Agent not working when specifying a non-standard home directory
I am having a problem with the GPG Agent not working when
specifying a non-standard directory for gpg on command line.
Configuration files were copied over from ~/.gnupg
.
The program works properly without specifying a home directory. I
am using a non-standard path to store my master secret key
separately from the keychain that's going to be used daily.
Steps to reproduce:
- Run the following command:
gpg --homedir="$(pwd)" --lock-never --no-permission-warning --expert --gen-key
- Input all the required parameters
- Attempt to generate a new key
Actual result:
An error occurs when the program tries to access the GPG Agent
to securely request a password.
gpg: can't connect to the agent: IPC connect call failed
gpg: problem with the agent: No agent running
Expected result:
GPG Agent starts up, asks for a password, key generation completes successfully.
Attachments:
Снимок
экрана 2013-11-01 в
18.19.48.png
: error screenshot
gpg.conf
: GnuPG configuration
gpg-agent.conf
: GPG Agent configuration
Environment:
Mac OS X 10.9 build 13A603
GPG Tools: stable build from October, 22nd
GnuPG: 2.0.22
libgcrypt: 1.5.3
-
Снимок_экрана_2013-11-01_в_18.19.48.png 144 KB
- gpg-agent.conf 130 Bytes
- gpg.conf 528 Bytes
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
1 Posted by Basic XP on 02 Nov, 2013 11:00 AM
This is what's output when GPG is run in verbose mode:
Yet, if I run
gpg-agent
, it tells me that the agent is actually running:2 Posted by Basic XP on 03 Nov, 2013 08:24 AM
Same problem has been reported by someone on the gnupg-users maillist, but, sadly, there was no solution.
http://lists.gnupg.org/pipermail/gnupg-users/2012-April/044138.html
3 Posted by Mento on 07 Nov, 2013 03:38 PM
Try to start the gpg-agent using the following command:
4 Posted by Basic XP on 07 Nov, 2013 06:05 PM
I thought the agent should start up automatically. Anyway, this made the situation better, but did not completely solve it. The location of the external keychain is on an exFAT TrueCrypt volume. This lead to two problems, only one of which I was able to solve:
It can't create a socket file on such a file system. Got over this by telling GnuPG to use the /tmp folder instead, saving environment info in a file and then sourcing it in a script. Here's the script I'm using (I know, it's terribly inefficient, just a temporary solution, a better option is always welcome :D ):
Even though the folder is writable and GnuPG automatically creates the pubring.gpg, secring.gpg and others, it can't write the key after it has been generated:
No idea why this is happening, verbose mode doesn't provide any further information.Support Staff 5 Posted by Luke Le on 07 Nov, 2013 06:23 PM
Hi Roman,
ah, we've seen such a TrueCrypt setup before.
With patched --no-use-standard-socket so it uses a socked in a fixed position in /tmp, so the whole --write-env thingy shouldn't be necessary.
I think --lock-never should also not be necessary.
Could you remove those options and re-try it without the wrapper script.
Could you try creating a key and adding the option --status-fd 1
This might reveal some more information on what's going wrong.
6 Posted by Basic XP on 07 Nov, 2013 06:50 PM
Okay, so this is what I got now (started from scratch, removed all *.gpg files):
Seems that --lock-never is optional, it still proceeds without it, I just get lots of warnings in the beginning.Support Staff 7 Posted by Luke Le on 19 Nov, 2013 06:15 PM
Hi Roman,
the problem here is that the usb/external drive you're using is probably not HFS+ formatted. In that case the link command doesn't work, which is used by gpg when locking a file.
Unfortunately there is little we can do about this at the time, but we'll look into it.
I've created a ticket for this problem where you can track progress:
http://gpgtools.lighthouseapp.com/projects/66001/tickets/126
8 Posted by Basic XP on 20 Nov, 2013 04:55 PM
It is, as I mentioned above, indeed not HFS+ formatted, it's exFAT. But why is it trying to lock the file even when I explicitly tell it not to?
Support Staff 9 Posted by Steve on 29 Dec, 2013 10:21 PM
Roman, we'll look into this. Sorry we don't have any results yet.
I'm closing this discussion. It will be re-opened as soon as anything related to the ticket Luke mentioned.
steve
Steve closed this discussion on 29 Dec, 2013 10:21 PM.