Closed wassp-ds closed 2 weeks ago
Commitment
I confirm that I have read the following resources:
Question
After going through the
state
path of installing the formulas forsys-pgp
, I went through the setup guide from here. Everything was fine until the below happened.
That upstream link is wrong, it should be the QubesOS
repo instead of mine, will fix.
On
dev-companyA
:% gpg -vvv -K gpg: using character set 'utf-8' gpg: using pgp trust model gpg: key 55CCE0FCC9033EEA: accepted as trusted key gpg: key 2D4ADD0F4B0E5019: accepted as trusted key gpg: no running gpg-agent - starting '/usr/share/split-gpg2/gpg-agent-placeholder' gpg: waiting for the agent to come up ... (5s) gpg: waiting for the agent to come up ... (4s) gpg: waiting for the agent to come up ... (3s) gpg: waiting for the agent to come up ... (2s) gpg: waiting for the agent to come up ... (1s) gpg: can't connect to the agent: End of file gpg: no running gpg-agent - starting '/usr/share/split-gpg2/gpg-agent-placeholder' gpg: waiting for the agent to come up ... (5s) gpg: waiting for the agent to come up ... (4s) gpg: waiting for the agent to come up ... (3s) gpg: waiting for the agent to come up ... (2s) gpg: waiting for the agent to come up ... (1s) gpg: can't connect to the agent: End of file
On dev-companyA
:
systemctl --user status split-gpg2-client
Verified the
journalctl /usr/bin/qrexec-policy | grep -i gpg
:qubes.Gpg: dev -> sys-pgp: denied: no matching rule found
Nothing on
qubes.Gpg2
.
qubes.Gpg
is the wrong service, it should be qubes.Gpg2
. Why it is calling the wrong service I don't know yet.
Run:
alias gpg # show if gpg is aliased
\gpg -vvv -K # run gpg without functions or aliases, so from PATH
Also noticed: On
dev-companyA
:% gpg --version gpg (GnuPG) 2.2.40
On sys-pgp:
$ gpg --version gpg (GnuPG) 2.4.4
Policy on
dom0
:qubes.Gpg2 + dev-companyA @default allow target=sys-pgp qubes.Gpg2 * @anyvm @default ask target=sys-pgp default_target=sys-pgp qubes.Gpg2 * @anyvm @anyvm `deny`
The rest seems fine.
qubes.Gpg is the wrong service, it should be qubes.Gpg2. Why it is calling the wrong service I don't know yet.
I also don't have a default dev
qube and I have not touched anything Gpg
related. Only the upstream docs.
Run:
alias gpg # show if gpg is aliased \gpg -vvv -K # run gpg without functions or aliases, so from PATH
gpg
is not aliased, which
points to /usr/bin/gpg
\gpg -vvv -K
<- same errors as above
https://github.com/ben-grande/qusal/issues/64#issuecomment-2181027969
On dev-companyA:
systemctl --user status split-gpg2-client
On dev-companyA:
systemctl --user status split-gpg2-client
active and running:
● split-gpg2-client.service - split-gpg2 client
Loaded: loaded (/usr/lib/systemd/user/split-gpg2-client.service; enabled; preset: enabled)
Active: active (running) since Thu 2024-06-20 16:24:20 UTC; 4min 19s ago
Main PID: 700 (socat)
Tasks: 1 (limit: 385)
Memory: 3.1M
CPU: 9ms
CGroup: /user.slice/user-1000.slice/user@1000.service/app.slice/split-gpg2-client.service
└─700 socat "unix-listen:'/run/user/1000/gnupg/S.gpg-agent',fork,unlink-early" "e…
Please follow this guide https://github.com/ben-grande/qusal/blob/main/docs/TROUBLESHOOTING.md#qrexec-client-shows-request-refused
On Thu, Jun 20, 2024, 6:28 PM wassp-ds @.***> wrote:
64 (comment)
https://github.com/ben-grande/qusal/issues/64#issuecomment-2181027969
On dev-companyA:
systemctl --user status split-gpg2-client
active and running
— Reply to this email directly, view it on GitHub https://github.com/ben-grande/qusal/issues/64#issuecomment-2181096588, or unsubscribe https://github.com/notifications/unsubscribe-auth/BCE2O4IMVZEECABBJEVEMUTZIL7LHAVCNFSM6AAAAABJUFXVAWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCOBRGA4TMNJYHA . You are receiving this because you commented.Message ID: @.***>
Everything seems fine, except:
on dev-companyA
:
% qrexec-client-vm @default qubes.Gpg2
Error in a config file, aborting
Thanks for the debugging info. Issue has been fixed. Pull qusal
again and apply the sys-pgp.configure
state to sys-pgp
.
Commitment
I confirm that I have read the following resources:
Question
After going through the
state
path of installing the formulas forsys-pgp
, I went through the setup guide from here. Everything was fine until the below happened.On
dev-companyA
:Verified the
dom0
forqvm-service
on thedev-companyA
qube:Verified the
journalctl /usr/bin/qrexec-policy | grep -i gpg
:Nothing on
qubes.Gpg2
.Also noticed: On
dev-companyA
:On sys-pgp:
Policy on
dom0
:What did I miss this time?