Bug 441084

Summary:	gpg does not work anymore after update
Product:	[openSUSE] openSUSE 11.1	Reporter:	Thorsten Kukuk <kukuk>
Component:	Update Problems	Assignee:	Petr Uzel <puzel>
Status:	RESOLVED FIXED	QA Contact:	Jiri Srain <jsrain>
Severity:	Normal
Priority:	P3 - Medium	CC:	coolo, holgi, ma, mls, wolfgang
Version:	Beta 4
Target Milestone:	---
Hardware:	Other
OS:	Other
Whiteboard:	maint:released:sle11:28093 maint:released:10.3:28094 maint:released:11.0:28094 maint:released:11.1:28094
Found By:	---	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Thorsten Kukuk 2008-11-03 14:45:00 UTC

After update from 11.0 to 11.1-Beta4 (default pattern upgrade),
gpg prints: "Please install pinentry-qt or pinentry-gtk2"

This should be handled by dependencies on update.

Comment 1 Dirk Mueller 2008-11-04 21:12:24 UTC

don't you have pinentry-ncurses installed? this is likely a different bug, namely that it defaults to pinentry-gtk2 now even though pinentry-ncurses is available

Comment 2 Thorsten Kukuk 2008-11-04 21:54:28 UTC

I have no pinentry-ncurses installed:

pinentry-0.7.5-28.43
pinentry-gtk2-0.7.5-28.43

pinentry-gtk2 was installed with zypper later.

Comment 3 Thorsten Kukuk 2008-11-04 21:59:17 UTC

Between, before the update, pinentry-qt was installed, but that was removed with update.

I would say a dependency bug: All pinentry-* provides "pinentry-dialog", but nothing requires it. Maybe gpg2 should require pinentry-dialog instead of pinentry? Or pinentry itself should require pinentry-dialog?

Comment 4 Petr Uzel 2008-11-05 10:43:46 UTC

(In reply to comment #3 from Thorsten Kukuk)
> I would say a dependency bug: All pinentry-* provides "pinentry-dialog", but
> nothing requires it. Maybe gpg2 should require pinentry-dialog instead of
> pinentry? Or pinentry itself should require pinentry-dialog?
 
/usr/bin/pinentry script seems to assume that at least one of pinentry-{qt,gtk2} is installed. So making pinentry require pinentry-dialog seems to be the best solution to me. Thorsten, do you agree?

Comment 5 Thorsten Kukuk 2008-11-05 10:45:56 UTC

Yes, I agree.

Comment 6 Petr Uzel 2008-11-05 11:11:03 UTC

Submitted to factory

Comment 7 Stephan Kulow 2008-11-10 13:56:41 UTC

this requires is wrong, sorry. This makes pinentry require a x11 toolkit even if it can easily work with -curses in a minimal system.

So please leave out the require and rather fix the pinentry script to check if it has a terminal and use -curses even if $DISPLAY is set. For now I'll submit a version without requires as it blocks my live cds.

Comment 8 Petr Uzel 2008-11-12 11:18:04 UTC

(In reply to comment #7 from Stephan Kulow)
> this requires is wrong, sorry. This makes pinentry require a x11 toolkit even
> if it can easily work with -curses in a minimal system.
I did not realize this, sorry.

> So please leave out the require and rather fix the pinentry script to check if
> it has a terminal and use -curses even if $DISPLAY is set.
Unfortunately, it is not trivial to determine whether pinentry-curses can be safely used. The problem is that pinentry is not called directly by gpg/whatever, but instead everything goes through gpg-agent. This, by default, calls pinenty either with --display (X running), or without any options (no X running). I need to find out how to tell if it can use tty.

Comment 9 Petr Uzel 2008-11-28 15:37:57 UTC

According to discussion with upstream gnupg developers, there's no standard (=easy) way how pinentry could recognize whether it has access to tty (at least not before the right pinentry binary is selected by pinentry script).

Any idea how could we solve this?

Comment 10 Petr Uzel 2008-12-01 11:09:10 UTC

Concerning dependencies issue: what if both pinentry-qt and pinentry-gtk2 provided 'pinentry-gui'? Could we then add pinentry-gui to X11 openSUSE pattern ?
Coolo ?

Comment 11 Stephan Kulow 2008-12-01 12:16:31 UTC

What's better: add
Supplements: packageand(xorg-libs:pineentry) and
Supplements: packageand(kdelibs3:pineentry) to -qt

and 
Supplements: packageand(xorg-libs:pineentry) and
Supplements: packageand(libgnome:pineentry) to -gtk2

if neither gnome nor kde are installed (kde4 will install kdelibs3 too), then the solver will pick what fits best.

Comment 12 Petr Uzel 2008-12-01 13:28:33 UTC

Thanks Coolo, I've submitted it to Factory.

Comment 13 Stephan Kulow 2008-12-01 13:33:35 UTC

I won't take it for 11.1 though. While in theory it should work out all fine, I had one too many suprises with this bug :)

Comment 14 Petr Uzel 2008-12-04 10:13:54 UTC

> /mounts/work_src_done/STABLE/pinentry was not checked in by ro for the 
> following reasons:

> this will always pull in BOTH pinentry frontends, please find a better solution

Maybe the solution from comment #10 ?

Comment 15 Petr Uzel 2008-12-08 08:37:15 UTC

set NEEDINFO due to comment #14

Comment 16 Stephan Kulow 2008-12-08 11:15:57 UTC

I won't comment anymore, I can only make it worse - better ask someone who knows :)

Comment 17 Petr Uzel 2008-12-08 11:30:56 UTC

(In reply to comment #16 from Stephan Kulow)
> I won't comment anymore, I can only make it worse - better ask someone who
> knows :)

Well, OK. I've asked you because you are maintainer of patterns-openSUSE.

Comment 19 Michael Andres 2008-12-08 11:55:37 UTC

The two supplements are OR'ed. What you actually want is probably

  Supplements: packageand(xorg-libs:kdelibs3:pineentry) to -qt
  Supplements: packageand(xorg-libs:libgnome:pineentry) to -gtk2

According to mls this triple packageand should work (but is untested).

Questions is: why xorg-libs? Don't kdelibs3 and libgnome require it?
Then just 'packageand(xorg-libs:pineentry)' had to be removed from both packages.

Comment 20 Petr Uzel 2008-12-08 12:35:57 UTC

What we need is:
a) if kde3/4 is installed, then install pinentry-qt
b) if gnome (or other gtk based WM) is installed, then install pinentry-gtk2
c) if minimal X (no kdelibs/libgnome) is installed, then install at least one of pinentry-{gtk2,qt} - does not matter much which one
d) if no X is installed, do not install neither pinentry-qt nor pinentry-gtk2

So the idea behind proposal in comment #11 is to select the 'best match'.


(In reply to comment #19 from Michael Andres)
> Questions is: why xorg-libs? Don't kdelibs3 and libgnome require it?
> Then just 'packageand(xorg-libs:pineentry)' had to be removed from both
> packages.

If done this way, doesn't it break c) ?

Comment 21 Michael Schröder 2008-12-08 13:56:51 UTC

I don't understand c), wouldn't that pull in qt or gnome? How is that minimal?

Comment 22 Wolfgang Rosenauer 2009-08-13 13:46:00 UTC

Bug 530815 was raised against Thunderbird/Enigmail.
Up to now I've used
Requires: pinentry-dialog
which isn't enough anymore to get a graphical passphrase dialog apparently.
What is the correctly current term to require any graphical dialog for pinentry?

Comment 23 Wolfgang Rosenauer 2009-08-13 13:46:47 UTC

*** Bug 530815 has been marked as a duplicate of this bug. ***

Comment 24 Petr Uzel 2009-08-21 11:20:17 UTC

(In reply to comment #22)
> What is the correctly current term to require any graphical dialog for
> pinentry?

I've just submitted a change that will make all graphical pinentrys provide 'pinentry-gui'.

Comment 25 Petr Uzel 2009-10-07 10:53:19 UTC

Fix submitted to Factory (see bug #544365). Just make sure that everything that needs graphical pinentry has 'Requires: pinentry-gui'.

Comment 26 Neven Friedrich 2009-10-16 11:49:02 UTC

SLE11 update rejected as no package provides pinentry-gui.

Comment 27 Petr Uzel 2009-10-19 07:53:34 UTC

> SLE11 update rejected as no package provides pinentry-gui.

Fix submitted.

Comment 28 Swamp Workflow Management 2009-10-26 22:09:29 UTC

Update released for: pinentry, pinentry-debuginfo, pinentry-debugsource, pinentry-gtk2, pinentry-qt
Products:
SLE-DEBUGINFO 11 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11 (i386, x86_64)
SLE-SERVER 11 (i386, ia64, ppc64, s390x, x86_64)

Comment 29 Swamp Workflow Management 2009-10-27 08:13:23 UTC

Update released for: pinentry, pinentry-debuginfo, pinentry-debugsource, pinentry-gtk2, pinentry-qt
Products:
openSUSE 10.3 (i386, ppc, x86_64)
openSUSE 11.0 (debug, i386, ppc, x86_64)
openSUSE 11.1 (debug, i586, ppc, x86_64)

Comment 30 Swamp Workflow Management 2014-09-09 16:07:04 UTC

openSUSE-SU-2014:1100-1: An update that fixes 475 vulnerabilities is now available.

Category: security (important)
Bug References: 104586,354469,385739,390992,417869,41903,429179,439841,441084,455804,484321,503151,518603,527418,528406,529180,542809,559819,576969,582276,586567,593807,603356,622506,637303,642502,645315,649492,657016,664211,667155,689281,701296,712224,714931,720264,726758,728520,732898,733002,737533,744275,746616,747328,749440,750044,755060,758408,765204,771583,777588,783533,786522,790140,796895,804248,808243,813026,819204,825935,833389,840485,847708,854370,861847,868603,875378,876833,881874,887746,894201,894370
CVE References: CVE-2007-3089,CVE-2007-3285,CVE-2007-3656,CVE-2007-3670,CVE-2007-3734,CVE-2007-3735,CVE-2007-3736,CVE-2007-3737,CVE-2007-3738,CVE-2008-0016,CVE-2008-1233,CVE-2008-1234,CVE-2008-1235,CVE-2008-1236,CVE-2008-1237,CVE-2008-3835,CVE-2008-4058,CVE-2008-4059,CVE-2008-4060,CVE-2008-4061,CVE-2008-4062,CVE-2008-4063,CVE-2008-4064,CVE-2008-4065,CVE-2008-4066,CVE-2008-4067,CVE-2008-4068,CVE-2008-4070,CVE-2008-5012,CVE-2008-5014,CVE-2008-5016,CVE-2008-5017,CVE-2008-5018,CVE-2008-5021,CVE-2008-5022,CVE-2008-5024,CVE-2008-5500,CVE-2008-5501,CVE-2008-5502,CVE-2008-5503,CVE-2008-5506,CVE-2008-5507,CVE-2008-5508,CVE-2008-5510,CVE-2008-5511,CVE-2008-5512,CVE-2009-0040,CVE-2009-0771,CVE-2009-0772,CVE-2009-0773,CVE-2009-0774,CVE-2009-0776,CVE-2009-1571,CVE-2009-3555,CVE-2010-0159,CVE-2010-0173,CVE-2010-0174,CVE-2010-0175,CVE-2010-0176,CVE-2010-0182,CVE-2010-0654,CVE-2010-1121,CVE-2010-1196,CVE-2010-1199,CVE-2010-1200,CVE-2010-1201,CVE-2010-1202,CVE-2010-1203,CVE-2010-1205,CVE-2010-1211,CVE-2010-1212,CVE-2010-1213,CVE-2010-1585,CVE-2010-2752,CVE-2010-2753,CVE-2010-2754,CVE-2010-2760,CVE-2010-2762,CVE-2010-2764,CVE-2010-2765,CVE-2010-2766,CVE-2010-2767,CVE-2010-2768,CVE-2010-2769,CVE-2010-3166,CVE-2010-3167,CVE-2010-3168,CVE-2010-3169,CVE-2010-3170,CVE-2010-3173,CVE-2010-3174,CVE-2010-3175,CVE-2010-3176,CVE-2010-3178,CVE-2010-3179,CVE-2010-3180,CVE-2010-3182,CVE-2010-3183,CVE-2010-3765,CVE-2010-3768,CVE-2010-3769,CVE-2010-3776,CVE-2010-3777,CVE-2010-3778,CVE-2011-0053,CVE-2011-0061,CVE-2011-0062,CVE-2011-0069,CVE-2011-0070,CVE-2011-0072,CVE-2011-0074,CVE-2011-0075,CVE-2011-0077,CVE-2011-0078,CVE-2011-0080,CVE-2011-0081,CVE-2011-0083,CVE-2011-0084,CVE-2011-0085,CVE-2011-1187,CVE-2011-2362,CVE-2011-2363,CVE-2011-2364,CVE-2011-2365,CVE-2011-2371,CVE-2011-2372,CVE-2011-2373,CVE-2011-2374,CVE-2011-2376,CVE-2011-2377,CVE-2011-2985,CVE-2011-2986,CVE-2011-2987,CVE-2011-2988,CVE-2011-2989,CVE-2011-2991,CVE-2011-2992,CVE-2011-3000,CVE-2011-3001,CVE-2011-3005,CVE-2011-3026,CVE-2011-3062,CVE-2011-3101,CVE-2011-3232,CVE-2011-3648,CVE-2011-3650,CVE-2011-3651,CVE-2011-3652,CVE-2011-3654,CVE-2011-3655,CVE-2011-3658,CVE-2011-3659,CVE-2011-3660,CVE-2011-3661,CVE-2011-3663,CVE-2012-0441,CVE-2012-0442,CVE-2012-0443,CVE-2012-0444,CVE-2012-0445,CVE-2012-0446,CVE-2012-0447,CVE-2012-0449,CVE-2012-0451,CVE-2012-0452,CVE-2012-0455,CVE-2012-0456,CVE-2012-0457,CVE-2012-0458,CVE-2012-0459,CVE-2012-0460,CVE-2012-0461,CVE-2012-0462,CVE-2012-0463,CVE-2012-0464,CVE-2012-0467,CVE-2012-0468,CVE-2012-0469,CVE-2012-0470,CVE-2012-0471,CVE-2012-0472,CVE-2012-0473,CVE-2012-0474,CVE-2012-0475,CVE-2012-0477,CVE-2012-0478,CVE-2012-0479,CVE-2012-0759,CVE-2012-1937,CVE-2012-1938,CVE-2012-1940,CVE-2012-1941,CVE-2012-1944,CVE-2012-1945,CVE-2012-1946,CVE-2012-1947,CVE-2012-1948,CVE-2012-1949,CVE-2012-1951,CVE-2012-1952,CVE-2012-1953,CVE-2012-1954,CVE-2012-1955,CVE-2012-1956,CVE-2012-1957,CVE-2012-1958,CVE-2012-1959,CVE-2012-1960,CVE-2012-1961,CVE-2012-1962,CVE-2012-1963,CVE-2012-1967,CVE-2012-1970,CVE-2012-1972,CVE-2012-1973,CVE-2012-1974,CVE-2012-1975,CVE-2012-1976,CVE-2012-3956,CVE-2012-3957,CVE-2012-3958,CVE-2012-3959,CVE-2012-3960,CVE-2012-3961,CVE-2012-3962,CVE-2012-3963,CVE-2012-3964,CVE-2012-3966,CVE-2012-3967,CVE-2012-3968,CVE-2012-3969,CVE-2012-3970,CVE-2012-3971,CVE-2012-3972,CVE-2012-3975,CVE-2012-3978,CVE-2012-3980,CVE-2012-3982,CVE-2012-3983,CVE-2012-3984,CVE-2012-3985,CVE-2012-3986,CVE-2012-3988,CVE-2012-3989,CVE-2012-3990,CVE-2012-3991,CVE-2012-3992,CVE-2012-3993,CVE-2012-3994,CVE-2012-3995,CVE-2012-4179,CVE-2012-4180,CVE-2012-4181,CVE-2012-4182,CVE-2012-4183,CVE-2012-4184,CVE-2012-4185,CVE-2012-4186,CVE-2012-4187,CVE-2012-4188,CVE-2012-4191,CVE-2012-4192,CVE-2012-4193,CVE-2012-4194,CVE-2012-4195,CVE-2012-4196,CVE-2012-4201,CVE-2012-4202,CVE-2012-4204,CVE-2012-4205,CVE-2012-4207,CVE-2012-4208,CVE-2012-4209,CVE-2012-4212,CVE-2012-4213,CVE-2012-4214,CVE-2012-4215,CVE-2012-4216,CVE-2012-4217,CVE-2012-4218,CVE-2012-5829,CVE-2012-5830,CVE-2012-5833,CVE-2012-5835,CVE-2012-5836,CVE-2012-5837,CVE-2012-5838,CVE-2012-5839,CVE-2012-5840,CVE-2012-5841,CVE-2012-5842,CVE-2012-5843,CVE-2013-0743,CVE-2013-0744,CVE-2013-0745,CVE-2013-0746,CVE-2013-0747,CVE-2013-0748,CVE-2013-0749,CVE-2013-0750,CVE-2013-0752,CVE-2013-0753,CVE-2013-0754,CVE-2013-0755,CVE-2013-0756,CVE-2013-0757,CVE-2013-0758,CVE-2013-0760,CVE-2013-0761,CVE-2013-0762,CVE-2013-0763,CVE-2013-0764,CVE-2013-0766,CVE-2013-0767,CVE-2013-0768,CVE-2013-0769,CVE-2013-0770,CVE-2013-0771,CVE-2013-0773,CVE-2013-0774,CVE-2013-0775,CVE-2013-0776,CVE-2013-0780,CVE-2013-0782,CVE-2013-0783,CVE-2013-0787,CVE-2013-0788,CVE-2013-0789,CVE-2013-0793,CVE-2013-0795,CVE-2013-0796,CVE-2013-0800,CVE-2013-0801,CVE-2013-1669,CVE-2013-1670,CVE-2013-1674,CVE-2013-1675,CVE-2013-1676,CVE-2013-1677,CVE-2013-1678,CVE-2013-1679,CVE-2013-1680,CVE-2013-1681,CVE-2013-1682,CVE-2013-1684,CVE-2013-1685,CVE-2013-1686,CVE-2013-1687,CVE-2013-1690,CVE-2013-1692,CVE-2013-1693,CVE-2013-1694,CVE-2013-1697,CVE-2013-1701,CVE-2013-1709,CVE-2013-1710,CVE-2013-1713,CVE-2013-1714,CVE-2013-1717,CVE-2013-1718,CVE-2013-1719,CVE-2013-1720,CVE-2013-1722,CVE-2013-1723,CVE-2013-1724,CVE-2013-1725,CVE-2013-1728,CVE-2013-1730,CVE-2013-1732,CVE-2013-1735,CVE-2013-1736,CVE-2013-1737,CVE-2013-1738,CVE-2013-5590,CVE-2013-5591,CVE-2013-5592,CVE-2013-5593,CVE-2013-5595,CVE-2013-5596,CVE-2013-5597,CVE-2013-5599,CVE-2013-5600,CVE-2013-5601,CVE-2013-5602,CVE-2013-5603,CVE-2013-5604,CVE-2013-5609,CVE-2013-5610,CVE-2013-5611,CVE-2013-5612,CVE-2013-5613,CVE-2013-5614,CVE-2013-5615,CVE-2013-5616,CVE-2013-5618,CVE-2013-5619,CVE-2013-6629,CVE-2013-6630,CVE-2013-6671,CVE-2013-6672,CVE-2013-6673,CVE-2014-1477,CVE-2014-1478,CVE-2014-1479,CVE-2014-1480,CVE-2014-1481,CVE-2014-1482,CVE-2014-1483,CVE-2014-1484,CVE-2014-1485,CVE-2014-1486,CVE-2014-1487,CVE-2014-1488,CVE-2014-1489,CVE-2014-1490,CVE-2014-1491,CVE-2014-1492,CVE-2014-1493,CVE-2014-1494,CVE-2014-1497,CVE-2014-1498,CVE-2014-1499,CVE-2014-1500,CVE-2014-1502,CVE-2014-1504,CVE-2014-1505,CVE-2014-1508,CVE-2014-1509,CVE-2014-1510,CVE-2014-1511,CVE-2014-1512,CVE-2014-1513,CVE-2014-1514,CVE-2014-1518,CVE-2014-1519,CVE-2014-1522,CVE-2014-1523,CVE-2014-1524,CVE-2014-1525,CVE-2014-1526,CVE-2014-1528,CVE-2014-1529,CVE-2014-1530,CVE-2014-1531,CVE-2014-1532,CVE-2014-1533,CVE-2014-1534,CVE-2014-1536,CVE-2014-1537,CVE-2014-1538,CVE-2014-1539,CVE-2014-1540,CVE-2014-1541,CVE-2014-1542,CVE-2014-1543,CVE-2014-1544,CVE-2014-1545,CVE-2014-1547,CVE-2014-1548,CVE-2014-1549,CVE-2014-1550,CVE-2014-1552,CVE-2014-1553,CVE-2014-1555,CVE-2014-1556,CVE-2014-1557,CVE-2014-1558,CVE-2014-1559,CVE-2014-1560,CVE-2014-1561,CVE-2014-1562,CVE-2014-1563,CVE-2014-1564,CVE-2014-1565,CVE-2014-1567
Sources used:
openSUSE 11.4 (src):    MozillaFirefox-24.8.0-127.1, mozilla-nss-3.16.4-94.1