GNU bug report logs -
#54014
guix home pinentry weirdness
Previous Next
To reply to this bug, email your comments to 54014 AT debbugs.gnu.org.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org:
bug#54014; Package
guix.
(Tue, 15 Feb 2022 18:55:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Zacchaeus Scheffer <zaccysc <at> gmail.com>:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org.
(Tue, 15 Feb 2022 18:55:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi Guix,
There seems to be some problem installing password-store + pinentry
entirely via guix home. When I have both installed as such, I get the
following outputs:
$ pinentry
OK Pleased to meet you
<C-c>
$ gpg --import ...
[prompts normally with pinentry, allows me to import]
$ pass
[my password entries]
$ pass [entry name]
gpg: decryption failed: No secret key
$ guix package -i pinentry
$ pass [entry name]
[prompts with pinentry and works normally]
So pinentry and pass seem to both be available, but don't work together
unless I install pinentry via guix package.
My guix install is about two months behind, so sorry if this has already
been patched.
-Zacchaeus
[Message part 2 (text/html, inline)]
Information forwarded
to
bug-guix <at> gnu.org:
bug#54014; Package
guix.
(Tue, 15 Feb 2022 20:17:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 54014 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
I thought it might be important to confirm package versions. Here is some
sample commands and their output:
before guix package -i pinentry (pass not giving pinentry prompt)
$ ls -l $(which -a pinentry)
lrwxrwxrwx 1 root root 71 Dec 31 1969
/home/zacchae/.guix-home/profile/bin/pinentry ->
/gnu/store/3hl7w63q0axngysrslkdw2a6jmgnm8kf-pinentry-1.2.0/bin/pinentry
after guix package -i pinentry (pass works normally)
$ ls -l $(which -a pinentry)
lrwxrwxrwx 1 root root 71 Dec 31 1969
/home/zacchae/.guix-home/profile/bin/pinentry ->
/gnu/store/3hl7w63q0axngysrslkdw2a6jmgnm8kf-pinentry-1.2.0/bin/pinentry
lrwxrwxrwx 1 root root 71 Dec 31 1969
/home/zacchae/.guix-profile/bin/pinentry ->
/gnu/store/3hl7w63q0axngysrslkdw2a6jmgnm8kf-pinentry-1.2.0/bin/pinentry
So it's not as simple as a version mismatch.
-Zacchaeus
[Message part 2 (text/html, inline)]
Information forwarded
to
bug-guix <at> gnu.org:
bug#54014; Package
guix.
(Wed, 16 Feb 2022 07:56:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 54014 <at> debbugs.gnu.org (full text, mbox):
Hi Zacchaeus,
Am Dienstag, dem 15.02.2022 um 15:16 -0500 schrieb Zacchaeus Scheffer:
> I thought it might be important to confirm package versions. Here is
> some sample commands and their output:
>
> before guix package -i pinentry (pass not giving pinentry prompt)
>
> $ ls -l $(which -a pinentry)
> lrwxrwxrwx 1 root root 71 Dec 31 1969 /home/zacchae/.guix-
> home/profile/bin/pinentry ->
> /gnu/store/3hl7w63q0axngysrslkdw2a6jmgnm8kf-pinentry-
> 1.2.0/bin/pinentry
>
> after guix package -i pinentry (pass works normally)
>
> $ ls -l $(which -a pinentry)
> lrwxrwxrwx 1 root root 71 Dec 31 1969 /home/zacchae/.guix-
> home/profile/bin/pinentry ->
> /gnu/store/3hl7w63q0axngysrslkdw2a6jmgnm8kf-pinentry-
> 1.2.0/bin/pinentry
> lrwxrwxrwx 1 root root 71 Dec 31 1969 /home/zacchae/.guix-
> profile/bin/pinentry -> /gnu/store/3hl7w63q0axngysrslkdw2a6jmgnm8kf-
> pinentry-1.2.0/bin/pinentry
Did you duplicate the output here?
In any case, the issue you're describing would make sense if pass was
calling pinentry as simply "pinentry" rather than by store path. AFAIK
gpg has a configuration key telling it which pinentry to spawn -- I
personally set that to /run/current-system/profile/bin/pinentry-gnome3
on most of my machines. Does pass adhere to that setting or does it
try to call pinentry on its own?
Cheers
Information forwarded
to
bug-guix <at> gnu.org:
bug#54014; Package
guix.
(Mon, 04 Jul 2022 05:52:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 54014 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On 2022-02-15 13:46, Zacchaeus Scheffer wrote:
> Hi Guix,
>
> There seems to be some problem installing password-store + pinentry
> entirely via guix home. When I have both installed as such, I get the
> following outputs:
>
> $ pinentry
> OK Pleased to meet you
> <C-c>
> $ gpg --import ...
> [prompts normally with pinentry, allows me to import]
> $ pass
> [my password entries]
> $ pass [entry name]
> gpg: decryption failed: No secret key
> $ guix package -i pinentry
> $ pass [entry name]
> [prompts with pinentry and works normally]
>
> So pinentry and pass seem to both be available, but don't work together
> unless I install pinentry via guix package.
>
> My guix install is about two months behind, so sorry if this has already
> been patched.
>
> -Zacchaeus
I suspect that the problem is that someone at some moment of time
doesn't have ~/.guix-home/profile/bin in its $PATH and thus it can't
find a pinentry. Can you show `which gpg`, `which pass`, `which
pinentry`?
The gnupg home service from rde project goes a slightly other way and
just sets pinentry-program to absolute path in the store. Such approach
works with pass well, you can take a look at it for inspiration:
https://git.sr.ht/~abcdw/rde/tree/master/item/gnu/home-services/gnupg.scm#L127
--
Best regards,
Andrew Tropin
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
bug-guix <at> gnu.org:
bug#54014; Package
guix.
(Sun, 17 Jul 2022 04:45:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 54014 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Mon, Jul 4, 2022 at 1:50 AM Andrew Tropin <andrew <at> trop.in> wrote:
> On 2022-02-15 13:46, Zacchaeus Scheffer wrote:
> > There seems to be some problem installing password-store + pinentry
> > entirely via guix home. When I have both installed as such, I get the
> > following outputs:
> >
> > $ pinentry
> > OK Pleased to meet you
> > <C-c>
> > $ gpg --import ...
> > [prompts normally with pinentry, allows me to import]
> > $ pass
> > [my password entries]
> > $ pass [entry name]
> > gpg: decryption failed: No secret key
> > $ guix package -i pinentry
> > $ pass [entry name]
> > [prompts with pinentry and works normally]
> >
> > So pinentry and pass seem to both be available, but don't work together
> > unless I install pinentry via guix package.
>
> I suspect that the problem is that someone at some moment of time
> doesn't have ~/.guix-home/profile/bin in its $PATH and thus it can't
> find a pinentry. Can you show `which gpg`, `which pass`, `which
> pinentry`?
>
Before running "guix package -i pinentry"
$ which -a pinentry
/home/zacchae/.guix-home/profile/bin/pinentry
$ which -a gpg
/home/zacchae/.guix-home/profile/bin/gpg
$ which -a pass
/home/zacchae/.guix-home/profile/bin/pass
After runing "guix package -i pinentry"
$ which -a pinentry
/home/zacchae/.guix-home/profile/bin/pinentry
/home/zacchae/.guix-profile/bin/pinentry
$ which -a gpg
/home/zacchae/.guix-home/profile/bin/gpg
$ which -a pass
/home/zacchae/.guix-home/profile/bin/pass
I can easily reproduce the behavior by removing or installing pinentry with
guix package. Paths behave as expected.
The gnupg home service from rde project goes a slightly other way and
> just sets pinentry-program to absolute path in the store. Such approach
> works with pass well, you can take a look at it for inspiration:
>
> https://git.sr.ht/~abcdw/rde/tree/master/item/gnu/home-services/gnupg.scm#L127
>
I don't totally follow what's going on here, but maybe it will make more
sense later.
[Message part 2 (text/html, inline)]
Information forwarded
to
bug-guix <at> gnu.org:
bug#54014; Package
guix.
(Mon, 18 Jul 2022 07:04:01 GMT)
Full text and
rfc822 format available.
Message #20 received at 54014 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On 2022-07-17 00:44, Zacchaeus Scheffer wrote:
> On Mon, Jul 4, 2022 at 1:50 AM Andrew Tropin <andrew <at> trop.in> wrote:
>
>> On 2022-02-15 13:46, Zacchaeus Scheffer wrote:
>> > There seems to be some problem installing password-store + pinentry
>> > entirely via guix home. When I have both installed as such, I get the
>> > following outputs:
>> >
>> > $ pinentry
>> > OK Pleased to meet you
>> > <C-c>
>> > $ gpg --import ...
>> > [prompts normally with pinentry, allows me to import]
>> > $ pass
>> > [my password entries]
>> > $ pass [entry name]
>> > gpg: decryption failed: No secret key
>> > $ guix package -i pinentry
>> > $ pass [entry name]
>> > [prompts with pinentry and works normally]
>> >
>> > So pinentry and pass seem to both be available, but don't work together
>> > unless I install pinentry via guix package.
>>
>> I suspect that the problem is that someone at some moment of time
>> doesn't have ~/.guix-home/profile/bin in its $PATH and thus it can't
>> find a pinentry. Can you show `which gpg`, `which pass`, `which
>> pinentry`?
>>
> Before running "guix package -i pinentry"
> $ which -a pinentry
> /home/zacchae/.guix-home/profile/bin/pinentry
> $ which -a gpg
> /home/zacchae/.guix-home/profile/bin/gpg
> $ which -a pass
> /home/zacchae/.guix-home/profile/bin/pass
> After runing "guix package -i pinentry"
> $ which -a pinentry
> /home/zacchae/.guix-home/profile/bin/pinentry
> /home/zacchae/.guix-profile/bin/pinentry
> $ which -a gpg
> /home/zacchae/.guix-home/profile/bin/gpg
> $ which -a pass
> /home/zacchae/.guix-home/profile/bin/pass
>
> I can easily reproduce the behavior by removing or installing pinentry with
> guix package. Paths behave as expected.
Probably there are some hardcoded PATHs for .guix-profile, but not for
.guix-home/profile. One of such examples, which can be unrelated to the
current issue:
https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/system.scm?h=7046e777212233b89df68379c270b448c45195ce#n1012
It will require investigation to find all the places, where and at what
time PATH (and maybe some other env vars) is/are set for all the
participants of the party to trace the root of the problem and properly
solve it =) Anyway, there is a workaround, which should help:
>
> The gnupg home service from rde project goes a slightly other way and
>> just sets pinentry-program to absolute path in the store. Such approach
>> works with pass well, you can take a look at it for inspiration:
>>
>> https://git.sr.ht/~abcdw/rde/tree/master/item/gnu/home-services/gnupg.scm#L127
>>
> I don't totally follow what's going on here, but maybe it will make more
> sense later.
Basically it adds the following content to gpg-agent.conf:
--8<---------------cut here---------------start------------->8---
enable-ssh-support
pinentry-program /gnu/store/r5j2gmfv8akp8p746l6jqy5qwpz0zkhm-pinentry-qt-1.2.0/bin/pinentry-qt
--8<---------------cut here---------------end--------------->8---
You can try to set pinentry-program to
/home/zacchae/.guix-home/profile/bin/pinentry
Or better directly use gnupg home service.
--
Best regards,
Andrew Tropin
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 1 year and 275 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.