unofficial mirror of help-gnu-emacs@gnu.org
 help / color / mirror / Atom feed
* emacs interface with gpg-agent stopped working (or stopped caching passphrase)
@ 2016-09-03  6:32 derkire
  2016-09-03  6:40 ` derkire
  2016-09-03 14:52 ` Teemu Likonen
  0 siblings, 2 replies; 8+ messages in thread
From: derkire @ 2016-09-03  6:32 UTC (permalink / raw)
  To: help-gnu-emacs

Hi, 

I just ran a full dnf update of packages on my fedora 23 installation, and the emacs interface with gpg-agent no longer works. I hope someone can tell me what I need to do to make it work again. Here are the details.

Expected (old) behavior: When opening (find-file) files in emacs, emacs contacts the
gpg-agent, and a GUI window is popped to enter the passphrase. This is
then enough to decrypt ALL additional .gpg files opened by emacs for the next
5 minutes.

Actual (new) behavior: emacs instead asks for passphrase in the minibuffer (not GUI popup!), and the file will decrypt, BUT the PP has to be entered each time a new file is opened. That is, no more 5min/300sec window of caching. I interpret this to mean that the interface between emacs and the gpg-agent is not functioning correctly.

Other observations (after spending at least 5 hours on this, with web searches and trying to follow various hints and tips and recipes):

1. I think the GUI window that was previously used to enter the passphrase was  /usr/libexec/openssh/gnome-ssh-askpass. It looks similar. 

2. I noticed that GPG_AGENT_INFO changed from something like $HOME/.gnupg/S.gpg-agent:1949:1 to /run/user/1000/gnupg/S.gpg-agent.ssh

3. I tried setting GPG_TTY before starting a new emacs instance, but it made no difference.

4. my gpg-agent.conf is

default-cache-ttl 300
max-cache-ttl 3000

and I also tried to add

enable-ssh-support
allow-emacs-pinentry

5. OS and package versions

Fedora release 23 (Twenty Three)
Linux version 4.6.7-200.fc23.x86_64 (mockbuild@bkernel02.phx2.fedoraproject.org) (gcc version 5.3.1 20160406 (Red Hat 5.3.1-6) (GCC) ) #1 SMP Wed Aug 17 14:24:53 UTC 2016

GNU Emacs 24.5.1 (x86_64-redhat-linux-gnu, GTK+ Version 3.18.9) of 2016-04-11 on buildvm-25.phx2.fedoraproject.org

gnupg2 x86_64 2.1.13-1.fc23  

6. My .xsession equivalent uses (csh, please forgive :))

eval `gpg-agent --daemon`

and this command sets

SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh

but does not set GPG_AGENT_INFO. Setting GPG_AGENT_INFO manually to the same value as SSH_AUTH_SOCK, before starting emacs in that same shell, does not fix the problem.

******************************************************************

I hope I have provided sufficient detail to understand what the problem is, but as I said I have spent hours on this and cannot crack the problem. Thanks much.



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: emacs interface with gpg-agent stopped working (or stopped caching passphrase)
  2016-09-03  6:32 derkire
@ 2016-09-03  6:40 ` derkire
  2016-09-03  7:09   ` Eli Zaretskii
  2016-09-03 14:52 ` Teemu Likonen
  1 sibling, 1 reply; 8+ messages in thread
From: derkire @ 2016-09-03  6:40 UTC (permalink / raw)
  To: help-gnu-emacs

I should also have mentioned that my ~/.emacs file contains

(setq  pgg-gpg-use-agent t)

bout otherwise no gpg-related settings as far as I can tell.


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: emacs interface with gpg-agent stopped working (or stopped caching passphrase)
  2016-09-03  6:40 ` derkire
@ 2016-09-03  7:09   ` Eli Zaretskii
  0 siblings, 0 replies; 8+ messages in thread
From: Eli Zaretskii @ 2016-09-03  7:09 UTC (permalink / raw)
  To: help-gnu-emacs

> Date: Fri, 2 Sep 2016 23:40:05 -0700 (PDT)
> From: derkire@gmail.com
> Injection-Date: Sat, 03 Sep 2016 06:40:06 +0000
> 
> I should also have mentioned that my ~/.emacs file contains
> 
> (setq  pgg-gpg-use-agent t)
> 
> bout otherwise no gpg-related settings as far as I can tell.

I know nothing about using gpg-agent and related packages.  However, I
see that Emacs comes with a pgg.info manual, which includes a section
named "Caching passphrase".  I suggest to read that section and make
sure you have everything set up according to what it says.

Apologies if you already studied all that.

Another possibility is that the changes, whatever they are, are on the
GPG side, not in Emacs.  In that case, if no one here has the answer,
perhaps someone on the GPG forum(s) will.



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: emacs interface with gpg-agent stopped working (or stopped caching passphrase)
  2016-09-03  6:32 derkire
  2016-09-03  6:40 ` derkire
@ 2016-09-03 14:52 ` Teemu Likonen
  2016-09-03 15:04   ` Teemu Likonen
                     ` (2 more replies)
  1 sibling, 3 replies; 8+ messages in thread
From: Teemu Likonen @ 2016-09-03 14:52 UTC (permalink / raw)
  To: derkire; +Cc: help-gnu-emacs

[-- Attachment #1: Type: text/plain, Size: 1179 bytes --]

derkire@gmail.com [2016-09-02 23:32:11-07] wrote:

> Expected (old) behavior: When opening (find-file) files in emacs,
> emacs contacts the gpg-agent, and a GUI window is popped to enter the
> passphrase. This is then enough to decrypt ALL additional .gpg files
> opened by emacs for the next 5 minutes.
>
> Actual (new) behavior: emacs instead asks for passphrase in the
> minibuffer (not GUI popup!), and the file will decrypt, BUT the PP has
> to be entered each time a new file is opened. That is, no more
> 5min/300sec window of caching. I interpret this to mean that the
> interface between emacs and the gpg-agent is not functioning
> correctly.

It looks to me that your Emacs is now using old GPG 1.4 and not GPG 2.x
version. Emacs has some magic code to choose which one to use but the
logic is unknown to me. There is also variable epg-gpg-program.

GPG 1.4 will connect to agent if ~/.gnupg/gpg.conf file has this line:

    use-agent

GPG 2.x don't need that option because they always connect to the agent.


-- 
/// Teemu Likonen   - .-..   <https://github.com/tlikonen> //
// PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 818 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: emacs interface with gpg-agent stopped working (or stopped caching passphrase)
  2016-09-03 14:52 ` Teemu Likonen
@ 2016-09-03 15:04   ` Teemu Likonen
  2016-09-03 18:50   ` Derk Ire
  2016-09-03 19:24   ` Derk Ire
  2 siblings, 0 replies; 8+ messages in thread
From: Teemu Likonen @ 2016-09-03 15:04 UTC (permalink / raw)
  To: help-gnu-emacs

[-- Attachment #1: Type: text/plain, Size: 540 bytes --]

Teemu Likonen [2016-09-03 17:52:39+03] wrote:

> It looks to me that your Emacs is now using old GPG 1.4 and not GPG
> 2.x version. Emacs has some magic code to choose which one to use but
> the logic is unknown to me. There is also variable epg-gpg-program.

One example of that unknown magic: I have "gpg2" (2.x) in
epg-gpg-program variable but Emacs (Gnus) still uses "gpg" (1.4) to sign
my messages. The signature part reads like this:

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    [...]
    -----END PGP SIGNATURE-----

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 818 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: emacs interface with gpg-agent stopped working (or stopped caching passphrase)
@ 2016-09-03 18:45 Reik Reid
  0 siblings, 0 replies; 8+ messages in thread
From: Reik Reid @ 2016-09-03 18:45 UTC (permalink / raw)
  To: help-gnu-emacs, tlikonen

Teemu,

Setting epg-gpg-program in ~/.emacs fixed the problem

;;in ~/.emacs

(setq epg-gpg-program "gpg2")

I also found that with the program versions listed in OP, I no longer
need to start gpg-agent in my .Xesession (or equivalent), nor do I
need to set any environment variables. Emacs will in fact start
gpg-agent when needed, and it automagically works, with
gnome-ssh-askpass popping up, and remembering the passphrase for a
while.

Thank much for your insight.

(resend, hopefully this time I addressed the mailing list correctly)


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: emacs interface with gpg-agent stopped working (or stopped caching passphrase)
  2016-09-03 14:52 ` Teemu Likonen
  2016-09-03 15:04   ` Teemu Likonen
@ 2016-09-03 18:50   ` Derk Ire
  2016-09-03 19:24   ` Derk Ire
  2 siblings, 0 replies; 8+ messages in thread
From: Derk Ire @ 2016-09-03 18:50 UTC (permalink / raw)
  To: Teemu Likonen; +Cc: help-gnu-emacs

Teemu,

Setting epg-gpg-program in ~/.emacs fixed the problem

;;in ~/.emacs

(setq epg-gpg-program "gpg2")

I also found that with the program versions listed in OP, I no longer
need to start gpg-agent in my .Xesession (or equivalent), nor do I
need to set any environment variables. Emacs will in fact start
gpg-agent when needed, and it automagically works, with
gnome-ssh-askpass popping up, and remembering the passphrase for a
while.

Thank much for your insight.

(3d time trying to post this reply, hope I got it right this time)


On Sat, Sep 3, 2016 at 7:52 AM, Teemu Likonen <tlikonen@iki.fi> wrote:

> derkire@gmail.com [2016-09-02 23:32:11-07] wrote:
>
> > Expected (old) behavior: When opening (find-file) files in emacs,
> > emacs contacts the gpg-agent, and a GUI window is popped to enter the
> > passphrase. This is then enough to decrypt ALL additional .gpg files
> > opened by emacs for the next 5 minutes.
> >
> > Actual (new) behavior: emacs instead asks for passphrase in the
> > minibuffer (not GUI popup!), and the file will decrypt, BUT the PP has
> > to be entered each time a new file is opened. That is, no more
> > 5min/300sec window of caching. I interpret this to mean that the
> > interface between emacs and the gpg-agent is not functioning
> > correctly.
>
> It looks to me that your Emacs is now using old GPG 1.4 and not GPG 2.x
> version. Emacs has some magic code to choose which one to use but the
> logic is unknown to me. There is also variable epg-gpg-program.
>
> GPG 1.4 will connect to agent if ~/.gnupg/gpg.conf file has this line:
>
>     use-agent
>
> GPG 2.x don't need that option because they always connect to the agent.
>
>
> --
> /// Teemu Likonen   - .-..   <https://github.com/tlikonen> //
> // PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///
>


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: emacs interface with gpg-agent stopped working (or stopped caching passphrase)
  2016-09-03 14:52 ` Teemu Likonen
  2016-09-03 15:04   ` Teemu Likonen
  2016-09-03 18:50   ` Derk Ire
@ 2016-09-03 19:24   ` Derk Ire
  2 siblings, 0 replies; 8+ messages in thread
From: Derk Ire @ 2016-09-03 19:24 UTC (permalink / raw)
  To: Teemu Likonen; +Cc: help-gnu-emacs

Teemu,

Setting epg-gpg-program in ~/.emacs fixed the problem

;;in ~/.emacs

(setq epg-gpg-program "gpg2")

I also found that with the program versions listed in OP, I no longer
need to start gpg-agent in my .Xesession (or equivalent), nor do I
need to set any environment variables. Emacs will in fact start
gpg-agent when needed, and it automagically works, with
gnome-ssh-askpass popping up, and remembering the passphrase for a
while.

Thank much for your insight.

(4th attempt, sorry about the repeats)


On Sat, Sep 3, 2016 at 7:52 AM, Teemu Likonen <tlikonen@iki.fi> wrote:

> derkire@gmail.com [2016-09-02 23:32:11-07] wrote:
>
> > Expected (old) behavior: When opening (find-file) files in emacs,
> > emacs contacts the gpg-agent, and a GUI window is popped to enter the
> > passphrase. This is then enough to decrypt ALL additional .gpg files
> > opened by emacs for the next 5 minutes.
> >
> > Actual (new) behavior: emacs instead asks for passphrase in the
> > minibuffer (not GUI popup!), and the file will decrypt, BUT the PP has
> > to be entered each time a new file is opened. That is, no more
> > 5min/300sec window of caching. I interpret this to mean that the
> > interface between emacs and the gpg-agent is not functioning
> > correctly.
>
> It looks to me that your Emacs is now using old GPG 1.4 and not GPG 2.x
> version. Emacs has some magic code to choose which one to use but the
> logic is unknown to me. There is also variable epg-gpg-program.
>
> GPG 1.4 will connect to agent if ~/.gnupg/gpg.conf file has this line:
>
>     use-agent
>
> GPG 2.x don't need that option because they always connect to the agent.
>
>
> --
> /// Teemu Likonen   - .-..   <https://github.com/tlikonen> //
> // PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///
>


^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2016-09-03 19:24 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-09-03 18:45 emacs interface with gpg-agent stopped working (or stopped caching passphrase) Reik Reid
  -- strict thread matches above, loose matches on Subject: below --
2016-09-03  6:32 derkire
2016-09-03  6:40 ` derkire
2016-09-03  7:09   ` Eli Zaretskii
2016-09-03 14:52 ` Teemu Likonen
2016-09-03 15:04   ` Teemu Likonen
2016-09-03 18:50   ` Derk Ire
2016-09-03 19:24   ` Derk Ire

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).