Skip to content

module "gpg-agent" doesn't fire up gpg-agent #419

Closed
nasenatmer opened this Issue Apr 22, 2013 · 17 comments

3 participants

@nasenatmer

Hello,

although I think i configured everything accordingly, I don't have gpg-agent running on my system after a reboot. Here's my zpreztorc.
My ~/.gnupg/gpg-agent.conf looks as follows:

# Cache settings (cache for 3 hours)
max-cache-ttl 7200
default-cache-ttl 7200
max-cache-ttl-ssh 7200
default-cache-ttl-ssh 7200

#Pinentry program setting
pinentry-program /usr/bin/pinentry-gtk-2

# Environment file
write-env-file /home/jakob/.gnupg/gpg-agent.env

and still, ps ax | grep gpg outputs nothing…

Could it be because there is an existing ~/.gnupg/gpg-agent.conf?

I also tried setting zstyle ':prezto:module:ssh-agent' forwarding 'yes' but to no avail. Moved the gpg-agent module to the end of the plugins array, also no change. I'm running out of ideas where the problem might be?

@sorin-ionescu
Owner

Since I do not use this module, I cannot help you. @neersighted has modified this module last; perhaps he can help.

@nasenatmer

Cool, maybe also @fwalch might be knowledgeable about it if I understand this correctly.

My suspicion is that it has something to do with the code block from line 34-41:

# Source GPG agent settings, if applicable.
if [[ -s "${_gpg_env}" ]]; then
  source "${_gpg_env}" > /dev/null
  ps -ef | grep "${SSH_AGENT_PID}" | grep -q 'gpg-agent' || {
    _gpg-agent-start
  }
else
  _gpg-agent-start
fi

As usually _gpg_env isn't deleted at shutdown or exit of gpg-agent, it will in most cases still exist and the script will parse only through the first part and finish there.

If I understand the line starting with ps -ef correctly (and I'm not entirely certain of that), grep -q 'gpg-agent' will always exit with code 0 due to finding itself in the ps -ef output. Thus, _gpg-agent-start will never be executed.

To exemplify what I mean:

ps -ef | grep -q 'non-existing-programme' || print "not found"
print $?

And if you do it without the -q switch, you can even see grep highlighted in the output…

Does that make sense? Or am I completely wrong here?

@fwalch
fwalch commented Apr 23, 2013

Normally, it should still work because of the intermediate grep (without -q):
ps -ef | grep "non-existent" | grep -q 'gpg-agent' || echo "starting gpg-agent"

But here, I think the problem is that SSH support is disabled (which could not happen in the original oh-my-zsh plugin), and thus ${SSH_AGENT_PID} is empty:
ps -ef | grep "" | grep -q 'gpg-agent' || echo "starting gpg-agent" doesn't work.

I guess you could do something like this instead:

ps -C gpg-agent | grep -q gpg-agent || {
    _gpg-agent-start
}
# or
ps --no-headers -C gpg-agent > /dev/null || {
    _gpg-agent-start
}

If this looks good, I can do a pull request.

By the way, didn't even know prezto existed until now.. I guess now I have to try it out :wink:

@nasenatmer

Great, it works again! I've committed that in my fork to test it for a while.

What I expected though and seems quite strange is that here, I've got the same problem I encountered with the gpg-agent of oh-my-zsh (see this issue)

I.e., if I start thunderbird from openbox autostart or dmenu_run, it doesn't seem to be able to properly interact with gpg-agent, while when starting it from terminal, passphrase caching is working alright sigh.

@fwalch
fwalch commented Apr 23, 2013

I had exactly the same issue with Thunderbird (resp. Enigmail). The problem is that Thunderbird doesn't know that gpg-agent is running because $GPG_AGENT_INFO is only set when opening a new zsh instance (when the gpg-agent plugin sources ~/.gnupg/gpg-agent.env), but not globally. To fix that, I actually start gpg-agent in my .xinitrc and then export the variables:

export GPG_AGENT_INFO
export SSH_AUTH_SOCK
export SSH_AGENT_PID

The only problem is that for linux virtual terminals, the same gpg-agent is used, and thus the pinentry dialog is always displayed within X11, even if you execute commands in a virtual terminal.

But anyway, this doesn't really have to do anything with the plugin.. although I guess it could support two gpg-agent instances, one for X11 with graphical pinentry and one for virtual console with console pinentry (by checking $TERM).

@nasenatmer

Man, after a thorough introduction into environment variables (after 9 years of linux it was more than necessary by now) I'm glad to have solved this now.

I created a script called thunderbird in /usr/local/bin (which comes before /usr/bin in my $path which looks like that:

#!/bin/zsh

if [[ -s "${HOME}/.gnupg/gpg-agent.info" ]]; then
  source "${HOME}/.gnupg/gpg-agent.info"
fi

export GPG_AGENT_INFO

/usr/bin/thunderbird

and now communication between thunderbird and gpg-agent seems to be fine. Thanks for pointing this out!

I'll go on testing the new check for the gpg-agent module and after a considerable amount of time I'll try to do my first pull request if that's ok (as I'm not the author of the changed line) with you, @fwalch ?

@fwalch
fwalch commented Apr 24, 2013

Sure, go ahead. Glad I could help :-)

@sorin-ionescu
Owner

@nasenatmer, please let me know when you have a fix for this.

@nasenatmer nasenatmer added a commit that referenced this issue Apr 26, 2013
@nasenatmer nasenatmer [Fix #419] start gpg-agent also with ssh-support off
and add a note on the variables exported by this module
96df682
@nasenatmer

As @sorin-ionescu pointed out in the Pull Request #423, ps doesn't have the -C option on BSDs, so I suggested a different solution now.

While writing this comment, I realised that the PID that grep gets from $_gpg_env could also belong to another process. Thus, I added an additional grep check.

Does that solution look sensible or is that terribly bloated for a simple is-that-programme-running check?

@sorin-ionescu
Owner

It does seem awfully bloated.

@nasenatmer

That eems to be the price for Nix/BSD compatibility. I can't come up with another solution.

@sorin-ionescu
Owner

Is the -C switch like pgrep?

@sorin-ionescu
Owner

Why would the PID in $_gpg_env belong to another process?

@sorin-ionescu
Owner

Why does that file need to be read anyway?

$ ps -U "$USER" -x -c -o pid,command | grep gpg-agent                                                                      
35213 gpg-agent
$ less ~/.gnupg/gpg-agent.env                                                                                                
GPG_AGENT_INFO=/tmp/gpg-g2rlKb/S.gpg-agent:35213:1
@sorin-ionescu
Owner

Also, I believe that the default file location is ${HOME}/.gpg-agent-info. I'm not sure why this module sets it to $HOME/.gnupg/gpg-agent.env. Other tools make look for it in the original location.

@sorin-ionescu
Owner

I have two methods for checking the running of gpg-agent.

Just check for the process.

ps -U "$USER" -o 'command' | grep '^gpg-agent'

Check the file and the process.

ps -U "$USER" -o 'command,pid' \
  | grep "${${(@s.:.)GPG_AGENT_INFO}[2]}" \
  | grep -q '^gpg-agent' \
|| _gpg-agent-start

Is not the first one enough? The second one seems redundant.

@nasenatmer

Haha, you got me while answering :)
ps -C seems to do something similar as pgrep, yes. Is pgrep a common programme in *NIXes? Couldn't find it in any prezto modules.

• as gpg-agent.env (or gpg-agent.info) doesn't get deleted when closing gpg-agent, the stale file still contains the PID of a former instance of gpg-agent at reboot or after killing it. I don't know how likely it is, but theoretically another process could have the same PID after reboot, couldn't it? That was why I would do the double check that the PID actually belongs to gpg-agent. I mean I have no clue whatsoever on how likely it is to have another longer lasting process having the same PID as gpg-agent had earlier. I just thought it's a tick more safe.

• regarding the filename of $_gpg_env, there simply seems to have been introduced this tradition from Arch/OMZ into prezto, but I don't know whether there are any specifically good reasons to call it different from it's default name. I agree, that the default name/location should be preferred.

@lucy lucy added a commit to lucy/prezto that referenced this issue May 1, 2013
@sorin-ionescu [Fix #419] Rewrite module gpg-agent; rename it to gpg c396a3b
@gmaghera gmaghera added a commit to gmaghera/prezto that referenced this issue May 1, 2013
@gmaghera gmaghera Getting latest fixes and features.
Merge remote-tracking branch 'upstream/master'

* upstream/master:
  [Fix #419] Rewrite module gpg-agent; rename it to gpg
  [Fix #52] Add zstyles to configure history-substring-search
  [#52] Add zstyles to configure syntax-highlighting
  Set WORDCHARS in the editor module
  [Fix #422] Revert "Remove no longer necessary key bindings"
  Update external history-substring-search
  Sort Git conflict aliases
  [Fix #403] Display accented characters properly
  Correct typos in git module README
  Wrap errant long line in git module README
  Fix misspellings of the word bellow in READMEs
  Remove no longer necessary key bindings
  Update external history-substring-search
  Update external syntax-highlighting
  Update external completions
  [Fix #399] Only enable the main syntax highlighter
  Use the builtin $signals array
eb07611
@stefanfrede stefanfrede pushed a commit that referenced this issue May 12, 2013
Stefan Frede Merge remote-tracking branch 'upstream/master'
* upstream/master:
  Correct syntax error in variable assignment
  Ensure that the tmux server is started
  [Fix #426] Correct syntax error in variable assignment
  [Fix #419] Rewrite module gpg-agent; rename it to gpg
  [Fix #52] Add zstyles to configure history-substring-search
  [#52] Add zstyles to configure syntax-highlighting
  Set WORDCHARS in the editor module
  [Fix #422] Revert "Remove no longer necessary key bindings"
  Update external history-substring-search
  Sort Git conflict aliases

Conflicts:
	modules/history-substring-search/external
3a2ea9a
@admk admk added a commit to admk/prezto that referenced this issue May 20, 2013
@admk admk Merge branch 'master' of https://github.com/sorin-ionescu/prezto into…
… HEAD

* 'master' of https://github.com/sorin-ionescu/prezto: (35 commits)
  Make gpg-agent and ssh-agent work with each other
  [Fix #425] Rewrite module ssh-agent; rename it to ssh
  [Fix #103] Add documentation for editor
  Remove the git-info SIGINT message
  [Fix #307] Do not auto-off git-info
  Remove ununsed variable
  Clarify Git listing aliases descriptions
  Swap aliases gsd and gsL
  Rename alias gRc to gRp
  [Fix #221] Add a simple git-info
  [#221] Do not format undefined zstyles
  Initialize ahead and behind local variables
  Add rar command to archive module
  Refactor Emacs module
  Load completion for Carton
  Correct syntax error in variable assignment
  Ensure that the tmux server is started
  [Fix #426] Correct syntax error in variable assignment
  [Fix #419] Rewrite module gpg-agent; rename it to gpg
  [Fix #52] Add zstyles to configure history-substring-search
  ...
a19cdee
@gudleik gudleik added a commit that referenced this issue May 23, 2013
@gudleik gudleik Merge remote-tracking branch 'upstream/master'
* upstream/master:
  Correct syntax error in variable assignment
  Ensure that the tmux server is started
  [Fix #426] Correct syntax error in variable assignment
  [Fix #419] Rewrite module gpg-agent; rename it to gpg
  [Fix #52] Add zstyles to configure history-substring-search
  [#52] Add zstyles to configure syntax-highlighting
e6149c1
@jeffknupp jeffknupp pushed a commit to jeffknupp/prezto that referenced this issue Oct 15, 2013
@sorin-ionescu [Fix #419] Rewrite module gpg-agent; rename it to gpg 43d743c
@linuslundahl linuslundahl added a commit to linuslundahl/prezto that referenced this issue Oct 17, 2013
@sorin-ionescu [Fix #419] Rewrite module gpg-agent; rename it to gpg cfd9cc4
@zeroasterisk zeroasterisk added a commit to zeroasterisk/prezto that referenced this issue Oct 22, 2013
@sorin-ionescu [Fix #419] Rewrite module gpg-agent; rename it to gpg bb6abf8
@lildude lildude pushed a commit to lildude/prezto that referenced this issue Jan 12, 2014
@sorin-ionescu [Fix #419] Rewrite module gpg-agent; rename it to gpg d6b036e
@lackac lackac added a commit to lackac/prezto that referenced this issue Jan 19, 2014
@sorin-ionescu [Fix #419] Rewrite module gpg-agent; rename it to gpg 51dfd2a
@matthoffman matthoffman added a commit to matthoffman/oh-my-zsh that referenced this issue Sep 18, 2014
@sorin-ionescu [Fix #419] Rewrite module gpg-agent; rename it to gpg 57bfe45
@fanf fanf added a commit to fanf/prezto that referenced this issue Nov 12, 2015
@sorin-ionescu [Fix #419] Rewrite module gpg-agent; rename it to gpg 65d370f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.