Identical Setups, One works and one doesn't

[BlakePerkins]

I know that this is a very vague issue, but I figured I'd get this out here and see if anyone can help me out.

I recently bought a new laptop and installed an identical operating system as my old one (Artix Linux - openrc). The previous system has been running pam-gnupg without any issues for the past couple of years, so I figured I could steal all the files from pam.d/ on that computer and move it to the new one. After that, I generated a gpg key and setup the new machine exactly as I did the old one. However, I am still being asked for my password after login.

I have since tried following the default README instructions (before I changed the location of .gnupg/) and following advice on the Artix forums (https://forum.artixlinux.org/index.php/topic,2446.0.html) without any success. (all done with original pam.d/ and new gpg keys)

If anybody can provide steps that allow me to get pam-gnupg functional again, I'll venmo you $20 because I cannot figure this out.

[cruegge]

Can you add the debug option to the relevant lines in pam.d/ and check whether anything ends up in your syslog?

[BlakePerkins]

I have added the following three lines to /etc/pam.d/login, but I am still not seeing a debug.log in /var/log

auth optional pam_gnupg.so store-only debug session optional pam_env.so user_readenv=1 debug session optional pam_gnupg.so debug

Where am I going wrong?

[cruegge]

Maybe it ends up in the standard log file (something like syslog.log)? That depends on Artix' syslog setup, which I don't know about. Try grepping for pam_gnupg in /var/log.

[BlakePerkins]

I see the following output in /var/log/auth.log

Sep 26 23:01:59 may login[1974]: pam_gnupg(login:setcred): store-only set, skipping Sep 26 23:03:29 may login[1962]: pam_gnupg(login:auth): stored passphrase Sep 26 23:03:29 may login[1962]: pam_gnupg(login:setcred): store-only set, skipping Sep 26 23:03:29 may login[1962]: pam_gnupg(login:session): presetting passphrase succeeded, cleaning up Sep 26 23:03:29 may login[1962]: pam_gnupg(login:setcred): store-only set, skipping Sep 28 20:11:23 may login[1962]: pam_gnupg(login:setcred): store-only set, skipping Sep 28 20:11:48 may login[1981]: pam_gnupg(login:session): presetting passphrase succeeded, cleaning up Sep 28 20:14:42 may login[1975]: pam_gnupg(login:auth): stored passphrase Sep 28 20:14:42 may login[1975]: pam_gnupg(login:setcred): store-only set, skipping Sep 28 20:14:42 may login[1975]: pam_gnupg(login:session): presetting passphrase succeeded, cleaning up Sep 28 20:14:42 may login[1975]: pam_gnupg(login:setcred): store-only set, skipping Sep 29 15:35:57 may login[1975]: pam_gnupg(login:setcred): store-only set, skipping Sep 29 15:36:01 may login[14506]: pam_gnupg(login:auth): stored passphrase Sep 29 15:36:01 may login[14506]: pam_gnupg(login:setcred): store-only set, skipping Sep 29 15:36:01 may login[14506]: pam_gnupg(login:session): presetting passphrase succeeded, cleaning up Sep 29 15:36:01 may login[14506]: pam_gnupg(login:setcred): store-only set, skipping

[cruegge]

This looks okay so far, but debug logging is not very detailed unfortunately. In particular, it doesn't indicate whether a config file or any keygrips are found; not having a config at all is not an error. Are you sure your config file is in the right place? Do you modify XDG_CONFG_HOME or GNUPGHOME in pam_env? Also, do you use other password tools like Gnome Keyring?

[BlakePerkins]

I modify both in ~/.pam_environment.

~/.pam_environment:

GNUPGHOME DEFAULT=@{HOME}/.local/share/gnupg XDG_CONFIG_HOME DEFAULT=@{HOME}/.config

My gpg-agent.conf is inside ~/.local/share/gnupg

I have gnome-keyring installed, but I have never messed around with it.

[cruegge]

Just to be sure: is the apostrophe (') at the end of XDG_CONFIG_HOME is a typo here, or is that actually part of the file?

[BlakePerkins]

Typo

[cruegge]

Ok, was worth a shot :) Next guess: there are some known issues with gpg-agent and gnome keyring. Can you check that GPG_AGENT_INFO is unset? In general, gpg does not require any env variables except for GNUPGHOME, so can you check whether env | grep GPG or env | grep GNUPG return anything unusual?

[kronikpillow]

Ahh, I see you found the thread where i was bullied in to quitting Artix Linux :D never installed that distro after that thread again ...