[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#25328: gpg: "Operation cancelled" with pinentry 1.0.0 on GNOME

From: Chris Marusich
Subject: bug#25328: gpg: "Operation cancelled" with pinentry 1.0.0 on GNOME
Date: Sun, 01 Jan 2017 17:50:30 -0800
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)


Since upgrading pinentry from 0.9.7 to 1.0.0, I've noticed some strange
behavior.  In GNOME only, when gpg tries to access my secret key, the
attempt fails without prompting me for my passphrase.  For example, it
fails like this:

--8<---------------cut here---------------start------------->8---
[0] address@hidden:~
$ echo hello > /tmp/message
[0] address@hidden:~
$ gpg --sign /tmp/message 
gpg: signing failed: Operation cancelled
gpg: signing failed: Operation cancelled
[2] address@hidden:~
--8<---------------cut here---------------end--------------->8---

No prompt appears, GUI or otherwise.  However, if I repeat the "gpg
--sign" command many times, eventually a GUI does appear which asks me
for a password.  In that case, everything works just fine.  But about
90-95% of the time, the attempt just fails like above, without showing
me any prompt.

This problem is not limited to my manual command-line invocation.  The
same kind of issue also occurs when emacs (the graphical version,
running in GNOME) tries to automatically decrypt encrypted files (e.g.,
when gnus needs to read my ~/.authinfo.gpg file to connect to an email
server).  Normally, when emacs needs to decrypt a file like this, a new
window pops up to ask me for my passphrase, but because of this issue,
the decryption fails, without showing me a prompt, for a similar reason:

--8<---------------cut here---------------start------------->8---
Error while decrypting with "gpg":

gpg: encrypted with 4096-bit RSA key, ID 0FE3DE4943560F06, created 2016-02-19
      "Chris Marusich <address@hidden>"
gpg: public key decryption failed: Operation cancelled
gpg: decryption failed: No secret key
--8<---------------cut here---------------end--------------->8---

I suspect these are symptoms of the same issue.

My ~/.gnupg/gpg-agent.conf contains the following single line:

 pinentry-program /home/marusich/.guix-profile/bin/pinentry

This issue does NOT occur in Xfce.  This issue does NOT occur when I run
the "gpg --sign" command in a virtual terminal (e.g., by pressing
Control+Alt+F2 to switch to a virtual terminal).  In GNOME, this issue
DOES occur regardless of which "pinentry" program I specify in my
~/.gnupg/gpg-agent.conf file (the same issue occurs with pinentry,
pinentry-curses, pinentry-gtk-2, and pinentry-tty).

I've run both "guix pull" and "sudo guix pull" successfully in the last
few days, and I've successfully reconfigured my system since then, so
I'm using the most recent Guix software.  I'm using GuixSD.

Since I've added and modified many things to my home directory, I tried
creating a test user with a fresh home directory to rule out my local
customizations as a cause.  I was able to reproduce the issue using a
fresh test user in GNOME after installing gnupg and pinentry via "guix
package -i gnupg pinentry".  The only changes I made to the test user's
home directory were (1) I added the "export" statements to its ~/.bashrc
file which were suggested by Guix after installing those two packages,
and (2) I added a ~/.gnupg/gpg-agent.conf which uses the pinentry that
got installed into the test user's profile.  So, I expect that other
users of GuixSD can probably reproduce this issue.


Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]