--use-agent broken in 0.7.12

Bug #1680682 reported by Dave Allan on 2017-04-07
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Duplicity
Medium
Unassigned

Bug Description

I've been using gpg2 with --use-agent successfully for a long time, but after updating to 0.7.12 my backups started failing with the error:

GPGError: GPG Failed, see log below:
===== Begin GnuPG log =====
gpg: Sorry, we are in batchmode - can't get input
===== End GnuPG log =====

It seems like the attempt to create truly non-interactive behavior (gpg.py at line 140) is causing it to ignore --use-agent.

This seems to be fixed in the most recent code in bzr.

1) There have been no changes to the repo since 0.7.12 and today. When you started using the PPA or the repo, did you uninstall/purge the version supplied by the distro? It's possible you're picking up an older version.

2) gpg2 changed the use of --gpg-agent. It's always used according to the manual:

       --use-agent

       --no-use-agent
              This is dummy option. gpg2 always requires the agent.

       --gpg-agent-info
              This is dummy option. It has no effect when used with gpg2.

3) What version of gpg2 are you using?

Changed in duplicity:
assignee: nobody → Kenneth Loafman (kenneth-loafman)
importance: Undecided → Medium
milestone: none → 0.7.13
status: New → In Progress
Dave Allan (dpallan) wrote :

re: 1) no changes to repo, ok, I see what I did, I built bzr revision 1190; ignore my comment about its being fixed in bzr. All comments below refer to 0.7.12 built from https://launchpad.net/duplicity/0.7-series/0.7.12/+download/duplicity-0.7.12.tar.gz

To confirm: I did uninstall the distro version. I've also removed the version I built from bzr.

re: 2) right, I was aware gpg2 always uses the agent. The comment at gpg.py line 141:

# This forces gpg2 to ignore the agent.

suggests that the intent was to make gpg2 ignore the agent. However, in my case, I want gpg2 to use the agent as I always have.

re: 3) $ gpg2 --version
gpg (GnuPG) 2.1.13
libgcrypt 1.6.6

In investigating today, I found that this is 100% reproducible as I first thought, but it requres a little more setup than I thought. I only see the error if gpg-agent has not cached my passphrase: if a backup succeeds because I use an older version or a patched 0.7.12, then unpatched 0.7.12 also succeeds until gpg-agent no longer has my passphrase. To reproduce it, the gpg-agent can be forced to forget the passphrase with:

echo RELOADAGENT | gpg-connect-agent

I've attached a patch that makes things work as I expect on my system. Let me know what you think.

OK, good start, but it looks like it's a bit more complex. I'm seeing a
matrix of choices,

Top - gpg 1.x, gpg 2.0x, gpg 2.1x
Side - use-agent, env-password, stdin-isatty

Unless I'm mistaken, that's 9 possible environments, with some not being
valid like use-agent and env-password together.

Can you think of more options along the side?

On Fri, Apr 7, 2017 at 6:29 PM, Dave Allan <email address hidden>
wrote:

> re: 1) no changes to repo, ok, I see what I did, I built bzr revision
> 1190; ignore my comment about its being fixed in bzr. All comments
> below refer to 0.7.12 built from
> https://launchpad.net/duplicity/0.7-series/0.7.12/+
> download/duplicity-0.7.12.tar.gz
>
> To confirm: I did uninstall the distro version. I've also removed the
> version I built from bzr.
>
> re: 2) right, I was aware gpg2 always uses the agent. The comment at
> gpg.py line 141:
>
> # This forces gpg2 to ignore the agent.
>
> suggests that the intent was to make gpg2 ignore the agent. However, in
> my case, I want gpg2 to use the agent as I always have.
>
> re: 3) $ gpg2 --version
> gpg (GnuPG) 2.1.13
> libgcrypt 1.6.6
>
> In investigating today, I found that this is 100% reproducible as I
> first thought, but it requres a little more setup than I thought. I
> only see the error if gpg-agent has not cached my passphrase: if a
> backup succeeds because I use an older version or a patched 0.7.12, then
> unpatched 0.7.12 also succeeds until gpg-agent no longer has my
> passphrase. To reproduce it, the gpg-agent can be forced to forget the
> passphrase with:
>
> echo RELOADAGENT | gpg-connect-agent
>
> I've attached a patch that makes things work as I expect on my system.
> Let me know what you think.
>
> ** Patch added: "RFC patch"
> https://bugs.launchpad.net/duplicity/+bug/1680682/+
> attachment/4857813/+files/gpg-use-agent.patch
>
> --
> You received this bug notification because you are a bug assignee.
> https://bugs.launchpad.net/bugs/1680682
>
> Title:
> --use-agent broken in 0.7.12
>
> Status in Duplicity:
> In Progress
>
> Bug description:
> I've been using gpg2 with --use-agent successfully for a long time,
> but after updating to 0.7.12 my backups started failing with the
> error:
>
> GPGError: GPG Failed, see log below:
> ===== Begin GnuPG log =====
> gpg: Sorry, we are in batchmode - can't get input
> ===== End GnuPG log =====
>
> It seems like the attempt to create truly non-interactive behavior
> (gpg.py at line 140) is causing it to ignore --use-agent.
>
> This seems to be fixed in the most recent code in bzr.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/duplicity/+bug/1680682/+subscriptions
>

Dave Allan (dpallan) wrote :

Sorry to be slow responding--I'm out of the office next week and trying to wrap some stuff up before I go. You're right that the matrix contains a fair number of possible environments, but I'm not sure it's necessary to consider them all here. Since the change to 0.7.12 is 2.1 specific, I'm hoping a patch will be as well. I can work up additional patches when I get back if you can expand a bit on what you'd like to see.

You are correct, a big chunk of those are invalid, but duplicity should
warn you if they are.

I'll take care of getting your patch into the code, and figuring out what
else is needed.

On Wed, Apr 12, 2017 at 10:07 PM, Dave Allan <email address hidden>
wrote:

> Sorry to be slow responding--I'm out of the office next week and trying
> to wrap some stuff up before I go. You're right that the matrix
> contains a fair number of possible environments, but I'm not sure it's
> necessary to consider them all here. Since the change to 0.7.12 is 2.1
> specific, I'm hoping a patch will be as well. I can work up additional
> patches when I get back if you can expand a bit on what you'd like to
> see.
>
> --
> You received this bug notification because you are a bug assignee.
> https://bugs.launchpad.net/bugs/1680682
>
> Title:
> --use-agent broken in 0.7.12
>
> Status in Duplicity:
> In Progress
>
> Bug description:
> I've been using gpg2 with --use-agent successfully for a long time,
> but after updating to 0.7.12 my backups started failing with the
> error:
>
> GPGError: GPG Failed, see log below:
> ===== Begin GnuPG log =====
> gpg: Sorry, we are in batchmode - can't get input
> ===== End GnuPG log =====
>
> It seems like the attempt to create truly non-interactive behavior
> (gpg.py at line 140) is causing it to ignore --use-agent.
>
> This seems to be fixed in the most recent code in bzr.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/duplicity/+bug/1680682/+subscriptions
>

I used your patch, but made some cosmetic changes only.

Changed in duplicity:
status: In Progress → Fix Committed
assignee: Kenneth Loafman (kenneth-loafman) → nobody
Dave Allan (dpallan) wrote :

Your commit is a little broader in scope than my patch, but I have tested it and it works correctly on my system. Thanks for doing that.

Dave Allan (dpallan) wrote :

Looks like the version check seems to break GPG v1, so we're not done with this yet. I'm looking into a fix.

Dave Allan (dpallan) wrote :

The version check for v1 seems to be missing a comma. I don't use GPG v1 generally, so we need to get feedback from others who do, but the attached patch should fix the version check.

Patch committed.

On Fri, Apr 28, 2017 at 10:36 AM, Dave Allan <email address hidden>
wrote:

> The version check for v1 seems to be missing a comma. I don't use GPG
> v1 generally, so we need to get feedback from others who do, but the
> attached patch should fix the version check.
>
> ** Patch added: "version_check.patch"
> https://bugs.launchpad.net/duplicity/+bug/1680682/+
> attachment/4869223/+files/version_check.patch
>
> --
> You received this bug notification because you are subscribed to
> Duplicity.
> https://bugs.launchpad.net/bugs/1680682
>
> Title:
> --use-agent broken in 0.7.12
>
> Status in Duplicity:
> Fix Committed
>
> Bug description:
> I've been using gpg2 with --use-agent successfully for a long time,
> but after updating to 0.7.12 my backups started failing with the
> error:
>
> GPGError: GPG Failed, see log below:
> ===== Begin GnuPG log =====
> gpg: Sorry, we are in batchmode - can't get input
> ===== End GnuPG log =====
>
> It seems like the attempt to create truly non-interactive behavior
> (gpg.py at line 140) is causing it to ignore --use-agent.
>
> This seems to be fixed in the most recent code in bzr.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/duplicity/+bug/1680682/+subscriptions
>

Dave Allan (dpallan) wrote :

Thanks!

Changed in duplicity:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers