gnupg-2.4.0

[gngrossi]

Setting up gnupg... mkdir: FSUM6404 directory "/u/jenkins/.gnupg": EDC5129I No such file or directory. ./setup.sh 47: FSUM7343 cannot open "/u/jenkins/.gnupg/gpg-agent.conf" for output: EDC5129I No such file or directory. Setup completed.

[gngrossi]

bash-5.2$ gpg --gen-key gpg: can't mmap pool of 32768 bytes: EDC5128I No such device. - using malloc gpg: Please note that you don't have secure memory on this system gpg (GnuPG) 2.4.0; Copyright (C) 2021 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

Note: Use "gpg --full-generate-key" for a full featured key generation dialog.

GnuPG needs to construct a user ID to identify your key.

Real name: gngrossi Email address: gary.grossi@alight.com You selected this USER-ID: "gngrossi gary.grossi@alight.com"

Change (N)ame, (E)mail, or (O)kay/(Q)uit? O We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: error running '/u/jenkins/zopen/prod/gnupg-2.4.0/bin/gpg-agent': probably not installed gpg: failed to start gpg-agent '/u/jenkins/zopen/prod/gnupg-2.4.0/bin/gpg-agent': Configuration error gpg: can't connect to the gpg-agent: Configuration error gpg: agent_genkey failed: No agent running Key generation failed: No agent running

[HarithaIBM]

@gngrossi Hi Gary, Thanks for raising this issue and we are working on a permanent solution. Till the release is in place, you can follow the manual steps below to start using gpg

• There will be a .gnupg dir created under your $HOME. (This is created on first run of GPG)

• Create a gpg-agent.conf file under that

• Add following lines there (set the path as per your dir locations): pinentry-program /home/haritha/zopen-data/prod/pinentry-1.2.1/bin/pinentry-tty log-file /home/haritha/.gnupg/gpg-agent.log

• try using gpg now, if it does not work then, try reloading agent using command below: gpg-connect-agent reloadagent

  Please reach out to me incase you need help here, till we release permanent fix

[gngrossi]

Setting up gnupg... mkdir: FSUM6404 directory "/u/jenkins/.gnupg": EDC5129I No such file or directory. ./setup.sh 47: FSUM7343 cannot open "/u/jenkins/.gnupg/gpg-agent.conf" for output: EDC5129I No such file or directory. Setup completed.

[HarithaIBM]

Hi Gary, Yes we get that error and the manual steps provided above are for the same. Please ignore this error and follow above manual steps. It should work as expected.

[gngrossi]

Hello, What am I missing? thanks

RC=(0) [SYSA] bash-5.2$ pwd /u/@02858/.gnupg

RC=(0) [SYSA] bash-5.2$ ls -al total 48 drwx------ 2 @02858 @ISCICS1 8192 Jun 15 08:27 . drwxr-x--- 45 @02858 @ISCICS1 8192 Jun 15 08:07 .. -rw-r----- 1 @02858 @ISCICS1 114 Jun 14 11:57 gpg-agent.conf

RC=(0) [SYSA] bash-5.2$ cat *conf pinentry-program /hewitt/zopentools/guild/pinentry-1.2.1/bin/pinentry-tty log-file /u/@02858/.gnupg/gpg-agent.log

RC=(0) [SYSA] bash-5.2$ gpg --gen-key gpg: can't mmap pool of 32768 bytes: EDC5128I No such device. - using malloc gpg: Please note that you don't have secure memory on this system gpg (GnuPG) 2.4.0; Copyright (C) 2021 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

gpg: keybox '/u/@02858/.gnupg/pubring.kbx' created Note: Use "gpg --full-generate-key" for a full featured key generation dialog.

GnuPG needs to construct a user ID to identify your key.

Real name: gngrossi Email address: gary.grossi@alight.com You selected this USER-ID: "gngrossi gary.grossi@alight.com"

Change (N)ame, (E)mail, or (O)kay/(Q)uit? O We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: error running '/u/jenkins/zopen/prod/gnupg-2.4.0/bin/gpg-agent': probably not installed gpg: failed to start gpg-agent '/u/jenkins/zopen/prod/gnupg-2.4.0/bin/gpg-agent': Configuration error gpg: can't connect to the gpg-agent: Configuration error gpg: agent_genkey failed: No agent running Key generation failed: No agent running

RC=(2) [SYSA] bash-5.2$ pwd /u/@02858/.gnupg

RC=(0) [SYSA] bash-5.2$ ls -al total 50 drwx------ 2 @02858 @ISCICS1 8192 Jun 15 08:28 . drwxr-x--- 45 @02858 @ISCICS1 8192 Jun 15 08:07 .. -rw-r----- 1 @02858 @ISCICS1 114 Jun 14 11:57 gpg-agent.conf -rw------- 1 @02858 @ISCICS1 32 Jun 15 08:28 pubring.kbx

RC=(0) [SYSA] bash-5.2$ gpg --list-keys gpg: can't mmap pool of 32768 bytes: EDC5128I No such device. - using malloc gpg: Please note that you don't have secure memory on this system

RC=(0) [SYSA] bash-5.2$ gpg --fingerprint gpg: can't mmap pool of 32768 bytes: EDC5128I No such device. - using malloc gpg: Please note that you don't have secure memory on this system

[HarithaIBM]

Hi Gary, please use --agent-program=/home/haritha/code/gpgport/gnupg-2.4.0/agent/gpg-agent along with gpg for all gpg related commands , as shown below: gpg --agent-program=/home/haritha/code/gpgport/gnupg-2.4.0/agent/gpg-agent --gen-key

We are working on permanent fix, please use these manual steps until then.

[gngrossi]

Hello Haritha, Ran these commands successfully with attached results. Closing the issue. thanks

gpg --agent-program=$(which gpg-agent) --gen-key gpg --agent-program=$(which gpg-agent) --full-generate-key gpg_results.txt gpg_results2.txt

[IgorTodorovskiIBM]

Let's leave this open until we have a permanent fix that involves no user intervention

[gngrossi]

Sounds good...thanks

[gngrossi]

Here is a list of the files after running commands to generate keys. Note the errors in gpg-agent.log.

/u/@02858/.gnupg RC=(0) [SYSA] bash-5.2$ ls -l srwx------ 1 @02858 @ISCICS1 0 Jun 15 11:01 S.gpg-agent srwx------ 1 @02858 @ISCICS1 0 Jun 15 10:54 S.gpg-agent.browser srwx------ 1 @02858 @ISCICS1 0 Jun 15 10:54 S.gpg-agent.extra srwx------ 1 @02858 @ISCICS1 0 Jun 15 10:54 S.gpg-agent.ssh -rw-r----- 1 @02858 @ISCICS1 114 Jun 14 11:57 gpg-agent.conf -rw-r--r-- 1 @02858 @ISCICS1 27936 Jun 15 16:16 gpg-agent.log drwx------ 2 @02858 @ISCICS1 8192 Jun 15 11:01 openpgp-revocs.d drwx------ 2 @02858 @ISCICS1 8192 Jun 15 11:01 private-keys-v1.d -rw-r--r-- 1 @02858 @ISCICS1 2088 Jun 15 11:01 pubring.kbx -rw-r--r-- 1 @02858 @ISCICS1 649 Jun 15 10:54 pubring.kbx~ -rw------- 1 @02858 @ISCICS1 1360 Jun 15 11:03 trustdb.gpg

there 327 messages like this

RC=(0) [SYSA] bash-5.2$ head gpg-agent.log 2023-06-15 10:54:07 gpg-agent[50990457] gpg-agent (GnuPG) 2.4.0 started 2023-06-15 10:54:07 gpg-agent[50990457] Assuan get_peercred failed: General IPC error 2023-06-15 10:55:11 gpg-agent[50990457] Assuan get_peercred failed: General IPC error 2023-06-15 10:56:11 gpg-agent[50990457] Assuan get_peercred failed: General IPC error 2023-06-15 10:57:11 gpg-agent[50990457] Assuan get_peercred failed: General IPC error 2023-06-15 10:58:11 gpg-agent[50990457] Assuan get_peercred failed: General IPC error 2023-06-15 10:59:11 gpg-agent[50990457] Assuan get_peercred failed: General IPC error 2023-06-15 11:00:12 gpg-agent[50990457] Assuan get_peercred failed: General IPC error 2023-06-15 11:01:12 gpg-agent[50990457] Assuan get_peercred failed: General IPC error 2023-06-15 11:01:25 gpg-agent[50990457] Assuan get_peercred failed: General IPC error

[gngrossi]

Missing dirmngr in /hewitt/zopentools/guild/gnupg-2.4.0/bin

bash-5.2$ gpg --keyserver pgp.mit.edu --search-key gary.grossi@alight.com gpg: can't mmap pool of 32768 bytes: EDC5128I No such device. - using malloc gpg: Please note that you don't have secure memory on this system gpg: error running '/u/jenkins/zopen/prod/gnupg-2.4.0/bin/dirmngr': probably not installed gpg: failed to start dirmngr '/u/jenkins/zopen/prod/gnupg-2.4.0/bin/dirmngr': Configuration error gpg: can't connect to the dirmngr: Configuration error gpg: error searching keyserver: No dirmngr gpg: keyserver search failed: No dirmngr

[gngrossi]

In setup.sh, is it feasible to use $HOME for GPG_CONF_HOME and the ZOPEN_INSTALL_PREFIX for the path when creating the gpg-agent.conf file? thanks

GPG_CONF_HOME="/u/jenkins/.gnupg" mkdir $GPG_CONF_HOME cat > /u/jenkins/.gnupg/gpg-agent.conf <<EOF pinentry-program /jenkins/zopen/prod/pinentry-1.2.1/bin/pinentry-tty log-file $GPG_CONF_HOME/gpg-agent.log EOF echo "Setup completed." touch ".installed" rm ".installing"

[gngrossi]

After installing the current pax file...

Setting up gnupg... mkdir: FSUM6404 directory "/u/@02858/.gnupg": EDC5117I File exists. Setup completed.

--

Is it feasible to ignore errors or maybe check for RC=1? mkdir $HOME/.gnupg 2>/dev/null

thanks

[gngrossi]

After installing the latest pax file, it looks like the update to the gpg-agent.conf file isn't setting the path correctly for the pinentry program. Looking at setup.sh, it appears the env variable $PINENTRY_HOME is null.

RC=(0) [SYSA] bash-5.2$ pwd /u/@02858/.gnupg RC=(0) [SYSA] bash-5.2$ cat gpg-agent.conf pinentry-program /bin/pinentry-tty log-file /u/@02858/.gnupg/gpg-agent.log

--

cat > $HOME/.gnupg/gpg-agent.conf <<EOF pinentry-program $PINENTRY_HOME/bin/pinentry-tty log-file $GPG_CONF_HOME/gpg-agent.log EOF

[gngrossi]

After installing the latest pax file, it looks like the path to pinentry-tty is incorrect.

bash-5.2$ cat gpg-agent.conf pinentry-program /bin/pinentry-tty log-file /u/@02858/.gnupg/gpg-agent.log

[gngrossi]

After installing the latest pax file, shouldn't the path to the pinentry-program be the installation path? thanks

bash-5.2$ cat gpg-agent.conf pinentry-program /bin/pinentry-tty log-file /u/@02858/.gnupg/gpg-agent.log

[HarithaIBM]

After installing the latest pax

Hi @gngrossi , I understand that you are trying to download the pax file and run .env to set it up, right? Can you please try running zopen install gpg, instead. That way, it will be able to solve the runtime dependencies. We might have to handle this runtime dependecies in pax files in a different way.

[gngrossi]

Hello Haritha, Last month I tried using the new zopen package manager (0.7.0). Our z/OS system doesn’t have access to the URL: https://zosopentools.github.io/meta/api/zopen_releases.json

I reported the issue. https://github.com/ZOSOpenTools/gpgport/issues/6#issuecomment-1809527880

thanks

[IgorTodorovskiIBM]

Hello Haritha, Last month I tried using the new zopen package manager (0.7.0). Our z/OS system doesn’t have access to the URL: https://zosopentools.github.io/meta/api/zopen_releases.json

I reported the issue. #6 (comment)

thanks

Hey @gngrossi , do you have access to this alternate url? https://raw.githubusercontent.com/ZOSOpenTools/meta/main/docs/api/zopen_releases.json

[gngrossi]

Hello Igor, Yes, the url is accessible from our mainframe LPARs. Should I try using the zopen package manager now? thanks

[IgorTodorovskiIBM]

Hello Igor, Yes, the url is accessible from our mainframe LPARs. Should I try using the zopen package manager now? thanks

Very good, not yet. I've opened a PR https://github.com/ZOSOpenTools/meta/pull/582

[gngrossi]

Hello Haritha, I migrated from the pax file installation to using zopen install.

I examined the two conf files in my home directory. Should the path to the pinentry-program in gpg-agent.conf be updated? I was expecting /hewitt/zopentools/zopen_repo/usr/local/zopen/pinentry/pinentry/bin/pinentry-tty

/u/@02858/.gnupg bash-5.2$ head *conf ==> dirmngr.conf <== standard-resolver no-use-tor nameserver 1.1.1.1

==> gpg-agent.conf <== pinentry-program /bin/pinentry-tty log-file /u/@02858/.gnupg/gpg-agent.log

thanks

[HarithaIBM]

Hello Haritha, I migrated from the pax file installation to using zopen install.

I examined the two conf files in my home directory. Should the path to the pinentry-program in gpg-agent.conf be updated? I was expecting /hewitt/zopentools/zopen_repo/usr/local/zopen/pinentry/pinentry/bin/pinentry-tty

/u/@02858/.gnupg bash-5.2$ head *conf ==> dirmngr.conf <== standard-resolver no-use-tor nameserver 1.1.1.1

==> gpg-agent.conf <== pinentry-program /bin/pinentry-tty log-file /u/@02858/.gnupg/gpg-agent.log

thanks

Hi Gary, Yes you are right. For now, this has to be updated manually. I will discuss on this use case and get back.

[gngrossi]

I updated the conf file. Should I close this issue? thanks

[HarithaIBM]

Hi @gngrossi Before that i wanted to understand if you tried installing GPG again, i mean after zopen init?

[gngrossi]

Hi Haritha, yes, I recently migrated from using the pax installs to using the zopen package manager. After zopen init ran on a new repo location, I used zopen install for the packages I'm testing. Prior to that, I removed the previous pax file install directories. thanks

[HarithaIBM]

Hi @gngrossi Please donot close it , PINENTRY_HOME had to be set before /bin for pinentry path. We will fix it. Thank you for brining it to our notice!

[HarithaIBM]

@gngrossi For now after installing gpg for first time after zopen_init, we need to uninstall gpg and install it again. Please use this workaround until, we fix https://github.com/ZOSOpenTools/meta/issues/633

[gngrossi]

@HarithaIBM To help clarify, are you recommending to remove pinentry and gpg prior to re-installing in that sequence? Also, should I remove the $HOME/.gnupg directory? thanks

[HarithaIBM]

Hi Gary, no what I meant is after you install gpg for first time, just run, zopen remove gpg and install gpg again!

[gngrossi]

@HarithaIBM

bash-5.2$ zopen remove gpg Removing package: gpg

• Checking status of package 'gpg'
• Package installed, unmeshing from system
• Removing metadata file to mark uninstall
• Breaking link from current to versioned
• Checking for obsoleted files in /hewitt/zopentools/zopen_repo/usr/ tree from gpg.
• Checking 114 potential links.
• Complete
• Checking 16 dir links
• Removing profiled entry Successfully removed: gpg

bash-5.2$ zopen alt gpg 1: gnupg-2.4.3.20231212_102351.zos

bash-5.2$ zopen install gpg

• Querying repo for latest package information. Processing package: gpg
• Installing gpg...
• Downloading gnupg-2.4.3.20231212_102351.zos.pax.Z file from remote to zopen package cache... ----<
• Processing gnupg-2.4.3.20231212_102351.zos.pax.Z... After this operation, 64.39 MB of additional disk space will be used. Do you want to continue? [y/n] y
• Clearing existing directory and contents
• Expanding gnupg-2.4.3.20231212_102351.zos.pax.Z
• Expanded
• Integration complete.
• Checking for env file.
• .env file found, adding to profiled processing.
• Sourcing environment to run any setup. Setting up gnupg... Setup completed.
• Checking for runtime dependencies.
• gpg depends on: pinentry
• Installing dependencies. Processing package: pinentry Package pinentry is already installed at the requested version: 1.2.1.20231115_113853 and due to the absence of the 'reinstall' flag, will not be reinstalled. Successfully installed: gpg