Mailing List Archive

wrong gpg-agent version running?
Hello

I've recently upgraded to Debian buster, and then upgraded gpg by
downloading and installing the new version 2.2.17.
Now, I get this warning:

> gpg: WARNING: server 'gpg-agent' is older than us (2.2.12 < 2.2.17)

$ gpg --version
gpg (GnuPG) 2.2.17
libgcrypt 1.8.4

$ which gpg-agent
/usr/local/bin/gpg-agent

$ /usr/local/bin/gpg-agent --version
gpg-agent (GnuPG) 2.2.17
libgcrypt 1.8.4

$ gpgconf --list-dirs
sysconfdir:/usr/local/etc/gnupg
bindir:/usr/local/bin
libexecdir:/usr/local/libexec
libdir:/usr/local/lib/gnupg
datadir:/usr/local/share/gnupg
localedir:/usr/local/share/locale
socketdir:/run/user/1000/gnupg

$ whereis gpg-agent
gpg-agent: /usr/bin/gpg-agent /usr/local/bin/gpg-agent
/usr/share/man/man1/gpg-agent.1.gz

and:
$ /usr/bin/gpg-agent --version
gpg-agent (GnuPG) 2.2.12
libgcrypt 1.8.4

$ echo $PATH
/usr/local/bin /usr/bin /bin /usr/local/games /usr/games

I've even tried to add agent-program /usr/local/bin/gpg-agent to gpg.conf

I don't know why the "wrong" agent gets started, can you please help me?

-Hermi
Re: wrong gpg-agent version running? [ In reply to ]
Hi,

I've run into this issue when my package manager updates gnupg without
killing running gpg-agent daemons.

I think you have a previous (old version) gpg-agent daemon still running.
You can see if that's the case by looking at the output of 'ps x'. I would
recommend killing that daemon by using 'gpgconf --kill gpg-agent'. Your
next invocation of a gpg command will launch a fresh daemon using the
correct version.

Chris

On Thu, 11 Jul 2019 at 11:50, Matthias Herrmann via Gnupg-users <
gnupg-users@gnupg.org> wrote:

> Hello
>
> I've recently upgraded to Debian buster, and then upgraded gpg by
> downloading and installing the new version 2.2.17.
> Now, I get this warning:
>
> > gpg: WARNING: server 'gpg-agent' is older than us (2.2.12 < 2.2.17)
>
> $ gpg --version
> gpg (GnuPG) 2.2.17
> libgcrypt 1.8.4
>
> $ which gpg-agent
> /usr/local/bin/gpg-agent
>
> $ /usr/local/bin/gpg-agent --version
> gpg-agent (GnuPG) 2.2.17
> libgcrypt 1.8.4
>
> $ gpgconf --list-dirs
> sysconfdir:/usr/local/etc/gnupg
> bindir:/usr/local/bin
> libexecdir:/usr/local/libexec
> libdir:/usr/local/lib/gnupg
> datadir:/usr/local/share/gnupg
> localedir:/usr/local/share/locale
> socketdir:/run/user/1000/gnupg
>
> $ whereis gpg-agent
> gpg-agent: /usr/bin/gpg-agent /usr/local/bin/gpg-agent
> /usr/share/man/man1/gpg-agent.1.gz
>
> and:
> $ /usr/bin/gpg-agent --version
> gpg-agent (GnuPG) 2.2.12
> libgcrypt 1.8.4
>
> $ echo $PATH
> /usr/local/bin /usr/bin /bin /usr/local/games /usr/games
>
> I've even tried to add agent-program /usr/local/bin/gpg-agent to gpg.conf
>
> I don't know why the "wrong" agent gets started, can you please help me?
>
> -Hermi
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
Re: wrong gpg-agent version running? [ In reply to ]
Matthias Herrmann [2019-07-11T01:33:43+02] wrote:

> I've recently upgraded to Debian buster, and then upgraded gpg by
> downloading and installing the new version 2.2.17.
> Now, I get this warning:
>
>> gpg: WARNING: server 'gpg-agent' is older than us (2.2.12 < 2.2.17)

> I don't know why the "wrong" agent gets started, can you please help
> me?

I believe it's because there is gpg-agent.socket unit which activates
gpg-agent.service which has the path /usr/bin/gpg-agent. To override
that create a unit "drop-in" file:

# Filename:
# ~/.config/systemd/user/gpg-agent.service.d/my.conf
# or
# /etc/systemd/user/gpg-agent.service.d/my.conf

[Service]
ExecStart=/usr/local/bin/gpg-agent --supervised
ExecReload=/usr/local/bin/gpgconf --reload gpg-agent

Test if it's found with "systemctl --user cat gpg-agent.service". Maybe
also "killall gpg-agent" if you have something left from your previous
settings.

--
/// OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450
// https://keys.openpgp.org/search?q=tlikonen@iki.fi
/ https://keybase.io/tlikonen https://github.com/tlikonen
Re: wrong gpg-agent version running? [ In reply to ]
On 11/07/2019 15:41, Teemu Likonen wrote:
> I believe it's because there is gpg-agent.socket unit which activates
> gpg-agent.service which has the path /usr/bin/gpg-agent. To override
> that create a unit "drop-in" file:

Thank you, that was it.

I edited /usr/lib/systemd/user/gpg-agent.service directly and changed
the ExecStart and ExecReload paths.

-Hermi
Re: wrong gpg-agent version running? [ In reply to ]
Matthias Herrmann [2019-07-11T16:16:29+02] wrote:

> I edited /usr/lib/systemd/user/gpg-agent.service directly and changed
> the ExecStart and ExecReload paths.

It is not a good idea to edit that file directly; it's not a
configuration file. In systemd you should make your own changes in
/etc/systemd/. I quote systemd.unit man page:

Example 2. Overriding vendor settings

There are two methods of overriding vendor settings in unit files:
copying the unit file from /lib/systemd/system to
/etc/systemd/system and modifying the chosen settings.
Alternatively, one can create a directory named unit.d/ within
/etc/systemd/system and place a drop-in file name.conf there that
only changes the specific settings one is interested in. Note that
multiple such drop-in files are read if present, processed in
lexicographic order of their filename.

The advantage of the first method is that one easily overrides the
complete unit, the vendor unit is not parsed at all anymore. It has
the disadvantage that improvements to the unit file by the vendor
are not automatically incorporated on updates.

The advantage of the second method is that one only overrides the
settings one specifically wants, where updates to the unit by the
vendor automatically apply. This has the disadvantage that some
future updates by the vendor might be incompatible with the local
changes.

So in your case the first method (as descibed in the above quote) is to
copy file

/usr/lib/systemd/user/gpg-agent.service

to

/etc/systemd/user/gpg-agent.service

and then edit the latter. The former is not used anymore because the
/etc version overrides it completely. The second method is to override
only parts of it by creating a "drop-in"

/etc/systemd/user/gpg-agent.service.d/my.conf

and define just the [Service] section and the settings one want's to
override:

[Service]
ExecStart=
ExecStart=/usr/local/bin/gpg-agent --supervised
ExecReload=
ExecReload=/usr/local/bin/gpgconf --reload gpg-agent

The empty ExecStart= and ExecReload= reset all possible previous
settings.


--
/// OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450
// https://keys.openpgp.org/search?q=tlikonen@iki.fi
/ https://keybase.io/tlikonen https://github.com/tlikonen
Re: wrong gpg-agent version running? [ In reply to ]
Hi all,

On 11.07.19 15:41, Teemu Likonen via Gnupg-users wrote:
> Matthias Herrmann [2019-07-11T01:33:43+02] wrote:
>
>> I've recently upgraded to Debian buster, and then upgraded gpg by
>> downloading and installing the new version 2.2.17.
>> Now, I get this warning:
>>
>>> gpg: WARNING: server 'gpg-agent' is older than us (2.2.12 < 2.2.17)
>
>> I don't know why the "wrong" agent gets started, can you please help
>> me?
>
> I believe it's because there is gpg-agent.socket unit which activates
> gpg-agent.service which has the path /usr/bin/gpg-agent. To override
> that create a unit "drop-in" file:
>
> # Filename:
> # ~/.config/systemd/user/gpg-agent.service.d/my.conf
> # or
> # /etc/systemd/user/gpg-agent.service.d/my.conf
>
> [Service]
> ExecStart=/usr/local/bin/gpg-agent --supervised
> ExecReload=/usr/local/bin/gpgconf --reload gpg-agent

Did anyone open a bug with Debian (best with proposing a fix)?

Bye
Michael
Re: wrong gpg-agent version running? [ In reply to ]
On 11/07/2019 16:36, Teemu Likonen wrote:
> Matthias Herrmann [2019-07-11T16:16:29+02] wrote:
>
>> I edited /usr/lib/systemd/user/gpg-agent.service directly and changed
>> the ExecStart and ExecReload paths.
>
> It is not a good idea to edit that file directly; it's not a
> configuration file. In systemd you should make your own changes in
> /etc/systemd/. I quote systemd.unit man page:

This worked! Perfect! :)
I created the .d directory and only overwrote ExecStart and ExecReload
as you suggested.

Thank you for the short lesson in systemd, I didn't know about this
mechanism.

-Hermi
Re: wrong gpg-agent version running? [ In reply to ]
Hi

On 11/07/2019 16:45, Michael Kesper wrote:
> Did anyone open a bug with Debian (best with proposing a fix)?

Hello

This is not a bug in debian, they ship with 2.2.12 [1]. I manually
installed 2.2.17 from source.

-Hermi

[1] https://packages.debian.org/buster/gnupg
Re: wrong gpg-agent version running? [ In reply to ]
Michael Kesper [2019-07-11T16:45:06+02] wrote:

> Did anyone open a bug with Debian (best with proposing a fix)?

What bug? We have not seen a bug in this message thread.

--
/// OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450
// https://keys.openpgp.org/search?q=tlikonen@iki.fi
/ https://keybase.io/tlikonen https://github.com/tlikonen
Re: wrong gpg-agent version running? [ In reply to ]
Hi Teemu,

On 11.07.19 17:11, Teemu Likonen wrote:
> Michael Kesper [2019-07-11T16:45:06+02] wrote:
>
>> Did anyone open a bug with Debian (best with proposing a fix)?
>
> What bug? We have not seen a bug in this message thread.

I'd consider it a bug if updating a package does not trigger reloading all
necessary services.

Bye
Michael
Re: wrong gpg-agent version running? [ In reply to ]
Michael Kesper [2019-07-11T17:15:19+02] wrote:

> I'd consider it a bug if updating a package does not trigger reloading
> all necessary services.

We have not been discussing about Debian package upgrade. This message
thread is about additional local installation (/usr/local) which is
outside of Debian's package system.

--
/// OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450
// https://keys.openpgp.org/search?q=tlikonen@iki.fi
/ https://keybase.io/tlikonen https://github.com/tlikonen
Re: wrong gpg-agent version running? [ In reply to ]
Matthias Herrmann via Gnupg-users [2019-07-11T16:49:29+02] wrote:

> I created the .d directory and only overwrote ExecStart and ExecReload
> as you suggested.

Just remembered that there is also dirmngr.service for which you
probably want to the same thing as for gpg-agent.service.

--
/// OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450
// https://keys.openpgp.org/search?q=tlikonen@iki.fi
/ https://keybase.io/tlikonen https://github.com/tlikonen
Re: wrong gpg-agent version running? [ In reply to ]
On 11/07/2019 20:40, Teemu Likonen wrote:
> Just remembered that there is also dirmngr.service for which you
> probably want to the same thing as for gpg-agent.service.

I didn't think of that, thanks for the hint.

-Hermi
Re: wrong gpg-agent version running? [ In reply to ]
Hi Teemu,

On 11.07.19 17:34, Teemu Likonen wrote:
> Michael Kesper [2019-07-11T17:15:19+02] wrote:
>
>> I'd consider it a bug if updating a package does not trigger reloading
>> all necessary services.
>
> We have not been discussing about Debian package upgrade. This message
> thread is about additional local installation (/usr/local) which is
> outside of Debian's package system.

Oh, obviously!
Sorry, did not see that.

Bye
Michael