From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id mKgFCuFOMmFyZwEAgWs5BA (envelope-from ) for ; Fri, 03 Sep 2021 18:35:45 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id WF3RBeFOMmH4GwAAB5/wlQ (envelope-from ) for ; Fri, 03 Sep 2021 16:35:45 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id BEE244BEE for ; Fri, 3 Sep 2021 18:35:44 +0200 (CEST) Received: from localhost ([::1]:45986 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mMCAJ-0003bn-OZ for larch@yhetil.org; Fri, 03 Sep 2021 12:35:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39480) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mMCA3-0003bb-2h for guix-devel@gnu.org; Fri, 03 Sep 2021 12:35:28 -0400 Received: from dd30410.kasserver.com ([85.13.145.193]:60162) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mMCA0-0008Ig-NA for guix-devel@gnu.org; Fri, 03 Sep 2021 12:35:26 -0400 Received: from localhost (84-115-234-145.cable.dynamic.surfer.at [84.115.234.145]) by dd30410.kasserver.com (Postfix) with ESMTPSA id 02B532180175; Fri, 3 Sep 2021 18:35:13 +0200 (CEST) Date: Fri, 3 Sep 2021 18:35:12 +0200 From: Danny Milosavljevic To: Attila Lendvai Subject: Re: trezor-agent: using trezor as gpg key Message-ID: <20210903183512.2680d83e@scratchpost.org> In-Reply-To: References: X-Mailer: Claws Mail 4.0.0 (GTK+ 3.24.24; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Received-SPF: none client-ip=85.13.145.193; envelope-from=dannym@scratchpost.org; helo=dd30410.kasserver.com X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "guix-devel@gnu.org" Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1630686944; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=CWtuERRTmTiqSUjzrk0Z63kvmZqS3EBzVuIJG1JYAV4=; b=oQDRjJu/9lRzw45tLbhkNXzLNucGmp4kbP8LA3X91ecoboCqab/M+/2eYFq7VbSz0rxEaR u+Tre+cf1xRF48bWfY3I5ZZXZ3tUMQDmU4mj6FWgeJQZyrtgJ7RtO0W3gOiNu9SB7H8Z8r tiw1ORhK9zl++GJqxfvu9fRgfRF8mb+g+2kS7JYwZg8jiNGUO5QDMX5g5One8lRDABDJEl KDA/ifcNQKp3jvRNXbo8dyRCw0Y96klifXT8epGpFsNxFKFxGtBXPKDiseq+IVg4QbXw23 M8wGREYHQ+uX1+rIMpn9p0J5OQYikCovp6ENqH9wByBG33qgKvSMrIX+mWwH/A== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1630686944; a=rsa-sha256; cv=none; b=M8Uk13NEVrYpQcvfTVwpLEVPWPiqeSXa0EH1axjpZTUm65K9Ikuxk2PHs4Z0c4xfz/YfHH 2uqB9w8DIB3n8n7HB1dDgHhLn/n5EleDXbSI4zklu7YDbSX/n8fI9kEcRRQFBh4/NDzkAk R1hnXmEAhmlp4Ssrxh5N5KGlKEoBMf/a7HFcxGFhael6MrzbufGgFok2zqbQTnAQCVlB+L n1wKQ4jAAfpTUJQERQ92PYQmOBdMVS1xuY0Htye5mDPavmmqwA7alliPteSDKTylCnHzPP CmcQcQtUQhusW/cbcUxsek1EdMYQanqbYegNPV+JnqxAhzmYJHd4jMQn3zTIwA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -2.42 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: BEE244BEE X-Spam-Score: -2.42 X-Migadu-Scanner: scn1.migadu.com X-TUID: vGXFmnyjnUsJ Hi, On Fri, 03 Sep 2021 07:55:19 +0000 Attila Lendvai wrote: > i'm failing to configure my gnupg to use Trezor (an USB hw key store). > $ ls -l /dev/usb/ [...] > crw-rw---- 1 root plugdev 180, 0 Sep 3 09:25 hiddev0 > > $ groups > users plugdev [...] > > $ trezor-gpg-agent & > [1] 11223 > > $ gpg --sign /tmp/x > 2021-09-03 09:41:19,129 ERROR Failed to enumerate WebUsbTransport. USBErrorAccess: LIBUSB_ERROR_ACCESS [-3] [__init__.py:126] > 2021-09-03 09:41:19,132 ERROR handler failed: Trezor not connected [__init__.py:273] [...] > libagent.device.interface.NotFoundError: Trezor not connected > gpg: Warning: not using 'Attila Lendvai ' as default key: No secret key > gpg: all values passed to '--default-key' ignored > gpg: keydb_search failed: Broken pipe > gpg: no default secret key: Broken pipe > gpg: signing failed: Broken pipe > > how can i see/debug here which file has the wrong permissions? the python backtrace is not very useful without printing the variable values. You can strace -f gpg --sign /tmp/x 2>&1 |grep /dev but I suspect that that won't show anything interesting because it's actually trezor-gpg-agent doing the access. Maybe strace -f trezor-gpg-agent 2>&1 |grep /dev ? In any case, since I did pretty much the same with a Ledger Nano, check the permissions of /dev/hidraw*. After fixing the permissions to the latter file, it works fine as a regular user. See also https://github.com/LedgerHQ/udev-rules/pull/8 for how to make the change permanent. Even then, it only works fine once one logs out and back in, and at the time of login have the usb device already be connected. I think that's a bug in our elogind (sigh).