Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. gpa
gpg-agent Problems
ian at pairowoodies
Nov 10, 2004, 9:53 PM
Post #1 of 4 (3724 views)
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm hoping someone can perhaps point me in the right direction. I am very
sure I have followed the directions carefully found here:
http://kmail.kde.org/kmail-pgpmime-howto.html

I have tried this about a dozen times, both installing from source and rpm.

My OS: Fedora Core 2
GPG Version: 1.25
(Also gpg-1.9.9 configured with agent only)
libgcrypt-1.2.0
libgpg-error-1.0
libksba-0.9.9
pth-2.0.2
libassuan-0.6.6

Everthing installed fine without error messages. All the make check's
reported no errors on any tests.

But when I start gpg-agent:

eval "$(gpg-agent --daemon)"

I get this:
gpg-agent[9366]: Secure memory is not locked into core

When I do a ps -x |grep gpg
I get:
9367 ? S 0:00 gpg-agent --daemon

This is not the same PID that I got when I started gpg-agent.

This command:
echo "test" | gpg -ase -r 0x319CE936 |gpg

I see:
gpg: can't connect to `/tmp/gpg-wjqJw7/S.gpg-agent': Connection refused

/tmp/gpg-wjqJw7/S.gpg-agent exists.

Permissions:
srwxrwxr-x 1 ian ian 0 Nov 10 23:42 S.gpg-agent

Permissions for /tmp/gpg-wjqJw7:
rwx------ 2 ian ian 4096 Nov 10 23:42 gpg-wjqJw7

I am truly stumped. I had this working about 2 months ago, before a hard
drive failure. Reinstalled Fedora Core 2 (which is what was running prior to
the drive failure), but have not been able to get gpg-agent to work nicely at
all since then. My system has two hard drives, my home directory is on a
drive that did not fail. Only the system files and directories needed to be
reinstalled.

I'm not sure what more information I can provide to work out this problem, but
I am truly stumped and have spent hours trying to figure this out. If anyone
has any thoughts or suggestions, I'd very much appreciate it.

Thanks,



- --
Ian Scott
GPG/PGP KEY: 0x319CE936

****************************
http://www.pairowoodies.com/
Providing Goal Centered Internet Solutions

http://www.about-flyfishing.com/
All About Fly Fishing
****************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBkvBG3TmndDGc6TYRAsD4AJ9hye+dBRkQY/5Ibr7gRNZe2ifd5QCguvta
QD/sGY+itI9qTAKUJAMREto=
=aw3G
-----END PGP SIGNATURE-----
Re: gpg-agent Problems [ In reply to ]
wk at gnupg
Nov 11, 2004, 2:08 AM
Post #2 of 4 (3637 views)
Permalink
On Wed, 10 Nov 2004 23:53:22 -0500, Ian Scott said:

> gpg-agent[9366]: Secure memory is not locked into core

That is just a warning to tell you that the memory areas used to store
passpharses and secret keys might get swapped to the disk. setuid
(root) gpg-agent or use a brand new Linux kernel to solve that problem.

> When I do a ps -x |grep gpg
> I get:
> 9367 ? S 0:00 gpg-agent --daemon

> This is not the same PID that I got when I started gpg-agent.

That is fine, gpg-agent does the usual fork to become a daemon.

> This command:
> echo "test" | gpg -ase -r 0x319CE936 |gpg

> I see:
> gpg: can't connect to `/tmp/gpg-wjqJw7/S.gpg-agent': Connection refused

> /tmp/gpg-wjqJw7/S.gpg-agent exists.

> Permissions:
> srwxrwxr-x 1 ian ian 0 Nov 10 23:42 S.gpg-agent

> Permissions for /tmp/gpg-wjqJw7:
> rwx------ 2 ian ian 4096 Nov 10 23:42 gpg-wjqJw7

Does "netstat -lxp" show you a line indicating that gpg-agent with the
above PID is litening on that socket? If not, there is something wrong
with gpg-agent. Configure a log file in ~/.gnupg/gpg-agent.conf to
see what's going on or start gpg-agent under "strace -fo alogfile
gpg-agent --daemon".

You may also want to get the latest gpg-agent (1.9.12) and run
"gpg-agent" which tries to connect to the running gpg-agent to check
whether it is running.

If everything seems to be fine, run gpg under strace and watch out for
a connect call.


Werner
Re: gpg-agent Problems [ In reply to ]
ian at pairowoodies
Nov 11, 2004, 9:08 AM
Post #3 of 4 (3641 views)
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On November 11, 2004 04:08 am, Werner Koch wrote:
> On Wed, 10 Nov 2004 23:53:22 -0500, Ian Scott said:
> > gpg-agent[9366]: Secure memory is not locked into core
>
> That is just a warning to tell you that the memory areas used to store
> passpharses and secret keys might get swapped to the disk. setuid
> (root) gpg-agent or use a brand new Linux kernel to solve that problem.

First, thank you very much for trying to help. I'm using kernel version 2.6.8

> > When I do a ps -x |grep gpg
> > I get:
> > 9367 ? S 0:00 gpg-agent --daemon
> >
> > This is not the same PID that I got when I started gpg-agent.
>
> That is fine, gpg-agent does the usual fork to become a daemon.

Ok.

>
> > This command:
> > echo "test" | gpg -ase -r 0x319CE936 |gpg
> >
> > I see:
> > gpg: can't connect to `/tmp/gpg-wjqJw7/S.gpg-agent': Connection refused
> >
> > /tmp/gpg-wjqJw7/S.gpg-agent exists.
> >
> > Permissions:
> > srwxrwxr-x 1 ian ian 0 Nov 10 23:42 S.gpg-agent
> >
> > Permissions for /tmp/gpg-wjqJw7:
> > rwx------ 2 ian ian 4096 Nov 10 23:42 gpg-wjqJw7
>
> Does "netstat -lxp" show you a line indicating that gpg-agent with the
> above PID is litening on that socket? If not, there is something wrong
> with gpg-agent.

No, netstat -lxp does not show gpg-agent.

> Configure a log file in ~/.gnupg/gpg-agent.conf to
> see what's going on or start gpg-agent under "strace -fo alogfile
> gpg-agent --daemon".

I have this line in gpg-agent.conf:
log-file socket:///home/ian/.gnupg/agentlog

******
Ok, I removed 2 // before /home. Get an error message, which I've never
seen before:
failed to open log file `socket:/home/ian/.gnupg/agentlog': No such file or
directory

So, I remove 'socket:' so the conf file line is now:
log-file /home/ian/.gnupg/agentlog
and start gpg-agent as above.

Would you believe it is now working??!! Oh boy, I feel silly now! But I am
pretty sure I did not add that line to the conf file in the first place.
Would that have been the problem in the first place?

Thank you.

- --
Ian Scott
GPG/PGP KEY: 0x319CE936

****************************
http://www.pairowoodies.com/
Providing Goal Centered Internet Solutions

http://www.about-flyfishing.com/
All About Fly Fishing
****************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD4DBQFBk4593TmndDGc6TYRAkdIAJiYj0L2b/bVL4f5M4dprOUAZEbbAJ993mh7
qFMubg1Rsyel8W7IbT36xg==
=RKXj
-----END PGP SIGNATURE-----
Re: gpg-agent Problems [ In reply to ]
wk at gnupg
Nov 12, 2004, 5:49 AM
Post #4 of 4 (3625 views)
Permalink
On Thu, 11 Nov 2004 11:08:23 -0500, Ian Scott said:

> No, netstat -lxp does not show gpg-agent.

Then gpg-agent is not listening for unknown reasons.

> Ok, I removed 2 // before /home. Get an error message, which I've never
> seen before:
> failed to open log file `socket:/home/ian/.gnupg/agentlog': No such file or
> directory

The 2 extra slashes are important becuase they indicate that logging
should go to a socket.

> Would you believe it is now working??!! Oh boy, I feel silly now! But I am

While working on dirmngr I had the very same problem yesterday; it
turned out that dirmngr used an old version of the logging code and
that is what your gpg-agent also uses.

I did some fixes to the logging code and the daemon initialization on
2004-10-21. That change went into 1.9.12 and solved a problem some
people had when using Mutt. Please update if you want to use
[k]watchgnupg.

Werner

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal