[Bug 2115419] [NEW] gpg-agent crashes when attempting to establish IPC socket
Larry Merkle
2115419 at bugs.launchpad.net
Thu Jun 26 13:04:06 UTC 2025
Public bug reported:
Summary: gpg-agent (from gnupg package) consistently crashes immediately
on startup due to an IPC socket binding failure, preventing all smart
card (CAC) operations that rely on gpg-agent for PIN entry.
Steps to Reproduce (Minimal and Consistent):
--------------------------------------------
Open a clean terminal session:
Launch your preferred terminal emulator.
Immediately execute bash --noprofile --norc to get a clean sub-shell.
Manually clean the PATH variable to ensure no external environmental interference:
export PATH="/home/xphileprof/.cargo/bin:/home/xphileprof/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin"
Clean up previous GnuPG agent state:
gpgconf --kill gpg-agent
rm -rf /run/user/$(id -u)/gnupg
rm -rf ~/.gnupg/S.gpg-agent*
unset GPG_AGENT_INFO
unset SSH_AUTH_SOCK
Create a temporary directory for gpg-agent to ensure no lingering configuration issues:
TEST_GNUPG_HOME=$(mktemp -d "/tmp/gpgtest.XXXXXX")
chmod 700 "$TEST_GNUPG_HOME"
echo "Using temporary GnuPG home: $TEST_GNUPG_HOME"
Run gpg-agent with strace directed to a log file:
strace -f -o "$TEST_GNUPG_HOME/gpg-agent-strace-crash.log" gpg-agent --debug-level guru --verbose --no-detach --homedir "$TEST_GNUPG_HOME"
(Observe: The gpg-agent process will print initial debug lines to the console (e.g., "enabled debug flags", "no gpg-agent running in this session") and then immediately exit, returning the shell prompt. The terminal will not be held.)
Retrieve the strace log:
cat "$TEST_GNUPG_HOME/gpg-agent-strace-crash.log"
Clean up the temporary directory:
rm -rf "$TEST_GNUPG_HOME"
Expected Behavior:
------------------
gpg-agent should:
Attempt to connect to its standard IPC socket (e.g., /run/user/<UID>/gnupg/S.gpg-agent) to check for an existing agent.
Upon receiving an ENOENT (as the socket file does not exist because no agent is running) or ECONNREFUSED (if a stale socket existed), it should gracefully proceed to bind its own socket to that path.
Stay resident in the foreground, listening for client connections (e.g., from gpg-connect-agent, scdaemon, or applications like Firefox).
Log its activities to the specified log file (gpg-agent-strace-crash.log in this case) including successful socket binding.
Actual Behavior:
----------------
gpg-agent consistently crashes immediately after attempting the initial connect() to its (non-existent) IPC socket.
The strace log clearly shows:
socket(AF_UNIX, SOCK_STREAM, 0) = 3 (successful socket creation).
connect(3, <socket_path_memory_address>, <address_length>) = -1 ENOENT (No such file or directory)
Followed immediately by exit_group(2), indicating an abnormal termination.
gpg-agent never reaches the state where it attempts to bind() its own socket to become the primary agent for the session. Consequently:
pgrep -a gpg-agent returns no running processes.
eval $(gpg-agent --gpg-agent-info) fails, as no agent is running.
Smart card applications like Firefox (which rely on OpenSC -> gpg-agent -> pinentry) fail to get a PIN prompt, showing a generic "Please authenticate to the token" alert without an input field.
Diagnostic Information
----------------------
bash-5.2$ cat "$TEST_GNUPG_HOME/gpg-agent-strace-tempdir.log"
5423 execve("/usr/bin/gpg-agent", ["gpg-agent", "--debug-level", "guru", "--verbose", "--no-detach", "--homedir", "/tmp/gpgtest.XwAUrG"], 0x7fff6bc57f58 /* 69 vars */) = 0
5423 brk(NULL) = 0x55a23c310000
5423 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x71cc77764000
5423 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
5423 fstat(3, {st_mode=S_IFREG|0644, st_size=81679, ...}) = 0
5423 mmap(NULL, 81679, PROT_READ, MAP_PRIVATE, 3, 0) = 0x71cc77750000
5423 close(3) = 0
5423 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libgcrypt.so.20", O_RDONLY|O_CLOEXEC) = 3
5423 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
5423 fstat(3, {st_mode=S_IFREG|0644, st_size=1340976, ...}) = 0
5423 mmap(NULL, 1340272, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x71cc77608000
5423 mmap(0x71cc77617000, 999424, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xf000) = 0x71cc77617000
5423 mmap(0x71cc7770b000, 241664, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x103000) = 0x71cc7770b000
5423 mmap(0x71cc77746000, 36864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13e000) = 0x71cc77746000
5423 mmap(0x71cc7774f000, 880, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x71cc7774f000
5423 close(3) = 0
5423 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libassuan.so.0", O_RDONLY|O_CLOEXEC) = 3
5423 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
5423 fstat(3, {st_mode=S_IFREG|0644, st_size=80176, ...}) = 0
5423 mmap(NULL, 82256, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x71cc775f3000
5423 mmap(0x71cc775f7000, 45056, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x71cc775f7000
5423 mmap(0x71cc77602000, 16384, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xf000) = 0x71cc77602000
5423 mmap(0x71cc77606000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12000) = 0x71cc77606000
5423 close(3) = 0
5423 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libnpth.so.0", O_RDONLY|O_CLOEXEC) = 3
5423 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
5423 fstat(3, {st_mode=S_IFREG|0644, st_size=23040, ...}) = 0
5423 mmap(NULL, 25592, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x71cc775ec000
5423 mmap(0x71cc775ee000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x71cc775ee000
5423 mmap(0x71cc775f0000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x71cc775f0000
5423 mmap(0x71cc775f1000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x71cc775f1000
5423 close(3) = 0
5423 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libgpg-error.so.0", O_RDONLY|O_CLOEXEC) = 3
5423 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
5423 fstat(3, {st_mode=S_IFREG|0644, st_size=149760, ...}) = 0
5423 mmap(NULL, 147880, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x71cc775c7000
5423 mmap(0x71cc775cb000, 90112, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x71cc775cb000
5423 mmap(0x71cc775e1000, 36864, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a000) = 0x71cc775e1000
5423 mmap(0x71cc775ea000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x23000) = 0x71cc775ea000
5423 close(3) = 0
5423 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
5423 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220\243\2\0\0\0\0\0"..., 832) = 832
5423 pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
5423 fstat(3, {st_mode=S_IFREG|0755, st_size=2125328, ...}) = 0
5423 pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
5423 mmap(NULL, 2170256, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x71cc77200000
5423 mmap(0x71cc77228000, 1605632, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x28000) = 0x71cc77228000
5423 mmap(0x71cc773b0000, 323584, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b0000) = 0x71cc773b0000
5423 mmap(0x71cc773ff000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1fe000) = 0x71cc773ff000
5423 mmap(0x71cc77405000, 52624, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x71cc77405000
5423 close(3) = 0
5423 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x71cc775c5000
5423 arch_prctl(ARCH_SET_FS, 0x71cc775c6480) = 0
5423 set_tid_address(0x71cc775c6750) = 5423
5423 set_robust_list(0x71cc775c6760, 24) = 0
5423 rseq(0x71cc775c6da0, 0x20, 0, 0x53053053) = 0
5423 mprotect(0x71cc773ff000, 16384, PROT_READ) = 0
5423 mprotect(0x71cc775ea000, 4096, PROT_READ) = 0
5423 mprotect(0x71cc775f1000, 4096, PROT_READ) = 0
5423 mprotect(0x71cc77606000, 4096, PROT_READ) = 0
5423 mprotect(0x71cc77746000, 20480, PROT_READ) = 0
5423 mprotect(0x55a207a7e000, 8192, PROT_READ) = 0
5423 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x71cc775c3000
5423 mprotect(0x71cc7779c000, 8192, PROT_READ) = 0
5423 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
5423 munmap(0x71cc77750000, 81679) = 0
5423 getrandom("\x46\x5e\x11\x09\x31\xc8\x5e\xbc", 8, GRND_NONBLOCK) = 8
5423 brk(NULL) = 0x55a23c310000
5423 brk(0x55a23c331000) = 0x55a23c331000
5423 prctl(PR_SET_DUMPABLE, SUID_DUMP_DISABLE) = 0
5423 openat(AT_FDCWD, 0x55a207a6f8a2, O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
5423 fstat(3, 0x7fff29ceb190) = 0
5423 getdents64(3, 0x55a23c310300 /* 0+ entries */, 32768) = 144
5423 getdents64(3, 0x55a23c310300 /* 0 entries */, 32768) = 0
5423 close(3) = 0
5423 fstat(0, 0x7fff29ceb420) = 0
5423 fstat(1, 0x7fff29ceb420) = 0
5423 fstat(2, 0x7fff29ceb420) = 0
5423 fstat(3, 0x7fff29ceb420) = -1 EBADF (Bad file descriptor)
5423 rt_sigprocmask(SIG_UNBLOCK, NULL, 0x55a207a810c0, 8) = 0
5423 openat(AT_FDCWD, 0x71cc773d48b0, O_RDONLY|O_CLOEXEC) = 3
5423 fstat(3, 0x71cc77404800) = 0
5423 mmap(NULL, 5719296, PROT_READ, MAP_PRIVATE, 3, 0) = 0x71cc76c00000
5423 close(3) = 0
5423 readlink(0x55a207a6f5f4, 0x55a23c311480, 255) = 18
5423 access(0x55a23c311590, F_OK) = -1 ENOENT (No such file or directory)
5423 access(0x71cc7770bddd, F_OK) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x71cc7770b790, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x71cc7770be04, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x7fff29ce9ec0, O_RDONLY|O_CLOEXEC) = 3
5423 fstat(3, 0x7fff29ce9cd0) = 0
5423 read(3, 0x55a23c319e40, 4096) = 2996
5423 read(3, "", 4096) = 0
5423 close(3) = 0
5423 openat(AT_FDCWD, 0x55a23c319e00, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x55a23c319e90, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x55a23c319fa0, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x55a23c319f10, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 prlimit64(0, RLIMIT_CORE, NULL, 0x7fff29ceb380) = 0
5423 prlimit64(0, RLIMIT_CORE, 0x7fff29ceb380, NULL) = 0
5423 ioctl(0, TCGETS, 0x7fff29ceb1e0) = 0
5423 ioctl(0, TCGETS, 0x7fff29ceaff0) = 0
5423 fstat(0, 0x7fff29ceb0b0) = 0
5423 readlink(0x7fff29ceb050, 0x55a23c31cb80, 4095) = 10
5423 newfstatat(AT_FDCWD, 0x55a23c31cb80, 0x7fff29ceb140, 0) = 0
5423 mmap(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x71cc77754000
5423 getuid() = 1000
5423 mlock(0x71cc77754000, 65536) = 0
5423 geteuid() = 1000
5423 openat(AT_FDCWD, 0x55a23c31adb0, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x55a23c31adb0, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x55a23c31db90, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x55a23c31ae20, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 getpid() = 5423
5423 write(2, 0x55a23c317dd0, 81) = 81
5423 write(2, 0x55a207a6e0db, 1) = 1
5423 getuid() = 1000
5423 newfstatat(AT_FDCWD, 0x7fff29ceb120, 0x7fff29ceb150, 0) = 0
5423 getuid() = 1000
5423 newfstatat(AT_FDCWD, 0x7fff29ceb120, 0x7fff29ceb150, 0) = -1 ENOENT (No such file or directory)
5423 mkdir(0x7fff29ceb120, 0700) = 0
5423 newfstatat(AT_FDCWD, 0x7fff29ceb120, 0x7fff29ceb150, 0) = 0
5423 getuid() = 1000
5423 newfstatat(AT_FDCWD, 0x55a23c31a370, 0x7fff29ceb150, 0) = -1 ENOENT (No such file or directory)
5423 mkdir(0x55a23c31a370, 0700) = 0
5423 newfstatat(AT_FDCWD, 0x7fff29ceb120, 0x7fff29ceb150, 0) = 0
5423 newfstatat(AT_FDCWD, 0x55a23c31a3b0, 0x7fff29ceb060, 0) = -1 ENOENT (No such file or directory)
5423 socket(AF_UNIX, SOCK_STREAM, 0) = 3
5423 newfstatat(AT_FDCWD, 0x7fff29ceb192, 0x7fff29ceb060, 0) = -1 ENOENT (No such file or directory)
5423 connect(3, 0x7fff29ceb190, 61) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x55a23c31a400, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x55a23c31a490, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x55a23c31a590, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x55a23c31a510, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 close(3) = 0
5423 openat(AT_FDCWD, 0x55a23c31a620, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x55a23c31a660, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x55a23c31a760, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x55a23c31a6e0, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 getpid() = 5423
5423 write(2, 0x55a23c317dd0, 17) = 17
5423 write(2, 0x55a207a70358, 37) = 37
5423 getpid() = 5423
5423 write(2, 0x55a23c317dd0, 71) = 71
5423 write(2, 0x71cc777101a7, 1) = 1
5423 write(2, 0x55a23c317dd0, 46) = 46
5423 write(2, 0x71cc777101e2, 1) = 1
5423 getpid() = 5423
5423 write(2, 0x55a23c317dd0, 75) = 75
5423 write(2, 0x71cc7771654e, 1) = 1
5423 getpid() = 5423
5423 write(2, 0x55a23c317dd0, 49) = 49
5423 write(2, 0x71cc77710200, 8) = 8
5423 munmap(0x71cc77754000, 65536) = 0
5423 exit_group(2) = ?
5423 +++ exited with 2 +++
Additional Context/Troubleshooting Already Performed:
-----------------------------------------------------
This issue occurs consistently across:
Conda ((base)) environment.
Clean Bash shell (bash --noprofile --norc) with manually reset $PATH.
The gnupg and gnupg-agent packages have been reinstalled via sudo apt install --reinstall gnupg gnupg-agent, followed by a system reboot, with no change in behavior.
~/.gnupg directory permissions have been verified and reset (chmod 700 ~/.gnupg, chmod 600 ~/.gnupg/*).
Using a completely fresh, temporary GNUPGHOME directory (as in steps to reproduce) does not resolve the issue.
pcsc_scan successfully detects the built-in keyboard CAC reader and reads the CAC card.
opensc, libpcsclite1, libpcsclite-dev, libnss3-tools are installed and up to date.
coolkey is confirmed not to be installed.
DoD certificates are successfully downloaded and imported into Firefox.
The OpenSC PKCS#11 module (/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so) is correctly loaded in Firefox.
pinentry-gnome3 executable is present and runs (though without displaying a window when invoked directly, it prints "OK Pleased to meet you"), but gpg-agent never reaches the point of trying to launch it.
Environment:
------------
Operating System: Ubuntu 24.04 LTS (Noble Numbat)
gnupg package version: 2.4.4-2ubuntu17.2
gnupg-agent package version: 2.4.4-2ubuntu17.2
Hardware: Dell Precision T7610
Kernel Version: Linux merkle-Precision-T7610 6.8.0-62-generic #65-Ubuntu SMP PREEMPT_DYNAMIC Mon May 19 17:15:03 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
Desktop Environment: (e.g., GNOME, KDE Plasma, XFCE)
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: gpg-agent 2.4.4-2ubuntu17.2
ProcVersionSignature: Ubuntu 6.8.0-62.65-generic 6.8.12
Uname: Linux 6.8.0-62-generic x86_64
ApportVersion: 2.28.1-0ubuntu3.7
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: ubuntu:GNOME
Date: Thu Jun 26 08:50:29 2025
InstallationDate: Installed on 2018-12-26 (2374 days ago)
InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725)
SourcePackage: gnupg2
UpgradeStatus: Upgraded to noble on 2024-10-01 (268 days ago)
** Affects: gnupg2 (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug noble
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnupg2 in Ubuntu.
https://bugs.launchpad.net/bugs/2115419
Title:
gpg-agent crashes when attempting to establish IPC socket
Status in gnupg2 package in Ubuntu:
New
Bug description:
Summary: gpg-agent (from gnupg package) consistently crashes
immediately on startup due to an IPC socket binding failure,
preventing all smart card (CAC) operations that rely on gpg-agent for
PIN entry.
Steps to Reproduce (Minimal and Consistent):
--------------------------------------------
Open a clean terminal session:
Launch your preferred terminal emulator.
Immediately execute bash --noprofile --norc to get a clean sub-shell.
Manually clean the PATH variable to ensure no external environmental interference:
export PATH="/home/xphileprof/.cargo/bin:/home/xphileprof/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin"
Clean up previous GnuPG agent state:
gpgconf --kill gpg-agent
rm -rf /run/user/$(id -u)/gnupg
rm -rf ~/.gnupg/S.gpg-agent*
unset GPG_AGENT_INFO
unset SSH_AUTH_SOCK
Create a temporary directory for gpg-agent to ensure no lingering configuration issues:
TEST_GNUPG_HOME=$(mktemp -d "/tmp/gpgtest.XXXXXX")
chmod 700 "$TEST_GNUPG_HOME"
echo "Using temporary GnuPG home: $TEST_GNUPG_HOME"
Run gpg-agent with strace directed to a log file:
strace -f -o "$TEST_GNUPG_HOME/gpg-agent-strace-crash.log" gpg-agent --debug-level guru --verbose --no-detach --homedir "$TEST_GNUPG_HOME"
(Observe: The gpg-agent process will print initial debug lines to the console (e.g., "enabled debug flags", "no gpg-agent running in this session") and then immediately exit, returning the shell prompt. The terminal will not be held.)
Retrieve the strace log:
cat "$TEST_GNUPG_HOME/gpg-agent-strace-crash.log"
Clean up the temporary directory:
rm -rf "$TEST_GNUPG_HOME"
Expected Behavior:
------------------
gpg-agent should:
Attempt to connect to its standard IPC socket (e.g., /run/user/<UID>/gnupg/S.gpg-agent) to check for an existing agent.
Upon receiving an ENOENT (as the socket file does not exist because no agent is running) or ECONNREFUSED (if a stale socket existed), it should gracefully proceed to bind its own socket to that path.
Stay resident in the foreground, listening for client connections (e.g., from gpg-connect-agent, scdaemon, or applications like Firefox).
Log its activities to the specified log file (gpg-agent-strace-crash.log in this case) including successful socket binding.
Actual Behavior:
----------------
gpg-agent consistently crashes immediately after attempting the initial connect() to its (non-existent) IPC socket.
The strace log clearly shows:
socket(AF_UNIX, SOCK_STREAM, 0) = 3 (successful socket creation).
connect(3, <socket_path_memory_address>, <address_length>) = -1 ENOENT (No such file or directory)
Followed immediately by exit_group(2), indicating an abnormal termination.
gpg-agent never reaches the state where it attempts to bind() its own socket to become the primary agent for the session. Consequently:
pgrep -a gpg-agent returns no running processes.
eval $(gpg-agent --gpg-agent-info) fails, as no agent is running.
Smart card applications like Firefox (which rely on OpenSC -> gpg-agent -> pinentry) fail to get a PIN prompt, showing a generic "Please authenticate to the token" alert without an input field.
Diagnostic Information
----------------------
bash-5.2$ cat "$TEST_GNUPG_HOME/gpg-agent-strace-tempdir.log"
5423 execve("/usr/bin/gpg-agent", ["gpg-agent", "--debug-level", "guru", "--verbose", "--no-detach", "--homedir", "/tmp/gpgtest.XwAUrG"], 0x7fff6bc57f58 /* 69 vars */) = 0
5423 brk(NULL) = 0x55a23c310000
5423 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x71cc77764000
5423 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
5423 fstat(3, {st_mode=S_IFREG|0644, st_size=81679, ...}) = 0
5423 mmap(NULL, 81679, PROT_READ, MAP_PRIVATE, 3, 0) = 0x71cc77750000
5423 close(3) = 0
5423 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libgcrypt.so.20", O_RDONLY|O_CLOEXEC) = 3
5423 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
5423 fstat(3, {st_mode=S_IFREG|0644, st_size=1340976, ...}) = 0
5423 mmap(NULL, 1340272, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x71cc77608000
5423 mmap(0x71cc77617000, 999424, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xf000) = 0x71cc77617000
5423 mmap(0x71cc7770b000, 241664, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x103000) = 0x71cc7770b000
5423 mmap(0x71cc77746000, 36864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13e000) = 0x71cc77746000
5423 mmap(0x71cc7774f000, 880, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x71cc7774f000
5423 close(3) = 0
5423 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libassuan.so.0", O_RDONLY|O_CLOEXEC) = 3
5423 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
5423 fstat(3, {st_mode=S_IFREG|0644, st_size=80176, ...}) = 0
5423 mmap(NULL, 82256, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x71cc775f3000
5423 mmap(0x71cc775f7000, 45056, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x71cc775f7000
5423 mmap(0x71cc77602000, 16384, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xf000) = 0x71cc77602000
5423 mmap(0x71cc77606000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12000) = 0x71cc77606000
5423 close(3) = 0
5423 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libnpth.so.0", O_RDONLY|O_CLOEXEC) = 3
5423 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
5423 fstat(3, {st_mode=S_IFREG|0644, st_size=23040, ...}) = 0
5423 mmap(NULL, 25592, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x71cc775ec000
5423 mmap(0x71cc775ee000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x71cc775ee000
5423 mmap(0x71cc775f0000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x71cc775f0000
5423 mmap(0x71cc775f1000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x71cc775f1000
5423 close(3) = 0
5423 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libgpg-error.so.0", O_RDONLY|O_CLOEXEC) = 3
5423 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
5423 fstat(3, {st_mode=S_IFREG|0644, st_size=149760, ...}) = 0
5423 mmap(NULL, 147880, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x71cc775c7000
5423 mmap(0x71cc775cb000, 90112, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x71cc775cb000
5423 mmap(0x71cc775e1000, 36864, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a000) = 0x71cc775e1000
5423 mmap(0x71cc775ea000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x23000) = 0x71cc775ea000
5423 close(3) = 0
5423 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
5423 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220\243\2\0\0\0\0\0"..., 832) = 832
5423 pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
5423 fstat(3, {st_mode=S_IFREG|0755, st_size=2125328, ...}) = 0
5423 pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
5423 mmap(NULL, 2170256, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x71cc77200000
5423 mmap(0x71cc77228000, 1605632, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x28000) = 0x71cc77228000
5423 mmap(0x71cc773b0000, 323584, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b0000) = 0x71cc773b0000
5423 mmap(0x71cc773ff000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1fe000) = 0x71cc773ff000
5423 mmap(0x71cc77405000, 52624, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x71cc77405000
5423 close(3) = 0
5423 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x71cc775c5000
5423 arch_prctl(ARCH_SET_FS, 0x71cc775c6480) = 0
5423 set_tid_address(0x71cc775c6750) = 5423
5423 set_robust_list(0x71cc775c6760, 24) = 0
5423 rseq(0x71cc775c6da0, 0x20, 0, 0x53053053) = 0
5423 mprotect(0x71cc773ff000, 16384, PROT_READ) = 0
5423 mprotect(0x71cc775ea000, 4096, PROT_READ) = 0
5423 mprotect(0x71cc775f1000, 4096, PROT_READ) = 0
5423 mprotect(0x71cc77606000, 4096, PROT_READ) = 0
5423 mprotect(0x71cc77746000, 20480, PROT_READ) = 0
5423 mprotect(0x55a207a7e000, 8192, PROT_READ) = 0
5423 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x71cc775c3000
5423 mprotect(0x71cc7779c000, 8192, PROT_READ) = 0
5423 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
5423 munmap(0x71cc77750000, 81679) = 0
5423 getrandom("\x46\x5e\x11\x09\x31\xc8\x5e\xbc", 8, GRND_NONBLOCK) = 8
5423 brk(NULL) = 0x55a23c310000
5423 brk(0x55a23c331000) = 0x55a23c331000
5423 prctl(PR_SET_DUMPABLE, SUID_DUMP_DISABLE) = 0
5423 openat(AT_FDCWD, 0x55a207a6f8a2, O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
5423 fstat(3, 0x7fff29ceb190) = 0
5423 getdents64(3, 0x55a23c310300 /* 0+ entries */, 32768) = 144
5423 getdents64(3, 0x55a23c310300 /* 0 entries */, 32768) = 0
5423 close(3) = 0
5423 fstat(0, 0x7fff29ceb420) = 0
5423 fstat(1, 0x7fff29ceb420) = 0
5423 fstat(2, 0x7fff29ceb420) = 0
5423 fstat(3, 0x7fff29ceb420) = -1 EBADF (Bad file descriptor)
5423 rt_sigprocmask(SIG_UNBLOCK, NULL, 0x55a207a810c0, 8) = 0
5423 openat(AT_FDCWD, 0x71cc773d48b0, O_RDONLY|O_CLOEXEC) = 3
5423 fstat(3, 0x71cc77404800) = 0
5423 mmap(NULL, 5719296, PROT_READ, MAP_PRIVATE, 3, 0) = 0x71cc76c00000
5423 close(3) = 0
5423 readlink(0x55a207a6f5f4, 0x55a23c311480, 255) = 18
5423 access(0x55a23c311590, F_OK) = -1 ENOENT (No such file or directory)
5423 access(0x71cc7770bddd, F_OK) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x71cc7770b790, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x71cc7770be04, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x7fff29ce9ec0, O_RDONLY|O_CLOEXEC) = 3
5423 fstat(3, 0x7fff29ce9cd0) = 0
5423 read(3, 0x55a23c319e40, 4096) = 2996
5423 read(3, "", 4096) = 0
5423 close(3) = 0
5423 openat(AT_FDCWD, 0x55a23c319e00, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x55a23c319e90, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x55a23c319fa0, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x55a23c319f10, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 prlimit64(0, RLIMIT_CORE, NULL, 0x7fff29ceb380) = 0
5423 prlimit64(0, RLIMIT_CORE, 0x7fff29ceb380, NULL) = 0
5423 ioctl(0, TCGETS, 0x7fff29ceb1e0) = 0
5423 ioctl(0, TCGETS, 0x7fff29ceaff0) = 0
5423 fstat(0, 0x7fff29ceb0b0) = 0
5423 readlink(0x7fff29ceb050, 0x55a23c31cb80, 4095) = 10
5423 newfstatat(AT_FDCWD, 0x55a23c31cb80, 0x7fff29ceb140, 0) = 0
5423 mmap(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x71cc77754000
5423 getuid() = 1000
5423 mlock(0x71cc77754000, 65536) = 0
5423 geteuid() = 1000
5423 openat(AT_FDCWD, 0x55a23c31adb0, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x55a23c31adb0, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x55a23c31db90, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x55a23c31ae20, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 getpid() = 5423
5423 write(2, 0x55a23c317dd0, 81) = 81
5423 write(2, 0x55a207a6e0db, 1) = 1
5423 getuid() = 1000
5423 newfstatat(AT_FDCWD, 0x7fff29ceb120, 0x7fff29ceb150, 0) = 0
5423 getuid() = 1000
5423 newfstatat(AT_FDCWD, 0x7fff29ceb120, 0x7fff29ceb150, 0) = -1 ENOENT (No such file or directory)
5423 mkdir(0x7fff29ceb120, 0700) = 0
5423 newfstatat(AT_FDCWD, 0x7fff29ceb120, 0x7fff29ceb150, 0) = 0
5423 getuid() = 1000
5423 newfstatat(AT_FDCWD, 0x55a23c31a370, 0x7fff29ceb150, 0) = -1 ENOENT (No such file or directory)
5423 mkdir(0x55a23c31a370, 0700) = 0
5423 newfstatat(AT_FDCWD, 0x7fff29ceb120, 0x7fff29ceb150, 0) = 0
5423 newfstatat(AT_FDCWD, 0x55a23c31a3b0, 0x7fff29ceb060, 0) = -1 ENOENT (No such file or directory)
5423 socket(AF_UNIX, SOCK_STREAM, 0) = 3
5423 newfstatat(AT_FDCWD, 0x7fff29ceb192, 0x7fff29ceb060, 0) = -1 ENOENT (No such file or directory)
5423 connect(3, 0x7fff29ceb190, 61) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x55a23c31a400, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x55a23c31a490, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x55a23c31a590, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x55a23c31a510, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 close(3) = 0
5423 openat(AT_FDCWD, 0x55a23c31a620, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x55a23c31a660, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x55a23c31a760, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 openat(AT_FDCWD, 0x55a23c31a6e0, O_RDONLY) = -1 ENOENT (No such file or directory)
5423 getpid() = 5423
5423 write(2, 0x55a23c317dd0, 17) = 17
5423 write(2, 0x55a207a70358, 37) = 37
5423 getpid() = 5423
5423 write(2, 0x55a23c317dd0, 71) = 71
5423 write(2, 0x71cc777101a7, 1) = 1
5423 write(2, 0x55a23c317dd0, 46) = 46
5423 write(2, 0x71cc777101e2, 1) = 1
5423 getpid() = 5423
5423 write(2, 0x55a23c317dd0, 75) = 75
5423 write(2, 0x71cc7771654e, 1) = 1
5423 getpid() = 5423
5423 write(2, 0x55a23c317dd0, 49) = 49
5423 write(2, 0x71cc77710200, 8) = 8
5423 munmap(0x71cc77754000, 65536) = 0
5423 exit_group(2) = ?
5423 +++ exited with 2 +++
Additional Context/Troubleshooting Already Performed:
-----------------------------------------------------
This issue occurs consistently across:
Conda ((base)) environment.
Clean Bash shell (bash --noprofile --norc) with manually reset $PATH.
The gnupg and gnupg-agent packages have been reinstalled via sudo apt install --reinstall gnupg gnupg-agent, followed by a system reboot, with no change in behavior.
~/.gnupg directory permissions have been verified and reset (chmod 700 ~/.gnupg, chmod 600 ~/.gnupg/*).
Using a completely fresh, temporary GNUPGHOME directory (as in steps to reproduce) does not resolve the issue.
pcsc_scan successfully detects the built-in keyboard CAC reader and reads the CAC card.
opensc, libpcsclite1, libpcsclite-dev, libnss3-tools are installed and up to date.
coolkey is confirmed not to be installed.
DoD certificates are successfully downloaded and imported into Firefox.
The OpenSC PKCS#11 module (/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so) is correctly loaded in Firefox.
pinentry-gnome3 executable is present and runs (though without displaying a window when invoked directly, it prints "OK Pleased to meet you"), but gpg-agent never reaches the point of trying to launch it.
Environment:
------------
Operating System: Ubuntu 24.04 LTS (Noble Numbat)
gnupg package version: 2.4.4-2ubuntu17.2
gnupg-agent package version: 2.4.4-2ubuntu17.2
Hardware: Dell Precision T7610
Kernel Version: Linux merkle-Precision-T7610 6.8.0-62-generic #65-Ubuntu SMP PREEMPT_DYNAMIC Mon May 19 17:15:03 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
Desktop Environment: (e.g., GNOME, KDE Plasma, XFCE)
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: gpg-agent 2.4.4-2ubuntu17.2
ProcVersionSignature: Ubuntu 6.8.0-62.65-generic 6.8.12
Uname: Linux 6.8.0-62-generic x86_64
ApportVersion: 2.28.1-0ubuntu3.7
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: ubuntu:GNOME
Date: Thu Jun 26 08:50:29 2025
InstallationDate: Installed on 2018-12-26 (2374 days ago)
InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725)
SourcePackage: gnupg2
UpgradeStatus: Upgraded to noble on 2024-10-01 (268 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/2115419/+subscriptions
More information about the foundations-bugs
mailing list