Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gpg: error building skey array: No such file or directory #251

Closed
sssoleileraaa opened this issue Feb 21, 2019 · 2 comments
Closed

gpg: error building skey array: No such file or directory #251

sssoleileraaa opened this issue Feb 21, 2019 · 2 comments
Assignees
@sssoleileraaa

Comments

@sssoleileraaa
Copy link
Contributor

sssoleileraaa commented Feb 21, 2019
edited

Description

When you run the development environment and specify sdc-home, and it's a directory that doesn't exist yet, the gpg-agent is unable to import the secret key to use for decrypting submissions and replies.

Note: This isn't an issue when running the dev environment without specifying sdc-home.

Steps to reproduce

  1. Start the client via the run.sh script with the sdc-home option
  2. Close the client, delete <sdc-home>/gpg
  3. Run the client again with the same sdc-home option (set it to the same directory)

You'll see output indicating that the gpg keybox was created, trustdb was created, and public key imported. And then you'll see an error message: No such file or directory when importing the secret key.
@sssoleileraaa sssoleileraaa self-assigned this Feb 21, 2019
@sssoleileraaa sssoleileraaa mentioned this issue Feb 21, 2019
Merged
@redshiftzero
Copy link
Contributor

redshiftzero commented Feb 22, 2019
edited

Taking a step back, here are my current expectations regarding gpg-agent and run.sh (which seem to mostly be in line with your comment here):

  1. Each time run.sh is executed with a new GPG homedir, a new gpg-agent process will start
  2. These processes are not stopped after the client is closed (worth resolving)
  3. When run.sh is executed for a second time with the same GPG homedir (i.e. using the sdc-home option) then it will not start another gpg-agent process and instead the existing gpg-agent process will be used

I tested the above expectations using gpg 2.2.10 (which does require the use of gpg-agent) and that all seems to check out ✅

With regard to this issue, here's me trying to reproduce and here's what happens:

$ ./run.sh
Running app with home directory: /var/folders/gv/2r10zvfj303fyd5_6yn_p0b80000gn/T/tmp.NgKC1WpK

gpg: keybox '/var/folders/gv/2r10zvfj303fyd5_6yn_p0b80000gn/T/tmp.NgKC1WpK/gpg/pubring.kbx' created
gpg: /var/folders/gv/2r10zvfj303fyd5_6yn_p0b80000gn/T/tmp.NgKC1WpK/gpg/trustdb.gpg: trustdb created
gpg: key CC40EF1228271441: public key "SecureDrop Test/Development (DO NOT USE IN PRODUCTION)" imported
gpg: key CC40EF1228271441: secret key imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg:       secret keys read: 1
gpg:   secret keys imported: 1

$ rm -r /var/folders/gv/2r10zvfj303fyd5_6yn_p0b80000gn/T/tmp.NgKC1WpK/gpg
$  ./run.sh --sdc-home /var/folders/gv/2r10zvfj303fyd5_6yn_p0b80000gn/T/tmp.NgKC1WpK
Running app with home directory: /var/folders/gv/2r10zvfj303fyd5_6yn_p0b80000gn/T/tmp.NgKC1WpK

gpg: keybox '/var/folders/gv/2r10zvfj303fyd5_6yn_p0b80000gn/T/tmp.NgKC1WpK/gpg/pubring.kbx' created
gpg: /var/folders/gv/2r10zvfj303fyd5_6yn_p0b80000gn/T/tmp.NgKC1WpK/gpg/trustdb.gpg: trustdb created
gpg: key CC40EF1228271441: public key "SecureDrop Test/Development (DO NOT USE IN PRODUCTION)" imported
gpg: key CC40EF1228271441: secret key imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg:       secret keys read: 1
gpg:   secret keys imported: 1

You can see in the second run of run.sh the GPG dir is recreated as expected via this line - am I missing a step?

@sssoleileraaa
Copy link
Contributor Author

sssoleileraaa commented Feb 22, 2019
edited

When I do the same thing, I get a different result (I'm on debian 9, using gpg 2.1.18):

on master branch

$ securedrop-client(master○) » ./run.sh                      
Running app with home directory: /tmp/tmp.oLnlmsmBtN

gpg: keybox '/tmp/tmp.oLnlmsmBtN/gpg/pubring.kbx' created
gpg: /tmp/tmp.oLnlmsmBtN/gpg/trustdb.gpg: trustdb created
gpg: key CC40EF1228271441: public key "SecureDrop Test/Development (DO NOT USE IN PRODUCTION)" imported
gpg: key CC40EF1228271441: secret key imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg:       secret keys read: 1
gpg:   secret keys imported: 1

$ securedrop-client(master○) » rm -r /tmp/tmp.oLnlmsmBtN/gpg 
$ securedrop-client(master○) » ./run.sh --sdc-home /tmp/tmp.oLnlmsmBtN 
Running app with home directory: /tmp/tmp.oLnlmsmBtN

gpg: keybox '/tmp/tmp.oLnlmsmBtN/gpg/pubring.kbx' created
gpg: /tmp/tmp.oLnlmsmBtN/gpg/trustdb.gpg: trustdb created
gpg: key CC40EF1228271441: public key "SecureDrop Test/Development (DO NOT USE IN PRODUCTION)" imported
gpg: key CC40EF1228271441/CC40EF1228271441: error sending to agent: No such file or directory
gpg: error building skey array: No such file or directory
gpg: Total number processed: 1
gpg:               imported: 1
gpg:       secret keys read: 1

on kill-gpg-agent branch (no longer a good name)

This branch uses timestamps for gpg home directory names and the issue goes away.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sssoleileraaa sssoleileraaa

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sssoleileraaa @redshiftzero