search

palantir / gpg-tap-notifier-macos

Show a macOS notification when GPG is waiting for you to tap/touch a security device (e.g. YubiKey).
Apache License 2.0
18 stars 4 forks source link

not receiving notifications #24

Open cruzdanilo opened 1 year ago

cruzdanilo commented 1 year ago

the whole flow is working, but i'm not receiving any notification. i tried both notification and alert-hud modes, and both work with the "test notification" button. but when the yubikey blinks, requesting the touch, i don't receive any notification.

Screenshot 2023-01-03 at 19 56 16 
# ~/.gnupg/gpg-agent.conf

pinentry-program /opt/homebrew/bin/pinentry-mac
log-file $HOME/.gnupg/gpg-agent.log
enable-ssh-support
debug-level basic
ttyname $GPG_TTY
# --- Start of GPG Tap Notifier Modifications ---
# The lines in this section were automatically added by GPG Tap Notifier.app.
# Any manual edits in this section may be reset. This section can be safely
# deleted if you wish to uninstall the GPG Tap Notifier app.
scdaemon-program /Applications/GPG Tap Notifier.app/Contents/Library/GPG Tap Notifier Agent.app/Contents/MacOS/GPG Tap Notifier Agent
# --- End of GPG Tap Notifier Modifications ---
matthias-henseler commented 1 year ago

Hi there,

I have the exact same issue with an identical configuration (gpg paths and gpg-agent.conf) as shown in your screenshot and config file!

gluxon commented 1 year ago

Hi @cruzdanilo @matthias-henseler, I apologize for missing this for so long. I just realized I was only watching mentions and not all repository activity. That should now be fixed.

This does sound unexpected and I'd definitely appreciate help troubleshooting this. Is the GPG Tap Notifier Agent running in the background when running gpg --clearsign? I'm curious if the agent is running but not producing notifications, or if it's not running at all.

hongkongkiwi commented 1 year ago

Same issue here, when using gpg --clearsign the binary is running.

46193 ??         0:00.57 /Applications/GPG Tap Notifier.app/Contents/MacOS/GPG Tap Notifier
46216 ??         0:00.07 GPG Tap Notifier Agent --multi-server
gluxon commented 1 year ago

Thanks for checking that @hongkongkiwi. The agent should output errors to the macOS Console. I would be curious if anything sticks out after opening Console.app and filtering for the GPG Tap Notifier Agent process.

Screenshot 2023-07-05 at 12 48 40 AM

You may see an error log related to kCFPreferenesAnyUser. That should be okay. It seems be a spurious warning that always appears: https://stackoverflow.com/a/39923879/1626491

gluxon commented 1 year ago

The agent process is supposed to show a GUI alert if it starts with an error. In case there's something wrong with that mechanism, the stdout/stderr of the agent might also help.

It's possible to view stderr by starting the agent directly in the terminal.

❯ /Applications/GPG\ Tap\ Notifier.app/Contents/Library/GPG\ Tap\ Notifier\ Agent.app/Contents/MacOS/GPG\ Tap\ Notifier\ Agent --multi-server
OK GNU Privacy Guard's Smartcard server ready
Screenshot 2023-07-05 at 12 57 24 AM

Thanks for anyone helping narrow this down. It does look like there's a real problem since 3 folks have seen the same thing.

hongkongkiwi commented 1 year ago

I don't actually get any output running it manually :/ it doesn't show anything except:

OK GNU Privacy Guard's Smartcard server ready

As far as the logs: https://pastebin.mozilla.org/XTRivegF

gluxon commented 1 year ago

Thanks. The manual output and the logs look expected. Don't see anything off there.

I recognize this next part might be involved to set up, but would narrow down the problem significantly. One of the manual testing workflows I conduct involves hooking up the agent to netcat.

I usually configure the agent to proxy through /usr/bin/nc.

Screenshot 2023-07-05 at 1 21 03 AM

And then start a server with:

❯ nc -l localhost 8000

On the other side, the agent basically acts as a netcat client.

❯ /Applications/GPG\ Tap\ Notifier.app/Contents/Library/GPG\ Tap\ Notifier\ Agent.app/Contents/MacOS/GPG\ Tap\ Notifier\ Agent localhost 8000
Screenshot 2023-07-05 at 1 22 00 AM

From there, it's possible to type messages in from the client side (left in the screenshot) and see them appear on the listening server (right). If you type in a response from the server side, it'll clear the notification.

gluxon commented 1 year ago

Another thought I have: I wonder if dragging the reminder timeout affects whether the problem happens at all.

Screenshot 2023-07-05 at 1 26 12 AM

Since many people are reporting that the "Test Notification" button is working, and the agent is running, it's possible the timeout setting isn't getting properly defaulted to 0.5s.

https://github.com/palantir/gpg-tap-notifier-macos/blob/1ef693ee4707ef61eb3ec2a5951156d7aff98464/Sources/GpgTapNotifierAgent/GpgTapNotifierAgentApp.swift#L63-L66

kp-andy-savage commented 1 year ago

Another thought I have: I wonder if dragging the reminder timeout affects whether the problem happens at all.

Screenshot 2023-07-05 at 1 26 12 AM

Since many people are reporting that the "Test Notification" button is working, and the agent is running, it's possible the timeout setting isn't getting properly defaulted to 0.5s.

https://github.com/palantir/gpg-tap-notifier-macos/blob/1ef693ee4707ef61eb3ec2a5951156d7aff98464/Sources/GpgTapNotifierAgent/GpgTapNotifierAgentApp.swift#L63-L66

This does not fix the problem for me. I will try the nc debugging a bit later.