bug-gnulib
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

gnupload with gpg>=v2.1 fails due to missing TTY


From: Assaf Gordon
Subject: gnupload with gpg>=v2.1 fails due to missing TTY
Date: Tue, 17 Sep 2019 16:57:38 -0600
User-agent: Mutt/1.11.4 (2019-03-13)

Hello,

While uploading a new archive to ftp.gnu.org, I noticed that gnupload
does not play nice with newer version of gpg.

On Debian 10 with /usr/bin/gpg being "gpg (GnuPG) 2.2.12",
the signage step fails with:

   $ ./build-aux/gnupload --to ftp.gnu.org:datamash datamash-1.5.tar.gz
   Enter GPG passphrase:
   Signing datamash-1.5.tar.gz ...
   gpg: signing failed: Inappropriate ioctl for device

The reason is that gnupload effectively uses the following command:

   echo "$passphrase" \
       | gpg --batch --no-tty --passphrase-fd 0 -ba -o $FILE.sig $FILE

But for GPG>=v2.1 the manual page says:

   --passphrase-fd n
       [....] Since Version 2.1 the --pinentry-mode also needs
       to be set to loopback.

And so,
gnupload runs 'gpg' in a way that ignores the passphrase on STDIN,
and it tries to use gpg-agent to ask for the password on the TTY.
Being run from inside gnupload, it doesn't find the tty and fails.

---

Possibe work-arounds:

1.
Run:
   export GPG_TTY=$(tty)
Before running 'gnupload'. This will help gpg find the TTY.
gnupload will first ask for the passphrase as usual. This first
passphrase will be ignored. GPG will then ask for the passphrase again
using its own interface.

2.
Use symlink to for gpg to be gpg1, as described here:
https://lists.gnu.org/archive/html/bug-gnulib/2017-11/msg00007.html

3.
Modify 'gnupload' and add '-pinentry-mode=loopback' based on detected
gpg version (there is already some version detecting code there).
Untested patch:
---------
diff --git a/build-aux/gnupload b/build-aux/gnupload
index d24a924d3..92cc4cbb7 100755
--- a/build-aux/gnupload
+++ b/build-aux/gnupload
@@ -43,6 +43,11 @@ case "$gpg_agent_version" in
           echo "WARNING: Using 'gpg', which is too old. You should install 
'gpg2'." 1>&2
         fi
         ;;
+       2.*)
+        # gpg versions 2.1 and later require "--pinentry-mode=loopback"
+        # for "--batch --passphrase-fd" to work
+        GPG="gpg --pinentry-mode=loopback"
+        ;;
     esac
     ;;
 esac
---------


Hope this helps,
 - assaf



reply via email to

[Prev in Thread] Current Thread [Next in Thread]