Closed aabdnn closed 9 years ago
I also forgot to mention that there's another bug. Line 96 reads:
if not v:
However, if the match had failed, v will be undefined, and cause a traceback.
I don't have a mac handy. Can you send the output of running it with -d?
Oh, sorry I misunderstood what you were sayig (or rather jumped to the wrong line). Yup, I'll get a fix up in a second.
should be fixed in the referenced commit on master - can you confirm?
This commit has fixed the version check. However, now pius fails because it's not getting the passphrase from the agent.
$ pius -b /usr/local/bin/gpg -H smtp.ripe.net -m anandb@ripe.net -P 25 -s 0x0CC92A05 -S -d 0x59565a0e Welcome to PIUS, the PGP Individual UID Signer.
Setting debug DEBUG: /usr/local/bin/gpg --version DEBUG: ['/usr/local/bin/gpg', '--keyid-format', 'long', '--no-auto-check-trustdb', '-q', '--no-tty', '--batch', '--no-default-keyring', '--keyring', '/Users/anandb/.gnupg/pubring.gpg', '--fingerprint', '0x59565a0e'] pub 1024D/1EC095E959565A0E 2008-06-27 Key fingerprint = C8A1 E8D5 83CD 6D1D 4C8C 9E37 1EC0 95E9 5956 5A0E uid [ unknown] Kazunori Fujiwara fujiwara@jprs.co.jp uid [ unknown] Kazunori Fujiwara fujiwara@wide.ad.jp sub 2048g/B82282D8402A5C68 2008-06-27
Have you verified this user/key, and if so, what level do you want to sign at? 0-3, Show again, Next, Help, or Quit? [0|1|2|3|s|n|h|q](default: n) 3 Signing all UIDs on key 0x59565a0e DEBUG: ['/usr/local/bin/gpg', '--keyid-format', 'long', '--no-auto-check-trustdb', '-q', '--no-tty', '--batch', '--command-fd', '0', '--passphrase-fd', '0', '--status-fd', '1', '--no-default-keyring', '--keyring', '/Users/anandb/.gnupg/pubring.gpg', '--no-options', '--with-colons', '--edit-key', '0x59565a0e'] DEBUG: Got a line pub:-:1024:17:1EC095E959565A0E:1214549611:0::-:::sc DEBUG: Got a line fpr:::::::::C8A1E8D583CD6D1D4C8C9E371EC095E959565A0E: DEBUG: Got a line sub:-:2048:16:B82282D8402A5C68:1214549611:0:::::e DEBUG: Got a line fpr:::::::::F6785488E497088896783E2BB82282D8402A5C68: DEBUG: Got a line uid:-::::::::Kazunori Fujiwara fujiwara@jprs.co.jp:::S9 S8 S7 S3 S2 H2 H8 H3 Z2 Z3 Z1,mdc,no-ks-modify:1,p: DEBUG: Got UID Kazunori Fujiwara fujiwara@jprs.co.jp with status - DEBUG: got email fujiwara@jprs.co.jp DEBUG: 0x59565a0efujiwara_at_jprs.co.jp0x0CC92A05 isn't in [] DEBUG: Got a line uid:-::::::::Kazunori Fujiwara fujiwara@wide.ad.jp:::S9 S8 S7 S3 S2 H2 H8 H3 Z2 Z3 Z1,mdc,no-ks-modify:2,: DEBUG: Got UID Kazunori Fujiwara fujiwara@wide.ad.jp with status - DEBUG: got email fujiwara@wide.ad.jp DEBUG: 0x59565a0efujiwara_at_wide.ad.jp0x0CC92A05 isn't in ['0x59565a0efujiwara_at_jprs.co.jp0x0CC92A05'] DEBUG: got to command prompt DEBUG: quitting DEBUG: waiting There are 2 UIDs on this key to sign DEBUG: exporting 0x59565a0e DEBUG: ['/usr/local/bin/gpg', '--keyid-format', 'long', '--no-auto-check-trustdb', '-q', '--no-tty', '--batch', '--no-default-keyring', '--keyring', '/Users/anandb/.gnupg/pubring.gpg', '--armor', '--output', '/tmp/pius_tmp/0x59565a0e.asc', '--export', '0x59565a0e', '0x0CC92A05'] UID 1 (fujiwara@jprs.co.jp): DEBUG: ['/usr/local/bin/gpg', '--keyid-format', 'long', '--no-auto-check-trustdb', '-q', '--no-tty', '--batch', '--no-default-keyring', '--keyring', '/tmp/pius_tmp/pius_keyring.gpg', '--import-options', 'import-minimal', '--import', '/tmp/pius_tmp/0x59565a0e.asc'] DEBUG: ['/usr/local/bin/gpg', '--keyid-format', 'long', '--no-auto-check-trustdb', '-q', '--no-tty', '--batch', '--command-fd', '0', '--passphrase-fd', '0', '--status-fd', '1', '--no-default-keyring', '--keyring', '/tmp/pius_tmp/pius_keyring.gpg', '-u', '0x0CC92A05', '--use-agent', '--default-cert-level', '3', '--no-ask-cert-level', '--edit-key', '0x59565a0e'] DEBUG: Waiting for prompt DEBUG: Waiting for line [GNUPG:] GET_LINE keyedit.prompt DEBUG: got line [GNUPG:] GET_LINE keyedit.prompt DEBUG: Selecting UID 1 DEBUG: Waiting for ack DEBUG: Waiting for line [GNUPG:] GOT_IT DEBUG: got line [GNUPG:] GOT_IT DEBUG: Running sign subcommand DEBUG: Waiting for line [GNUPG:] GET_LINE keyedit.prompt DEBUG: got line [GNUPG:] GET_LINE keyedit.prompt DEBUG: Sending sign command DEBUG: Waiting for line [GNUPG:] GOT_IT DEBUG: got line [GNUPG:] GOT_IT DEBUG: Waiting for response DEBUG: Got [GNUPG:] GET_BOOL sign_uid.okay
DEBUG: Confirming signing DEBUG: Waiting for line [GNUPG:] GOT_IT DEBUG: got line [GNUPG:] GOT_IT DEBUG: Got [GNUPG:] USERID_HINT 15E0A3250CC92A05 Anand Buddhdev anandb@ripe.net
DEBUG: Got [GNUPG:] NEED_PASSPHRASE 15E0A3250CC92A05 15E0A3250CC92A05 1 0
DEBUG: Got [GNUPG:] MISSING_PASSPHRASE
DEBUG: Got [GNUPG:] BAD_PASSPHRASE 15E0A3250CC92A05
DEBUG: Got [GNUPG:] GET_LINE keyedit.prompt
ERROR: Agent didn't provide passphrase to PGP.
gpg-agent problems, bailing out!
You're specifically getting BAD_PASSPHRASE
from your agent. This either means you gave it the wrong passphrase, or it was unable to pop up the pinentry program. That usually happens because (1) you're using a graphical pinentry but you're inside something like screen where it can't launch it or (20 you're using a graphical pinentry program but over SSH without x-forwarding.
There's a few things you can try here:
~/.gnupg/gpg-agent.conf
and set pinentry-program
to /usr/bin/pinentry-tty
or /usr/bin/pinentry-curses
(make sure you've installed the appropriate one)... /usr/local/bin/gpg --keyid-format long --no-auto-check-trustdb -q --no-tty --batch --command-fd 0 --passphrase-fd 0 --status-fd 1 --no-default-keyring --keyring /tmp/pius_tmp/pius_keyring.gpg -u 0x0CC92A05 --use-agent --default-cert-level 3 --no-ask-cert-level --edit-key 0x59565a0e
Doing so requires a bit of finagling. Once you run it you'll get nothing, you need to hit enter in order to kick it into doing something. You'll get some stuff then type 1
and hit enter to select the first UID, it'll do some stuff then type sign
and hit enter, it'll do some stuff, then type y
and hit enter to confirm, and see what happens!
[side note, I just pushed a change to master that changes debug printing of commands to not print them as arrays so that they are copy-paste-friendly.]
For MacGPG pinentry-tty and pingentry-curses are not available. However, there is a pinentry-mac found at /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac
. It looks like that is setup in ~/.gpg-agent.conf by default:
» cat ~/.gnupg/gpg-agent.conf «
pinentry-program /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac
default-cache-ttl 600
max-cache-ttl 7200
» /usr/local/bin/gpg -vvvvvv --keyid-format long --no-auto-check-trustdb -q --no-tty --batch --command-fd 0 --passphrase-fd 0 --status-fd 1 --no-default-keyring --keyring /Users/bhartvigsen/.pius/tmp/pius_keyring.gpg -u brian.andrew@brianandjenny.com --use-agent --default-cert-level 3 --no-ask-cert-level --edit-key 996FD4B9125D0CEBE3261E1C15E0A3250CC92A05
gpg: using character set `utf-8'
gpg: using PGP trust model
gpg: key 76D78F0500D026C4: accepted as trusted key
gpg: key 4A00DB3D202D5E3C: accepted as trusted key
gpg: key 31AF19C8AE9DEA38: accepted as trusted key
gpg: key F76E1922115C96D6: accepted as trusted key
[GNUPG:] GET_LINE keyedit.prompt
1
[GNUPG:] GOT_IT
[GNUPG:] GET_LINE keyedit.prompt
sign
[GNUPG:] GOT_IT
gpg: NOTE: signature key 471FDACFF982D4B0 has been revoked
[GNUPG:] GET_BOOL sign_uid.okay
y
[GNUPG:] GOT_IT
[GNUPG:] USERID_HINT 4A00DB3D202D5E3C Brian Hartvigsen <brian.andrew@brianandjenny.com>
[GNUPG:] NEED_PASSPHRASE 4A00DB3D202D5E3C 4A00DB3D202D5E3C 1 0
[GNUPG:] MISSING_PASSPHRASE
gpg: NOTE: signature key 471FDACFF982D4B0 has been revoked
[GNUPG:] BAD_PASSPHRASE 4A00DB3D202D5E3C
gpg: signing failed: Bad passphrase
[GNUPG:] GET_LINE keyedit.prompt
Running pinentry-mac via CLI seems to work fine:
» /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac --help «
pinentry-mac (pinentry) 0.9.4
Copyright (C) 2015 g10 Code GmbH
License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Usage: pinentry-mac [options] (-h for help)
Ask securely for a secret and print it to stdout.
Options:
-d, --debug Turn on debugging output
-D, --display DISPLAY Set the X display
-T, --ttyname FILE Set the tty terminal node name
-N, --ttytype NAME Set the tty terminal type
-C, --lc-ctype STRING Set the tty LC_CTYPE value
-M, --lc-messages STRING Set the tty LC_MESSAGES value
-o, --timeout SECS Timeout waiting for input after this many seconds
-g, --no-global-grab Grab keyboard only while window is focused
-W, --parent-wid Parent window ID (for positioning)
-c, --colors STRING Set custom colors for ncurses
Please report bugs to <http://bugs.gnupg.org>.
» /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac -d «
OK Your orders please
^C
Funny enough, I'm trying to sign @aabdnn 's key :)
I believe I found the issue. For GPGTools passing --passphrase-fd 0
stops pinentry-mac from launching. I found nothing in console log to explain this, but seems to be the case. Simply removing that option allowed it to work. I'll see if I can get you a patch that detect gpgtools and adjusts the parameters appropriately :)
Turns out that --passphrase-fd 0
seemed to kill pinentry on Debian and OSX for me when using gpg2. My PR checks for gpg2 and doesn't use that and now pius works beautifully for me :)
I have MacGPG installed on my Mac. This is a binary package that identifies itself as:
$ gpg --version gpg (GnuPG/MacGPG2) 2.0.28
This does not match the regex in line 92 of signer.py.
Any chance you could patch pius to support MacGPG (or change the regex to be more lenient)?