).
Aug 31 13:37:22 xxxx systemd-coredump[42863]: [🡕] Process 42854 (gpg-agent) of user 1000 dumped core.
Aug 31 13:37:22 xxxx systemd[1]: systemd-coredump@6-42862-0.service: Deactivated successfully.
Aug 31 13:37:22 xxxx systemd[714]: gpg-agent.service: Main process exited, code=dumped, status=11/SEGV
Aug 31 13:37:22 xxxx systemd[714]: gpg-agent.service: Failed with result 'core-dump'.
Comment by Kyle (2bluesc) - Wednesday, 31 August 2022, 22:44 GMT
I'm seeing an identical segfault and core dump on 2.2.37-1 with a Yubikey configured as a smart card for SSH configuration.

Downgrading to `2.2.36-1` immediately fixed the issue and works.
Comment by Toolybird (Toolybird) - Thursday, 01 September 2022, 04:49 GMT
So, it's crashing. This pkg has debug enabled so can someone please get a trace [1]? Has anyone notified upstream?

[1] https://wiki.archlinux.org/title/Debugging/Getting_traces
Comment by Christopher Schramm (cschramm) - Thursday, 01 September 2022, 13:14 GMT
https://dev.gnupg.org/T6176
Comment by Max Berndt (Mexx77) - Friday, 02 September 2022, 06:59 GMT
was fixed upstream and newly released (2.2.38, 2022-09-01). Please release 2.2.38 here as well.
Comment by Christopher Schramm (cschramm) - Friday, 02 September 2022, 08:01 GMT
No, the fix is not in 2.2.38.
Comment by Max Berndt (Mexx77) - Friday, 02 September 2022, 09:38 GMT
sorry, didn't look close enough. Assumed it because Werner said "he would probably make a new release" and then there was a release yesterday.
Comment by Max Berndt (Mexx77) - Friday, 02 September 2022, 19:45 GMT
but its fixed in 2.2.39 https://dev.gnupg.org/T6175 :)
Comment by David Runge (dvzrv) - Friday, 02 September 2022, 19:48 GMT
@Mexx77: Awesome! If you can, please sign off the package in testing!
Comment by Max Berndt (Mexx77) - Friday, 02 September 2022, 21:05 GMT
done. it works! :)

$ gpg-agent --help
gpg-agent (GnuPG) 2.2.39
$ ssh -T git@github.com
(pinentry prompt)
You've successfully authenticated, but GitHub does not provide shell access.

Loading...