[Bug 1852696] [NEW] pinentry does not work for both desktop login and SSH login

Jeffrey Walton noloader at gmail.com
Fri Nov 15 07:03:05 UTC 2019 

Public bug reported:

I'm working on a Ubuntu 18.04.3 LTS x86_64 machine (fully patched). The
machine has a GNOME3 desktop. Sometimes I sit at the workstation, and
other times I SSH into the workstation.

When sitting at the workstation Git commit signing works. I use 'git
commit -S ... -m ...', and things work as expected. I get a UI prompt
for my GnuPG password and the work flows as usual.

When I work remotely on the same workstation over SSH I have to forgo
commit signing because:

   $ git commit -S log.h -m "Remove unneeded header"
   error: gpg failed to sign the data
   fatal: failed to write commit object

I'm using a "standard" configuration for SSH, Git and GnuPG. I am not
aware of any special configurations for this setup. However, the repo is
located on my local LAN (and not GitHub, GitLab, etc):

   $ cat .git/config 
   [core]
       repositoryformatversion = 0
       filemode = true
       bare = false
       logallrefupdates = true
    [remote "origin"]
       url = ssh://git@callmaster:/var/callboot-src
       fetch = +refs/heads/*:refs/remotes/origin/*
   [branch "master"]
       remote = origin
       merge = refs/heads/master

There is no specialized GnuPG conf file in $HOME/.gnupg:

   $ ls -A ~/.gnupg/
   3F537D88ADBC1677-private-key.asc  pubring.kbx
   private-keys-v1.d                 trustdb.gpg

Here is pinentry on the machine:

   $ ls -Al /usr/bin/pinentry-*
   -rwxr-xr-x 1 root root 63992 Feb  5  2018 /usr/bin/pinentry-curses
   -rwxr-xr-x 1 root root 72184 Feb  5  2018 /usr/bin/pinentry-gnome3
   lrwxrwxrwx 1 root root    30 Sep  2 19:14 /usr/bin/pinentry-x11 -> /etc/alternatives/pinentry-x11

And then:

   $ ls -Al /etc/alternatives/pinentry-*
   lrwxrwxrwx 1 root root 24 Sep  2 19:14 /etc/alternatives/pinentry-x11 -> /usr/bin/pinentry-gnome3
   lrwxrwxrwx 1 root root 40 Sep  2 19:14 /etc/alternatives/pinentry-x11.1.gz -> /usr/share/man/man1/pinentry-gnome3.1.gz

My .bashrc includes:

   export GPG_TTY=$(tty)

Search is finding a lot about Git signing failures, but not results for
this particular situation. I have to turn the problem over to the
maintainers since I can't figure it out.

What users like me expect is, things just work regardless of how we are
logged in.

** Affects: pinentry (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pinentry in Ubuntu.
https://bugs.launchpad.net/bugs/1852696

Title:
  pinentry does not work for both desktop login and SSH login

Status in pinentry package in Ubuntu:
  New

Bug description:
  I'm working on a Ubuntu 18.04.3 LTS x86_64 machine (fully patched).
  The machine has a GNOME3 desktop. Sometimes I sit at the workstation,
  and other times I SSH into the workstation.

  When sitting at the workstation Git commit signing works. I use 'git
  commit -S ... -m ...', and things work as expected. I get a UI prompt
  for my GnuPG password and the work flows as usual.

  When I work remotely on the same workstation over SSH I have to forgo
  commit signing because:

     $ git commit -S log.h -m "Remove unneeded header"
     error: gpg failed to sign the data
     fatal: failed to write commit object

  I'm using a "standard" configuration for SSH, Git and GnuPG. I am not
  aware of any special configurations for this setup. However, the repo
  is located on my local LAN (and not GitHub, GitLab, etc):

     $ cat .git/config 
     [core]
         repositoryformatversion = 0
         filemode = true
         bare = false
         logallrefupdates = true
      [remote "origin"]
         url = ssh://git@callmaster:/var/callboot-src
         fetch = +refs/heads/*:refs/remotes/origin/*
     [branch "master"]
         remote = origin
         merge = refs/heads/master

  There is no specialized GnuPG conf file in $HOME/.gnupg:

     $ ls -A ~/.gnupg/
     3F537D88ADBC1677-private-key.asc  pubring.kbx
     private-keys-v1.d                 trustdb.gpg

  Here is pinentry on the machine:

     $ ls -Al /usr/bin/pinentry-*
     -rwxr-xr-x 1 root root 63992 Feb  5  2018 /usr/bin/pinentry-curses
     -rwxr-xr-x 1 root root 72184 Feb  5  2018 /usr/bin/pinentry-gnome3
     lrwxrwxrwx 1 root root    30 Sep  2 19:14 /usr/bin/pinentry-x11 -> /etc/alternatives/pinentry-x11

  And then:

     $ ls -Al /etc/alternatives/pinentry-*
     lrwxrwxrwx 1 root root 24 Sep  2 19:14 /etc/alternatives/pinentry-x11 -> /usr/bin/pinentry-gnome3
     lrwxrwxrwx 1 root root 40 Sep  2 19:14 /etc/alternatives/pinentry-x11.1.gz -> /usr/share/man/man1/pinentry-gnome3.1.gz

  My .bashrc includes:

     export GPG_TTY=$(tty)

  Search is finding a lot about Git signing failures, but not results
  for this particular situation. I have to turn the problem over to the
  maintainers since I can't figure it out.

  What users like me expect is, things just work regardless of how we
  are logged in.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pinentry/+bug/1852696/+subscriptions

More information about the foundations-bugs mailing list