Kubuntu PPA

KMail + GPG-Agent with pinentry-kwallet vanishes in background

Bug #1283014 reported by Johannes Knauf
22
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Kubuntu PPA
Expired
Undecided
Unassigned
kwalletcli (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

GPG signing a message in KMail under Kubuntu 13.10 with pinentry-qt4 + GPG-Agent works perfectly fine.

When using pinentry-kwallet, pinentry goes into background and never finishes. The mail does not get encrypted nor sent. The same happens when receiving an encrypted E-Mail - causing kmail to totally freeze.

Steps to reproduce:
1. Configure gpg-agent to use pinentry-kwallet
 In ~/.gnupg/gpg-agent.conf set: pinentry-program /usr/bin/pinentry-kwallet
2. Configure kmail to use GPG with gpg-agent
3. Send a signed E-Mail / open an encrypted E-Mail.

Revision history for this message
Johannes Knauf (johannes-knauf) wrote :

The effect is even easier to reproduce without kmail:

echo "test" | gpg -ase | gpg

GPG is version 2.0.20

Revision history for this message
theghost (theghost) wrote :

Confirmed, also have this issue since 13.10. It's also in 14.04

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in kwalletcli (Ubuntu):
status: New → Confirmed
Revision history for this message
Hizoka (hizo) wrote :

I confirme, since 13.10...

Revision history for this message
Thorsten Glaser (mirabilos) wrote :

Can you sudoedit /usr/bin/pinentry-kwallet and change the line “iodebug=0” to “iodebug=1”, then retry, then take the file ~/pinentry-kwallet.debug, check that it does not include any actual password of yours (but do not modify it otherwise, just change any password to the equivalent number of ‘X’es) and send them to me?

That would help debugging it.

Also, does the following sequence of commands work?

$ pinentry -e foo -f bar -p baz
$ echo "<$(pinentry -e foo -f bar)>"

This should output “<baz>”. If it doesn’t, your KDE Wallet is not set up correctly.

In KDE 4, the default settings of kwallet are worse than in KDE 3. There is an option that says something like “close the wallet after the last application using it quits”. Disable that. To configure the KDE Wallet, click the KDE Wallet icon in the systray (if you have it; Unity and GNOME 3 both hide that), or run “kwalletmanager --show”, possibly after “pkill kwalletmanager”.

Revision history for this message
Thomas Neumann (tneumann) wrote :

I have attached a pinentry-kwallet.debug trace. Apparently pinentry is started, but nothing happens (until I get a timeout from the host program). I also saw the invocation in pstree:

gpg-agent───mksh───pinentry

but nothing happens on screen.

Running your commands manually failed, apparently due to syntax problems:

$ LANG=C pinentry -e foo -f bar -p baz
pinentry-qt4: oops: option not handled
pinentry: invalid option -- 'f'
pinentry: invalid option -- 'p'
OK Your orders please
^C
$ LANG=C pinentry-kwallet -e foo -f bar -p baz
warning: unknown argument 'foo'
warning: unknown argument '-f'
warning: unknown argument 'bar'
warning: unknown argument '-p'
warning: unknown argument 'baz'
pinentry-qt4: oops: option not handled
pinentry: invalid option -- 'f'
pinentry: invalid option -- 'p'
OK ready to listen to your demands
^C

Revision history for this message
Johannes Knauf (johannes-knauf) wrote :

You certainly meant

 kwalletcli -e foo -f bar -p baz
echo "<$(kwalletcli -e foo -f bar)>"

This is working perfectly fine.

Revision history for this message
Johannes Knauf (johannes-knauf) wrote :

$ cat ~/.gnupg/gpg-agent.conf

pinentry-program /usr/bin/pinentry-kwallet
no-grab
default-cache-ttl 1800

# sudo edit /usr/bin/pinentry-kwallet, set iodebug=1

# test
$ echo "test" | gpg -ase -r 0x0A1B2C3D | gpg

# 3 times the same bug report window opens
# on the 4th time pinentry-qt is started as fallback

$ cat ~/pinentry-kwallet.debug

9729 === new Mon Aug 25 14:04:31 CEST 2014
9729 LOG argv[1]='--display'
9729 LOG argv[2]=':0'
9729 LOG starting coproc 0: PINENTRY_KWALLET=set 'pinentry' args
9729 <s OK Your orders please
9729 LOG have_sub=1
9729 >p OK ready to listen to your demands
9729 <p OPTION no-grab
9729 >s OPTION no-grab
9729 <s OK
9729 >p OK
9729 <p OPTION ttyname=/dev/tty
9729 >s OPTION ttyname=/dev/tty
9729 <s OK
9729 >p OK
9729 <p OPTION ttytype=xterm
9729 >s OPTION ttytype=xterm
9729 <s OK
9729 >p OK
9729 <p OPTION lc-ctype=en_US.UTF-8
9729 >s OPTION lc-ctype=en_US.UTF-8
9729 <s OK
9729 >p OK
9729 <p OPTION lc-messages=en_US.UTF-8
9729 >s OPTION lc-messages=en_US.UTF-8
9729 <s OK
9729 >p OK
9729 <p OPTION default-ok=_OK
9729 >s OPTION default-ok=_OK
9729 <s OK
9729 >p OK
9729 <p OPTION default-cancel=_Cancel
9729 >s OPTION default-cancel=_Cancel
9729 <s OK
9729 >p OK
9729 <p OPTION default-prompt=PIN:
9729 >s OPTION default-prompt=PIN:
9729 <s OK
9729 >p OK
9729 <p OPTION touch-file=/tmp/gpg-7V8por/S.gpg-agent
9729 >s OPTION touch-file=/tmp/gpg-7V8por/S.gpg-agent
9729 <s OK
9729 >p OK
9729 <p GETINFO pid
9729 >p D 9729
9729 >p OK
9729 <p SETDESC Sie benötigen eine Passphrase, um den geheimen Schlüssel zu entsperren.%0ABenutzer: "Hans Wurst (Bemerkung) <email address hidden>"%0A4096-bit RSA Schlüssel, ID 0A1B2C3DC, erzeugt 2013-01-01%0A
9729 >s SETDESC Sie benötigen eine Passphrase, um den geheimen Schlüssel zu entsperren.%0ABenutzer: "Hans Wurst (Bemerkung) <email address hidden>"%0A4096-bit RSA Schlüssel, ID 0A1B2C3DC, erzeugt 2013-01-01%0A
9729 <s OK
9729 >p OK
9729 <p SETPROMPT Passphrase
9729 >s SETPROMPT Passphrase
9729 <s OK
9729 >p OK
9729 <p GETPIN
9729 LOG read errcnt failed
9729 LOG read pass 255: ''
9729 >s GETPIN
9729 <s ERR 83886179 canceled
9729 >p ERR 83886179 canceled
9729 <p BYE
9729 >p OK
9729 >s BYE
9729 <s OK closing connection

Revision history for this message
Johannes Knauf (johannes-knauf) wrote :

# manual cross-check with pinentry-kwallet with Copy/Paste of commands to STDIN (every 2nd line) works as well

$ pinentry-kwallet
OK ready to listen to your demands
OPTION no-grab
OK
OPTION ttyname=/dev/tty
OK
OPTION ttytype=xterm
OK
OPTION lc-ctype=en_US.UTF-8
OK
OPTION lc-messages=en_US.UTF-8
OK
OPTION default-ok=_OK
OK
OPTION default-cancel=_Cancel
OK
OPTION default-prompt=PIN:
OK
OPTION touch-file=/tmp/gpg-7V8por/S.gpg-agent
OK
GETINFO pid
D 10086
OK
SETDESC Sie benötigen eine Passphrase, um den geheimen Schlüssel zu entsperren.%0ABenutzer: "Hans Wurst (Bemerkung) <email address hidden>"%0A4096-bit RSA Schlüssel, ID 0A1B2C3DC, erzeugt 2013-01-01%0A
OK
SETPROMPT Passphrase
OK
GETPIN
D foobar
OK
BYE
OK

# so the problem seems to be the way gnupg and pinentry-kwallet interplay.

Revision history for this message
Thorsten Glaser (mirabilos) wrote :

Re-reading this: What does “the same bug report window opens” even mean? What “bug report window”?

Changed in kwalletcli (Ubuntu):
status: Confirmed → Incomplete
Revision history for this message
Thomas Neumann (tneumann) wrote :

I do not get any "bug report window" (I don't know what Johannes means), for me the setup simply freezes. ps shows that the gpg-agent starts pinentry, but then nothing happens. No windows is shown, and the application wait for a password that never comes.

Revision history for this message
Johannes Knauf (johannes-knauf) wrote :

I do not know which packages changed in the meantime, but I can not reproduce this bug any more -- neither from command line nor directly from KMail.

I did some tests right now (send and receive encrypted + signed mails with kmail) and it actually works as expected.

Revision history for this message
Thorsten Glaser (mirabilos) wrote :

Closing as the bug seems to have gone; if something similar happens, please open a new bugreport. Thanks!

Changed in kwalletcli (Ubuntu):
status: Incomplete → Invalid
Revision history for this message
Simon Quigley (tsimonq2) wrote :

Thank you for taking the time to report this bug and helping to make Kubuntu better. We are sorry that we do not always have the capacity to look at all reported bugs in a timely manner. There have been many changes in Kubuntu since that time you reported the bug and your problem may have been fixed with some of the updates. It would help us a lot if you could test it on a currently supported Kubuntu version. If you test it and it is still an issue, kindly upload the updated logs by running only once:
apport-collect 1283014

and any other logs that are relevant for this particular issue.

Changed in kubuntu-ppa:
status: New → Incomplete
Changed in kwalletcli (Ubuntu):
status: Invalid → Incomplete
Thorsten Glaser (mirabilos)
Changed in kwalletcli (Ubuntu):
status: Incomplete → Invalid
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for Kubuntu PPA because there has been no activity for 60 days.]

Changed in kubuntu-ppa:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.