[OpenIndiana-discuss] GPG2 on OI

Tim Mooney Tim.Mooney at ndsu.edu
Thu Sep 30 18:41:14 UTC 2021 

In regard to: Re: [OpenIndiana-discuss] GPG2 on OI, stes at PANDORA.BE said...:

>
> I just tested the fix that Tim and the GNUPG support found/provided.
>
> According to the bug report https://dev.gnupg.org/T5623
>
> Basically the fix is to put "s2k-count 29176832" in gpg-agent.conf :

I didn't mention that in my previous post because it's not a fix,
just a workaround.  It's not a setting that should be used long term.
If you need gpg-agent working right now, then go ahead and use it,
but once the real fix is in place, it should be removed from your
~/.gnupg/gpg-agent.conf

> So the fix works ... to avoid the hang with GPG2 2.3.2 on --gen-key.

Not a fix, just a workaround.

> Whether this is a Illumos / OpenIndiana or GNUPG2 issue, is unclear to me.

It's kind of both, but it's more a deficiency in Illumos than anything.
However, now that we know about it, there are workarounds that can be
developed.  I expect a forthcoming minor update in the GnuPG 2.3 series will
have a workaround in place.  It seems they're going to fix it upstream,
and even if they change their minds and decide not to do that, we have
enough info now that I can develop a patch for our package.

> However based on the bug report at gnupg.org this may be a totally
> unrelated issue or bug.

It seems it is.  I had assumed that both issues where an IPC issue, but
they are not.

I'll work with them on the pinentry issue too.  I'll report back here
once there's news on that.

For now, the workaround for that issue when you're at a text terminal
would be to add '--pinentry-mode loopback' to your gpg command line.
Again, that too is just a workaround, it's not a fix.

Tim


> ----- Op 30 sep 2021 om 17:56 schreef Andreas Wacknitz A.Wacknitz at gmx.de:
>
>> Am 9/30/21 um 10:37 AM schrieb Tim Mooney via openindiana-discuss:
>>> In regard to: Re: [OpenIndiana-discuss] GPG2 on OI, stes at PANDORA.BE
>>> said...:
>>>
>>>> It is perhaps possible to try out older versions and find a solution,
>>>> I'd be interested if you find a solution and are willing to share it !
>>>
>>> I reported the issue to the GnuPG bug tracker and have been working with
>>> one of the developers (gniibe) to diagnose the problem.  He or she
>>> tracked
>>> the hang down really quickly.
>>>
>>> It's an issue with clock_gettime().  Both Solaris < 11.4 and the Illumos
>>> kernel define CLOCK_THREAD_CPUTIME_ID for thread interval timing, but
>>> it's effectively broken.  Calling clock_gettime with
>>> CLOCK_THREAD_CPUTIME_ID as the first argument will always result in
>>> an EINVAL error return.  Because CLOCK_THREAD_CPUTIME_ID is actually
>>> defined in the headers, though, the threading code in gpg-agent is trying
>>> to use it.
>>>
>>> Note that Solaris 11.4 added working CLOCK_THREAD_CPUTIME_ID, so
>>> clock_gettime() with CLOCK_THREAD_CPUTIME_ID works for latest OG Solaris,
>>> but not older versions or any Illumos (currently).  Another place where
>>> the distros have now diverged.
>>>
>>> There's a Python bug report about the issue that the GnuPG developer
>>> referenced:
>>>
>>>     https://bugs.python.org/issue35455
>>>
>>> The developer is going to fix it in the gnupg mainline, so I expect gnupg
>>> 2.3.3 or 2.3.4 will have the hang fixed.
>>>
>>> I'll follow-up again as things progress with this issue and with the
>>> (apparently unrelated) issue with pinentry-curses drawing.
>>>
>>> Tim
>>
>> Hi,
>>
>> Nice work from you and the GnuPG developer. I propose to either open a
>> ticket for it on https://www.illumos.org/projects/illumos-gate
>> or post the results from your analysis on #illumos. Maybe some illumos
>> maintainers find it interesting enough to fix this problem in ilumos-gate.
>>
>> Andreas
>>
>>
>> _______________________________________________
>> openindiana-discuss mailing list
>> openindiana-discuss at openindiana.org
>> https://openindiana.org/mailman/listinfo/openindiana-discuss
>
> _______________________________________________
> openindiana-discuss mailing list
> openindiana-discuss at openindiana.org
> https://openindiana.org/mailman/listinfo/openindiana-discuss
>
>

-- 
Tim Mooney                                             Tim.Mooney at ndsu.edu
Enterprise Computing & Infrastructure /
Division of Information Technology    /                701-231-1076 (Voice)
North Dakota State University, Fargo, ND 58105-5164

More information about the openindiana-discuss mailing list