* gnupload with gpg>=v2.1 fails due to missing TTY
@ 2019-09-17 22:57 Assaf Gordon
2019-09-17 23:14 ` Bruno Haible
0 siblings, 1 reply; 3+ messages in thread
From: Assaf Gordon @ 2019-09-17 22:57 UTC (permalink / raw)
To: bug-gnulib
Hello,
While uploading a new archive to ftp.gnu.org, I noticed that gnupload
does not play nice with newer version of gpg.
On Debian 10 with /usr/bin/gpg being "gpg (GnuPG) 2.2.12",
the signage step fails with:
$ ./build-aux/gnupload --to ftp.gnu.org:datamash datamash-1.5.tar.gz
Enter GPG passphrase:
Signing datamash-1.5.tar.gz ...
gpg: signing failed: Inappropriate ioctl for device
The reason is that gnupload effectively uses the following command:
echo "$passphrase" \
| gpg --batch --no-tty --passphrase-fd 0 -ba -o $FILE.sig $FILE
But for GPG>=v2.1 the manual page says:
--passphrase-fd n
[....] Since Version 2.1 the --pinentry-mode also needs
to be set to loopback.
And so,
gnupload runs 'gpg' in a way that ignores the passphrase on STDIN,
and it tries to use gpg-agent to ask for the password on the TTY.
Being run from inside gnupload, it doesn't find the tty and fails.
---
Possibe work-arounds:
1.
Run:
export GPG_TTY=$(tty)
Before running 'gnupload'. This will help gpg find the TTY.
gnupload will first ask for the passphrase as usual. This first
passphrase will be ignored. GPG will then ask for the passphrase again
using its own interface.
2.
Use symlink to for gpg to be gpg1, as described here:
https://lists.gnu.org/archive/html/bug-gnulib/2017-11/msg00007.html
3.
Modify 'gnupload' and add '-pinentry-mode=loopback' based on detected
gpg version (there is already some version detecting code there).
Untested patch:
---------
diff --git a/build-aux/gnupload b/build-aux/gnupload
index d24a924d3..92cc4cbb7 100755
--- a/build-aux/gnupload
+++ b/build-aux/gnupload
@@ -43,6 +43,11 @@ case "$gpg_agent_version" in
echo "WARNING: Using 'gpg', which is too old. You should install 'gpg2'." 1>&2
fi
;;
+ 2.*)
+ # gpg versions 2.1 and later require "--pinentry-mode=loopback"
+ # for "--batch --passphrase-fd" to work
+ GPG="gpg --pinentry-mode=loopback"
+ ;;
esac
;;
esac
---------
Hope this helps,
- assaf
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: gnupload with gpg>=v2.1 fails due to missing TTY
2019-09-17 22:57 gnupload with gpg>=v2.1 fails due to missing TTY Assaf Gordon
@ 2019-09-17 23:14 ` Bruno Haible
2019-09-18 3:58 ` Jim Meyering
0 siblings, 1 reply; 3+ messages in thread
From: Bruno Haible @ 2019-09-17 23:14 UTC (permalink / raw)
To: bug-gnulib; +Cc: Assaf Gordon
Hi Assaf,
> Possibe work-arounds:
I would vote for 3, because it makes gnupload work out-of-the-box, and
I don't see limitations regarding the set of environments in which it
works.
Can you test your proposed patch?
Bruno
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: gnupload with gpg>=v2.1 fails due to missing TTY
2019-09-17 23:14 ` Bruno Haible
@ 2019-09-18 3:58 ` Jim Meyering
0 siblings, 0 replies; 3+ messages in thread
From: Jim Meyering @ 2019-09-18 3:58 UTC (permalink / raw)
To: Bruno Haible; +Cc: Assaf Gordon, bug-gnulib@gnu.org List
On Tue, Sep 17, 2019 at 4:14 PM Bruno Haible <bruno@clisp.org> wrote:
> Hi Assaf,
>
> > Possibe work-arounds:
>
> I would vote for 3, because it makes gnupload work out-of-the-box, and
> I don't see limitations regarding the set of environments in which it
> works.
Nice! Thanks for reporting that and working on the fix.
I too prefer #3.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-09-18 3:59 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-17 22:57 gnupload with gpg>=v2.1 fails due to missing TTY Assaf Gordon
2019-09-17 23:14 ` Bruno Haible
2019-09-18 3:58 ` Jim Meyering
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).