Skip to content
This repository has been archived by the owner on Jul 22, 2022. It is now read-only.

Does not work with latest Gpg4win version (4.0.0) #33

Open
J0F3 opened this issue Jan 3, 2022 · 12 comments
Open

Does not work with latest Gpg4win version (4.0.0) #33

J0F3 opened this issue Jan 3, 2022 · 12 comments

Comments

@J0F3
Copy link

J0F3 commented Jan 3, 2022

Describe the bug
Seems not to be compatible with the version 4.0.0 of Gpg4win anymore. The YubiKey is not accessible in WSL and gpg --card-status fails with no scdaemon.

After downgrading to the previous version 3.1.16 it is working again as before.

To Reproduce
Steps to reproduce the behavior:

  1. Update Gpg4win to the lastet version (4.0.0)
  2. In WSL Run gpg --card-status

Additional context
It seems that the version 4 of Gpg4Win does change how smart cards are accessed as stated in the release notes:

"New smartcard handling with better support for multiple smartcards.
https://gpg4win.org/version4.html
@tobiaskohlbau
Copy link
Collaborator

tobiaskohlbau commented Jan 3, 2022
edited
Loading

Can you verify that gpg --card-status is working on windows? I've just updated to version 4.0.0 and gpg4win itself is unable to interact with my YubiKey. Maybe GPG4win messed something up?

@tobiaskohlbau
Copy link
Collaborator

Any chance you've changed your scdaemon.conf on windows (%APPDATA%/gnupg/scdaemon.conf)? I've had reader-port Yubico YubiKey OTP+FIDO+CCID 0 within it. After removing this line and rebooting the machine it started working again, within windows and WSL.

@J0F3
Copy link
Author

J0F3 commented Jan 3, 2022

Yes, I struggled with the same first. Had also the reader-port Yubico YubiKey OTP+FIDO+CCID 0 in the scdaemon.conf and after removing it worked again in Windows. But in WSL I got then always the error about the scdaemon not running.
But if it works for you in WLS also with the Version 4 I will give an other try then and keep you posted.

@Editst
Copy link

Editst commented Jan 3, 2022

I upgrade to gunpg 2.2.33 and have the same problem. After downgrading to gunpg 2.2.28 it is working again as before.

@J0F3
Copy link
Author

J0F3 commented Jan 4, 2022
edited
Loading

I have tried it again on an other computer yesterday. But now I got an other problem. I got the wsl2-ssh-pageant not working at all. I have followed the installation instructions but as soon as I run a gpg --card-status in WSL it says agent is not running and starts the normal gpg agent which does then obviously not work. What did I miss?
(I tried with completely new and clean Ubuntu 20.04 WSL distro).

Regarding the Gpg4Win 4 I noticed that instead of scdaemon an other process 'Smart Card Agent' or something similar is running in Windows. So maybe this is the problem and the change of the Smart Card handling in the new version of Gpg4Win. But just a guess.

@J0F3
Copy link
Author

J0F3 commented Jan 5, 2022

Ok, I got it working again with version 4 of win4pgp respectively with gnupg 2.3.4. So seems to be a false alert of mine that the version 4 is the problem.

My problem is that gnupg is installed "globally" (under C:\Program Files (x86)\gnupg) and in this case the S.gpg-agent file is located unter "C:\Users\username\AppData\Local\gnupg" instead under "C:\Users\username\AppData\Roaming\gnupg" where wsl2-ssh-pageant does search by default.
(While updating to version 4 I change the installation location. That's why I had problems after updating).

I cloud fix that by adding -gpgConfigBasepath in .bashrc so that wsl2-ssh-pageant looks in the right directory:

export GPG_AGENT_SOCK="$HOME/.gnupg/S.gpg-agent"
if ! ss -a | grep -q "$GPG_AGENT_SOCK"; then
  rm -rf "$GPG_AGENT_SOCK"
  wsl2_ssh_pageant_bin="$HOME/.ssh/wsl2-ssh-pageant.exe"
  config_path="C\:/Users/<username>AppData/Local/gnupg"
  if test -x "$wsl2_ssh_pageant_bin"; then
    (setsid nohup socat UNIX-LISTEN:"$GPG_AGENT_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin -gpgConfigBasepath ${config_path} -gpg S.gpg-agent" >/dev/null 2>&1 &)
  else
    echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable."
  fi
  unset wsl2_ssh_pageant_bin
fi

Maybe it is worth to mention this in the Installation instructions?

@rapgru rapgru mentioned this issue Jan 19, 2022
Open
@byteduty
Copy link

Ok, I got it working again with version 4 of win4pgp respectively with gnupg 2.3.4. So seems to be a false alert of mine that the version 4 is the problem.

My problem is that gnupg is installed "globally" (under C:\Program Files (x86)\gnupg) and in this case the S.gpg-agent file is located unter "C:\Users\username\AppData*Local*\gnupg" instead under "C:\Users\username\AppData*Roaming*\gnupg" where wsl2-ssh-pageant does search by default. (While updating to version 4 I change the installation location. That's why I had problems after updating).

I cloud fix that by adding -gpgConfigBasepath in .bashrc so that wsl2-ssh-pageant looks in the right directory:

export GPG_AGENT_SOCK="$HOME/.gnupg/S.gpg-agent"
if ! ss -a | grep -q "$GPG_AGENT_SOCK"; then
  rm -rf "$GPG_AGENT_SOCK"
  wsl2_ssh_pageant_bin="$HOME/.ssh/wsl2-ssh-pageant.exe"
  config_path="C\:/Users/<username>AppData/Local/gnupg"
  if test -x "$wsl2_ssh_pageant_bin"; then
    (setsid nohup socat UNIX-LISTEN:"$GPG_AGENT_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin -gpgConfigBasepath ${config_path} -gpg S.gpg-agent" >/dev/null 2>&1 &)
  else
    echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable."
  fi
  unset wsl2_ssh_pageant_bin
fi

Maybe it is worth to mention this in the Installation instructions?

Thank you this worked a treat.

@delucca
Copy link

delucca commented Feb 19, 2022

Ok, I got it working again with version 4 of win4pgp respectively with gnupg 2.3.4. So seems to be a false alert of mine that the version 4 is the problem.

My problem is that gnupg is installed "globally" (under C:\Program Files (x86)\gnupg) and in this case the S.gpg-agent file is located unter "C:\Users\username\AppData*Local*\gnupg" instead under "C:\Users\username\AppData*Roaming*\gnupg" where wsl2-ssh-pageant does search by default. (While updating to version 4 I change the installation location. That's why I had problems after updating).

I cloud fix that by adding -gpgConfigBasepath in .bashrc so that wsl2-ssh-pageant looks in the right directory:

export GPG_AGENT_SOCK="$HOME/.gnupg/S.gpg-agent"
if ! ss -a | grep -q "$GPG_AGENT_SOCK"; then
  rm -rf "$GPG_AGENT_SOCK"
  wsl2_ssh_pageant_bin="$HOME/.ssh/wsl2-ssh-pageant.exe"
  config_path="C\:/Users/<username>AppData/Local/gnupg"
  if test -x "$wsl2_ssh_pageant_bin"; then
    (setsid nohup socat UNIX-LISTEN:"$GPG_AGENT_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin -gpgConfigBasepath ${config_path} -gpg S.gpg-agent" >/dev/null 2>&1 &)
  else
    echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable."
  fi
  unset wsl2_ssh_pageant_bin
fi

Maybe it is worth to mention this in the Installation instructions?

I was facing the same issue and your suggestion fixed it =)

@kjkent
Copy link

kjkent commented Feb 20, 2022
edited
Loading

@J0F3 thanks for your solution! I believe the install-style (to Program Files (x86) and S.gpg-agent being in AppData\Local) is default behaviour for Gpg4win 4.0.0. On my machine, at least, I'm not given an option for anything different.

Is it also necessary to edit the export SSH_AGENT_SOCK... code block with the -gpgConfigBasepath (or similar)?

@J0F3
Copy link
Author

J0F3 commented Feb 22, 2022

Yes I think it is the default location if you have admin right during the setup. If you have only user rights it get installed to AppData because 'Program Files' is not writeable with normal user rights.

No export SSH_AGENT_SOCK... is still correct as this corresponds to Linux path inside of the WSL which does not change.
The only thing which is need is to specify the -gpgConfigBasepath argument for wsl2-ssh-pageant.exe.

@davidshen84
Copy link

Hi,

My system is Windows 11 64bit, with Gpg4win 4.0.0 installed.

After adding the -gpgConfigBasepath, the application started without any error message. But when I try gpg --card-status in WSL 2, the command hang for a while, the return error saying no agent is running. In the nohup.out file, I got this error message.

socat[392] E write(5, 0x5598023caa60, 4): Broken pipe

I think something is wrong with the S.gpg-agent pipe. But I have no idea how to troubleshoot. Any idea?

Thanks.

@tobiaskohlbau
Copy link
Collaborator

Hi,

My system is Windows 11 64bit, with Gpg4win 4.0.0 installed.

After adding the -gpgConfigBasepath, the application started without any error message. But when I try gpg --card-status in WSL 2, the command hang for a while, the return error saying no agent is running. In the nohup.out file, I got this error message.

socat[392] E write(5, 0x5598023caa60, 4): Broken pipe

I think something is wrong with the S.gpg-agent pipe. But I have no idea how to troubleshoot. Any idea?

Thanks.

You could try to activate the verbose mode of wsl2-ssh-pageant. This could show if the agent itself has some information for e.g. if it is unable to find the S.gpg-agent socket on the windows side.

@pfruh pfruh mentioned this issue Mar 31, 2022
Closed
EdenEast added a commit to EdenEast/nyx that referenced this issue Apr 30, 2022
@EdenEast
fix(gpg): Update wsl2-ssh-pageant for new win4pgp
21a3100 
win4pgp updated and now puts the socket files in %localappdata% instead
of %appdata%. wsl2-ssh-pageant looks in %appdata% for these files.

This was fixed with the help of a [comment] on the wsl2-ssh-pageant repo.

comment: BlackReloaded/wsl2-ssh-pageant#33 (comment)
@Adito5393 Adito5393 mentioned this issue May 4, 2023
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@davidshen84 @tobiaskohlbau @delucca @J0F3 @Editst @byteduty @kjkent