dear all, I had some problems using GPA
I did some testing re: this bug
It seems that gpa really needs the gpg agent up and running. W/o agent
it reports the error:
"THE GPGME library returned and unexpected error at keytable.c:150.
The error was: unknown option"
and is unusable, and it hangs and never exists.
Moreover gpa does not work with the fake agent
"THE GPGME library returned and unexpected error at keytable.c:150.
The error was: unsupported certificate"
I have prepared a workaround . TL;DR jump to section 'Summarizing'
Let me first explain a few technical thingies, so that everybody can
understand the problem and its subtleties
-1------ the gpg agent
To use the gpg-agent , the program gpg needs to know where to find it.
To this end, the location of the agent is saved in the environment
variable GPG_AGENT_INFO
There are two ways to start the agent
-1a--- global gpg-agent for X11 session
If you add the string use-agent to either ~/.gnupg/gpg.conf or
~/.gnupg/options, then a global gpg-agent will be started for the whole
X session. This is done by the script file
/etc/X11/Xsession.d/90gpg-agent . When starting the agent , the env
variable for this agent is also saved in the file
~/.gnupg/gpg-agent-info-$(hostname)
(If you add "use-agent" right now, you need to log out and login again)
-1b------ local gpg-agent for terminal
open a terminal and run the command
# eval $(gpg-agent --daemon)
this will start a gpg-agent, and set the env variable
any further command you issue in this terminal (e.g. gpa) will use this
agent
this is though inconvenient since other terminals will not see this same
agent
-2------- the gnome-keyring
If the gnome-keyring is installed, then it will overwrite the
GPG_AGENT_INFO variable, and propose itself as gpg-agent . Unfortunately
gpa is not compatible. So let's work around this.
-2a---- remove gnome-keyring
You may remove the package gnome-keyring and reboot. Problem is, the
network-manager-applet uses gnome-keyring to store and to ask for WIFI
passwords. If you remove it, next time you will try to connect to a new
WIFI, it will all fail silently.
-2b--- recover global agent
If you are running the global gpg-agent for X11 session, then you can
recover this mess as follows
open a terminal and run the commands
# source ~/.gnupg/gpg-agent-info-$(hostname)
# export GPG_AGENT_INFO
this will recover the connection to the global agent
any further command you issue in this terminal (e.g. gpa) will use the
global agent
this though will not let you use 'gpa' from the main application menu,
so I prepared a automatic method, see sec 4
-2c--- use a local agent
just follow instructions at point 1b before.
--4------------------ Summarizing
This is a workaround that will solve the problem for good.
For normal users, do this:
save the attached file gpa.mine as /tmp/gpa.mine , and
# sudo dpkg-divert --local --rename --add /usr/bin/gpa
# sudo cp /tmp/gpa.mine /usr/bin/gpa
# sudo chown root.root /usr/bin/gpa
# sudo chmod 0755 /usr/bin/gpa
So I suggest to the maintainer to wrap gpa into a shell script,
imitating the above .
After doing the above then gpa works OK in all situations, and you can
keep gnome-keyring installed
that's all folks
a.
#!/bin/sh
: ${GNUPGHOME=$HOME/.gnupg}
GPGAGENT=/usr/bin/gpg-agent
PID_FILE="$GNUPGHOME/gpg-agent-info-$(hostname)"
warn () {
echo "gpa warning: $1" 1>&2
if test -x /usr/bin/zenity ; then
zenity --warning --text="gpa warning: $1" &
fi
}
if ! test -x $GPGAGENT ; then
warn "gpg-agent not installed, gpa will not work correctly"
else
## It would be nice to warn people, but let's omit this
#if test "${GPG_AGENT_INFO}" = "" && ! grep -qs '^[[:space:]]*use-agent'
"$GNUPGHOME/gpg.conf" "$GNUPGHOME/options" ; then
# warn "gpg-agent is not enabled globally, you may want to add
'use-agent' to $GNUPGHOME/gpg.conf
# fi
# the GPG_AGENT_INFO may point to the dreaded gnome-keyring
case ${GPG_AGENT_INFO} in
# this is the agent set up by gnome-keyring, and is not compatible with gpg
/run/user/*/keyring/gpg* | ${XDG_RUNTIME_DIR}/keyring/gpg* )
warn "overriding gnome-keyring fake gpg agent " ; unset
GPG_AGENT_INFO ;;
esac
# if no env variable, try to recover the global one
if test "${GPG_AGENT_INFO}" = "" && test -f ${PID_FILE} ; then
. "${PID_FILE}"
export GPG_AGENT_INFO
fi
# check if the above informations are not stale
if ! $GPGAGENT 1>/dev/null 2>/dev/null; then
$GPGAGENT --daemon --sh --write-env-file=${PID_FILE}
. "${PID_FILE}"
export GPG_AGENT_INFO
fi
fi
exec /usr/bin/gpa.distrib "$@"
signature.asc
Description: OpenPGP digital signature
