#28 closed defect (fixed)
samhainadmin.pl fails at line 453
| Reported by: | anonymous | Owned by: | rainer |
|---|---|---|---|
| Priority: | major | Milestone: | 2.2.3 |
| Component: | main | Version: | 2.2.2 |
| Keywords: | Cc: |
Description
I am using gpg 1.4.2.2 and it returns error code 2 when successfully signing files if the ssh-agent does not run. This is a problem for scripts relying on gpg return error code. I found out that the simple addition of --no-use-agent addition fixes the issue for samhainadmin.pl... See patch below.
$ sudo samhainadmin.pl -m F -------------------------------------------------- Please remember that yule will drop root after startup. Signature verification on SIGHUP will fail if you do not import the public key into the keyring of the non-root yule user. -------------------------------------------------- gpg: WARNING: unsafe ownership on homedir `/home/emoret/.gnupg' You need a passphrase to unlock the secret key for user: "Eric Moret <XXXXXXXXXXXXXXX>" 4096-bit RSA key, ID DBC967BC, created 2005-05-11 gpg: gpg-agent is not available in this session system /usr/bin/gpg --homedir /home/emoret/.gnupg -a --clearsign -o /etc/samhainrc.asc --not-dash-escaped /etc/samhainrc failed: 512 at /usr/local/sbin/samhainadmin.pl line 453.
diff -ruN samhain-2.2.2/scripts/samhainadmin.pl.in samhain-2.2.2.new/scripts/samhainadmin.pl.in
--- samhain-2.2.2/scripts/samhainadmin.pl.in 2006-04-27 13:58:46.000000000 -0700
+++ samhain-2.2.2.new/scripts/samhainadmin.pl.in 2006-07-23 17:23:05.000000000 -0700
@@ -444,12 +444,12 @@
if (defined($passphrase)) {
local $SIG{PIPE} = 'IGNORE';
- my $command = "$gpg --homedir $ENV{'HOME'}/.gnupg --passphrase-fd 0 -a --clearsign -o $fileout --not-dash-escaped $file1";
+ my $command = "$gpg --homedir $ENV{'HOME'}/.gnupg --no-use-agent --passphrase-fd 0 -a --clearsign -o $fileout --not-dash-escaped $file1";
open (FH, "|$command") or die "can't fork: $!";
print FH "$passphrase" or die "can't write: $!";
close FH or die "can't close: status=$?";
} else {
- my $command = "$gpg --homedir $ENV{'HOME'}/.gnupg -a --clearsign -o $fileout --not-dash-escaped $file1";
+ my $command = "$gpg --homedir $ENV{'HOME'}/.gnupg --no-use-agent -a --clearsign -o $fileout --not-dash-escaped $file1";
system("$command") == 0
or die "system $command failed: $?";
}
Change History (4)
comment:1 by , 18 years ago
comment:2 by , 18 years ago
Rather than use --no-use-agent (which will annoy some users to hell), we should check for the problem with a function like this:
my $gpgconf = ".gnupg/gpg.conf";
if (-f $gpgconf) {
my @array = ();
tie @array, 'Tie::File', $gpgconf or die "Cannot tie ${gpgconf}: $!";
my @grep = grep(/^\s*use-agent/, @array);
# print "matches = $#grep\n";
if ($#grep >= 0)
{
if (exists $ENV{'GPG_AGENT_INFO'})
{
my $socke = $ENV{'GPG_AGENT_INFO'};
$socke =~ s/:.*//;
# print "socke = $socke\n";
if (! -S $socke)
{
print "GPG is set to use gpg-agent, but ";
print "GPG Agent is not running, though GPG_AGENT_INFO is defined.\n";
exit 1;
}
}
else
{
print "GPG is set to use gpg-agent, but ";
print "GPG_AGENT_INFO is not defined.\n";
exit 1;
}
}
untie @array;
}
comment:3 by , 18 years ago
| Milestone: | 2.3.0 → 2.2.3 |
|---|
Note:
See TracTickets
for help on using tickets.
It seems that this behaviour of gpg is basically correct and only happens if GPG is set to use the gpg-agent. From lists.gnupg.org/pipermail/gnupg-users/2005-April/025551.html:
GPG error code with successful signing operation
When GPG is set to use the gpg-agent but the gpg-agent is not available (error message "gpg-agent is not available in this session" or "can't connect to `/path/to/non-existent-pipe': No such file or directory"), it produces a fatal error code of 2 even if the passphrase is successfully entered at the prompt.