From: Danny Milosavljevic <dannym@scratchpost.org>
To: Attila Lendvai <attila@lendvai.name>
Cc: "guix-devel@gnu.org" <guix-devel@gnu.org>
Subject: Re: trezor-agent: using trezor as gpg key
Date: Fri, 3 Sep 2021 18:35:12 +0200 [thread overview]
Message-ID: <20210903183512.2680d83e@scratchpost.org> (raw)
In-Reply-To: <LG1FKqVJE9Wibs9b_cUrhBqy_1mcAO33xMiZ_CA35rmE1NEZNWo_6xWHm8h9w-4BN8d0DeX3LbMi5XdHb--ZcUwvUR4zKzDzVJ3YEhr8Skw=@lendvai.name>
Hi,
On Fri, 03 Sep 2021 07:55:19 +0000
Attila Lendvai <attila@lendvai.name> wrote:
> i'm failing to configure my gnupg to use Trezor (an USB hw key store).
> $ ls -l /dev/usb/
[...]
> crw-rw---- 1 root plugdev 180, 0 Sep 3 09:25 hiddev0
>
> $ groups
> users plugdev [...]
>
> $ trezor-gpg-agent &
> [1] 11223
>
> $ gpg --sign /tmp/x
> 2021-09-03 09:41:19,129 ERROR Failed to enumerate WebUsbTransport. USBErrorAccess: LIBUSB_ERROR_ACCESS [-3] [__init__.py:126]
> 2021-09-03 09:41:19,132 ERROR handler failed: Trezor not connected [__init__.py:273]
[...]
> libagent.device.interface.NotFoundError: Trezor not connected
> gpg: Warning: not using 'Attila Lendvai <attila@lendvai.name>' as default key: No secret key
> gpg: all values passed to '--default-key' ignored
> gpg: keydb_search failed: Broken pipe
> gpg: no default secret key: Broken pipe
> gpg: signing failed: Broken pipe
>
> how can i see/debug here which file has the wrong permissions? the python backtrace is not very useful without printing the variable values.
You can
strace -f gpg --sign /tmp/x 2>&1 |grep /dev
but I suspect that that won't show anything interesting because it's actually trezor-gpg-agent doing the access.
Maybe
strace -f trezor-gpg-agent 2>&1 |grep /dev
?
In any case, since I did pretty much the same with a Ledger Nano, check the permissions of /dev/hidraw*. After fixing the permissions to the latter file, it works fine as a regular user.
See also https://github.com/LedgerHQ/udev-rules/pull/8 for how to make the change permanent.
Even then, it only works fine once one logs out and back in, and at the time of login have the usb device already be connected. I think that's a bug in our elogind (sigh).
next prev parent reply other threads:[~2021-09-03 16:35 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-03 7:55 trezor-agent: using trezor as gpg key Attila Lendvai
2021-09-03 16:35 ` Danny Milosavljevic [this message]
2021-09-06 10:12 ` Attila Lendvai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210903183512.2680d83e@scratchpost.org \
--to=dannym@scratchpost.org \
--cc=attila@lendvai.name \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).