search

jaymzh / pius

PGP Individual User Signer
Other
98 stars 25 forks source link

[Manjaro] Pius errors #131

Open alexandre1985 opened 5 years ago

alexandre1985 commented 5 years ago

When running pius -s "...." "...." I get this error:

Welcome to PIUS, the PGP Individual UID Signer.

Traceback (most recent call last):
  File "/usr/bin/pius", line 333, in <module>
    main()
  File "/usr/bin/pius", line 265, in main
    options.mail_host
  File "/usr/lib/python3.7/site-packages/libpius/signer.py", line 89, in __init__
    self.gpg2 = self._is_gpg2()
  File "/usr/lib/python3.7/site-packages/libpius/signer.py", line 121, in _is_gpg2
    m = re.match(r'^gpg \(GnuPG.*\) ([0-9\.]+)$', line)
  File "/usr/lib/python3.7/re.py", line 173, in match
    return _compile(pattern, flags).match(string)
TypeError: cannot use a string pattern on a bytes-like object

and if I change /usr/bin/pius shebang to #!/usr/bin/python2 I get this error:

Traceback (most recent call last):
  File "/usr/bin/pius", line 29, in <module>
    from libpius import mailer as pmailer
ImportError: No module named libpius

I need this fixed. Thank you

lechner commented 5 years ago

Are you using Debian?

alexandre1985 commented 5 years ago

I'm using Manjaro Linux Deepin x64. I installed pius through Manjaro's repository

jaymzh commented 5 years ago

Sounds like Manjaro installed it as a py3 app instead of a py2 app, incorrectly. py3 support is experimental at best.

Your best get is just to pull down a git clone of the repo here, and then cd into the directory and do:

python2 pius

And run it directly from the source tree. Feel free to file a bug upstream againt Manjaro to repackage it properly as well.

We're working on PIUS 3.0 which will by full (and only) python 3.

alexandre1985 commented 5 years ago

I have download and build it from source. I have cd into pius-2.2.7 directory, run: python2 ./pius -s "B13A XXXX XXXX XXXX" "1D51 XXXX XXXX XXXX" and I get this error:

pius: error: Keyring /home/me/.gnupg/pubring.gpg doesn't exist
lechner commented 5 years ago

Maybe run gpg one time to create the key ring?

alexandre1985 commented 5 years ago

I have already have a gpg keyring. On ~/.gnupg/ there are (among others) pubring.kbx and trustdb.gpg files. My gpg version is: 2.2.16

jaymzh commented 5 years ago

Ah yeah, it assumes the ring is in pubring, not keybox format. It should be smarter about that.

In the meantime, use -r to point it to your keyring.

alexandre1985 commented 5 years ago

so it I should use -r ~/.gnupg?

jaymzh commented 5 years ago

no, -r ~/.gnupg/pubring.kbx

alexandre1985 commented 5 years ago

;) :+1:

alexandre1985 commented 5 years ago

I'm have my secret key on a yubikey. When running python2 ./pius -r ~/.gnupg/pubring.kbx -s "XXXX..." "XXXXX...." I get this:

...
Have you verified this user/key, and if so, what level do you want to sign at?
  0-3, Show again, Next, Help, or Quit? [0|1|2|3|s|n|h|q] (default: n) 0

Signing all UIDs on key XXXX.....
  There are 3 UIDs on this key to sign
  UID 1 (user@email.com):   ERROR: Agent reported an error.

gpg-agent problems, bailing out!
jaymzh commented 5 years ago

You're using py3 again, please use py2.

alexandre1985 commented 5 years ago

Well, I'm not. I have tried running both:

python2 ./pius -r ~/.gnupg/pubring.kbx -s "XXX...." "XXXX......"

and

python2 pius -r ~/.gnupg/pubring.kbx -s "XXX...." "XXXX......"

and I still get the error above

jaymzh commented 5 years ago

Oh sorry I read the wrong error. Can you run it in debug mode? Do you have an agent running?

alexandre1985 commented 5 years ago

I have my pgp on a yubikey. Can you give the commands for me to give you the output?

Enviado através do ProtonMail móvel

-------- Mensagem Original -------- Ligado 20/06/2019, 00:15, Phil Dibowitz escreveu:

Oh sorry I read the wrong error. Can you run it in debug mode? Do you have an agent running?

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub, or mute the thread.

jaymzh commented 5 years ago

just run it again with -d to get debug output.

I've never tried it with the key on a yubikey, not sure how well it'll work as it expects the agent to be able to load the key. My suspicion is that the agent says something we don't know about yet that is supposed to tell us to tell you to touch your yubikey. Debug output should help.

muelli commented 5 years ago

you can reproduce the setup with the Debian Subkeys approach: https://wiki.debian.org/Subkeys

We're "handling" this case in GNOME Keysign by ignoring it: https://gitlab.gnome.org/GNOME/gnome-keysign/issues/15

alexandre1985 commented 5 years ago

python2 ./pius -r ~/.gnupg/pubring.kbx -s "A6XXXXXXXXXXXXXX" "1DXXXXXXXXXXXXXX"

Have you verified this user/key, and if so, what level do you want to sign at?
  0-3, Show again, Next, Help, or Quit? [0|1|2|3|s|n|h|q] (default: n) 0

Signing all UIDs on key 1DXXXXXXXXXXXXXX
DEBUG: Running: /usr/bin/gpg2 --keyid-format long --no-auto-check-trustdb -q --no-tty --batch --command-fd 0 --status-fd 1 --no-default-keyring --keyring /home/me/.gnupg/pubring.kbx --no-options --with-colons --edit-key 1DXXXXXXXXXXXXXX
DEBUG: Got a line [GNUPG:] KEY_CONSIDERED 50XXXXXXXXXXXXXXXXXXXXXX1DXXXXXXXXXXXXXX 0
DEBUG: Got a line pub:-:2048:1:1DXXXXXXXXXXXXXX:1400136652:1589538568::-:::sc
DEBUG: Got a line fpr:::::::::50XXXXXXXXXXXXXXXXXXXXXX1DXXXXXXXXXXXXXX:
DEBUG: Got a line sub:e:2048:1:8B76DAA995D0E6DC:1400136652:1526367052:::::e
DEBUG: Got a line fpr:::::::::F92881A08855A95FDF474F458B76DAA995D0E6DC:
DEBUG: Got a line uid:-::::::::Other Guy <other1@email.tld>:::S9 S8 S7 S3 H10 H9 H8 H11 Z2 Z3 Z1 Z0,mdc,no-ks-modify:1,p::
DEBUG: Got UID Other Guy <other1@email.tld> with status -
DEBUG: got email other1@email.tld
DEBUG: 1DXXXXXXXXXXXXXX__post_at_email.tld__A6XXXXXXXXXXXXXX isn't in []
DEBUG: Got a line uid:-::::::::Other Guy <other2@email.tld>:::S9 S8 S7 S3 H10 H9 H8 H11 Z2 Z3 Z1 Z0,mdc,no-ks-modify:2,::
DEBUG: Got UID Other Guy <other2@email.tld> with status -
DEBUG: got email other2@email.tld
DEBUG: 1DXXXXXXXXXXXXXX__bjorn_at_email.tld__A6XXXXXXXXXXXXXX isn't in ['1DXXXXXXXXXXXXXX__post_at_email.tld__A6XXXXXXXXXXXXXX']
DEBUG: Got a line uid:-::::::::Other Guy <other3@email.tld>:::S9 S8 S7 S3 H10 H9 H8 H11 Z2 Z3 Z1 Z0,mdc,no-ks-modify:3,::
DEBUG: Got UID Other Guy <other3@email.tld> with status -
DEBUG: got email other3@email.tld
DEBUG: 1DXXXXXXXXXXXXXX__bjorn_at_email.tld__A6XXXXXXXXXXXXXX isn't in ['1DXXXXXXXXXXXXXX__post_at_email.tld__A6XXXXXXXXXXXXXX', '1DXXXXXXXXXXXXXX__bjorn_at_email.tld__A6XXXXXXXXXXXXXX']
DEBUG: Got a line uat:-::::::::1 9828:::S9 S8 S7 S3 H10 H9 H8 H11 Z2 Z3 Z1 Z0,mdc,no-ks-modify:4,::
DEBUG: got to command prompt
DEBUG: quitting
DEBUG: waiting
  There are 3 UIDs on this key to sign
DEBUG: exporting A6XXXXXXXXXXXXXX
DEBUG: Running: /usr/bin/gpg2 --keyid-format long --no-auto-check-trustdb -q --no-tty --batch --no-default-keyring --keyring /home/me/.gnupg/pubring.kbx --armor --output /tmp/pius-tmp/A6XXXXXXXXXXXXXX.asc --export A6XXXXXXXXXXXXXX
DEBUG: exporting 1DXXXXXXXXXXXXXX
DEBUG: Running: /usr/bin/gpg2 --keyid-format long --no-auto-check-trustdb -q --no-tty --batch --no-default-keyring --keyring /home/me/.gnupg/pubring.kbx --armor --output /tmp/pius-tmp/1DXXXXXXXXXXXXXX.asc --export 1DXXXXXXXXXXXXXX
  UID 1 (other1@email.tld): DEBUG: importing A6XXXXXXXXXXXXXX
DEBUG: Running: /usr/bin/gpg2 --keyid-format long --no-auto-check-trustdb -q --no-tty --batch --no-default-keyring --keyring /tmp/pius-tmp/pius_keyring.gpg --import-options import-minimal,keep-ownertrust --import /tmp/pius-tmp/A6XXXXXXXXXXXXXX.asc
DEBUG: importing 1DXXXXXXXXXXXXXX
DEBUG: Running: /usr/bin/gpg2 --keyid-format long --no-auto-check-trustdb -q --no-tty --batch --no-default-keyring --keyring /tmp/pius-tmp/pius_keyring.gpg --import-options import-minimal --import /tmp/pius-tmp/1DXXXXXXXXXXXXXX.asc
DEBUG: Running: /usr/bin/gpg2 --keyid-format long --no-auto-check-trustdb -q --no-tty --batch --command-fd 0 --status-fd 1 --no-default-keyring --keyring /tmp/pius-tmp/pius_keyring.gpg -u A6XXXXXXXXXXXXXX --use-agent --default-cert-level 0 --no-ask-cert-level --edit-key 1DXXXXXXXXXXXXXX
DEBUG: Waiting for prompt
DEBUG: Waiting for line [GNUPG:] GET_LINE keyedit.prompt
DEBUG: got line [GNUPG:] KEY_CONSIDERED 50XXXXXXXXXXXXXXXXXXXXXX1DXXXXXXXXXXXXXX 0
DEBUG: Waiting for line [GNUPG:] GET_LINE keyedit.prompt
DEBUG: got line [GNUPG:] GET_LINE keyedit.prompt
DEBUG: Selecting UID 1
DEBUG: Waiting for ack
DEBUG: Waiting for line [GNUPG:] GOT_IT
DEBUG: got line [GNUPG:] GOT_IT
DEBUG: Running sign subcommand
DEBUG: Waiting for line [GNUPG:] GET_LINE keyedit.prompt
DEBUG: got line [GNUPG:] GET_LINE keyedit.prompt
DEBUG: Sending sign command
DEBUG: Waiting for line [GNUPG:] GOT_IT
DEBUG: got line [GNUPG:] GOT_IT
DEBUG: Waiting for response
DEBUG: Got [GNUPG:] KEY_CONSIDERED B8XXXXXXXXXXXXXXXXXXXXXXA6XXXXXXXXXXXXXX 0

DEBUG: Got KEY_CONSIDERED
DEBUG: Waiting for response
DEBUG: Got [GNUPG:] GET_BOOL sign_uid.okay

DEBUG: Confirming signing
DEBUG: Waiting for line [GNUPG:] GOT_IT
DEBUG: got line [GNUPG:] GOT_IT
DEBUG: Got [GNUPG:] ERROR keysig 67108881

  ERROR: Agent reported an error.

gpg-agent problems, bailing out!

My yubikey needs a touch for encryption and signing. It did not ask for such touch (running this command).

jaymzh commented 1 year ago

Sorry I never responded to this. My guess is we'll have to do some extra work to support interaction-required key-storage. I would have thought that the agent would sorta handle that, but I guess not.

That said, with the DDOS's on the keyservers, and the significant disagreement between the gpg client developer and the new DDOS-resistant keyservers that have made using them near-impossible, I stopped using gpg to sign my email, and stopped running KSPs a few years back, and as such, haven't been very focused on PIUS. So changes of me addressing this soon are pretty low. I will, of course, be happy to help others who are interested in working on it, and I will review PRs in a timely fashion.