You are not logged in.
I've just installed tomb and I'm just trying to establish a test 'tomb'. I can do it successfully if I include the passphrase on the command line (--unsafe --tomb-pwd) but relying on tomb to call pinentry keeps failing like this:
tomb [D] using pinentry-gtk2
No protocol specified
tomb [W] Pinentry error: Permission
tomb [E] User aborted.
I've taken a copy of the tomb script and traced it down but the error appears at inexplicable places. I forced it to use pinentry-curses and pinentry-tty as well but I still got similar errors. pinentry still works fine when I call it directly, including pinentry-gtk-2, pinentry-curses and pinentry-tty. I've tried as root as well as using sudo. I've removed the need for a sudo password on the tomb command for my user. Still happens.
Strangely, I also see the error message "No protocol specified" when I run tomb -v. This line is emitted in between some hard coded output from tomb -v and a call to sudo -V (line 3106).
This looks like a pinentry problem because I believe pinentry is returning with an ERR line, possibly in addition to the actual passphrase, but it doesn't happen outside of tomb. tomb -v also emits the "No protocol specified" but it appears 3 lines of output before pinentry --version is called!
pinentry --version does emit "No protocol specified" itself.
Has anyone come across this before, or can give me any hints about what to do next?
Linux carbon 4.15.9-1-ARCH #1 SMP PREEMPT Sun Mar 11 17:54:33 UTC 2018 x86_64 GNU/Linux
$ pacman -Qs tomb
local/tomb 2.5-1
local/tomb-kdf 2.5-1
# pacman -Qs gnupg
local/gnupg 2.2.5-1
local/gpgme 1.10.0-2
local/libassuan 2.5.1-1
local/libgcrypt 1.8.2-1
$ sudo tomb -v
Tomb 2.5 - a strong and gentle undertaker for your secrets
. . .
System utils:
No protocol specified
Sudo version 1.8.22
cryptsetup 2.0.2
pinentry-gtk2 (pinentry) 1.1.0
Copyright (C) 2016 g10 Code GmbH
License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
findmnt from util-linux 2.31.1
gpg (GnuPG) 2.2.5 - key forging algorithms (GnuPG symmetric ciphers):
/bin/gpg
IDEA 3DES CAST5 BLOWFISH AES AES192 AES256 TWOFISH CAMELLIA128 CAMELLIA192 CAMELLIA256
Optional utils:
/bin/gettext
dcfldd not found
/bin/shred
steghide not found
/bin/resize2fs
/bin/tomb-kdb-pbkdf2
qrencode not found
swish-e not found
unoconv not found
lsof not found
$ sudo tomb forge -D -k test.tomb.key
tomb [D] Identified caller: anil (1000:1000)
tomb [D] Updating HOME to match user's: /home/anil (was /root)
tomb [D] Tomb command: forge
tomb [D] Caller: uid[1000], gid[1000], tty[/dev/pts/0].
tomb [D] Temporary directory: /tmp/zsh
tomb . Commanded to forge key test.tomb.key with cipher algorithm AES256
tomb . Using KDF to protect the key password ( rounds)
tomb [W] This operation takes time. Keep using this computer on other tasks.
tomb [W] Once done you will be asked to choose a password for your tomb.
tomb [W] To make it faster you can move the mouse around.
tomb [W] If you are on a server, you can use an Entropy Generation Daemon.
tomb [D] Data dump using dd from /dev/random
512+0 records in
512+0 records out
512 bytes copied, 85.3346 s, 0.0 kB/s
tomb (*) Choose the password of your key: test.tomb.key
tomb . (You can also change it later using 'tomb passwd'.)
tomb [D] asking password with tty=/dev/pts/0 lc-ctype=en_AU.UTF-8
tomb [D] using pinentry-gtk2
No protocol specified
tomb [W] Pinentry error: Permission
tomb [E] User aborted.
# pinentry --version
No protocol specified
pinentry-gtk2 (pinentry) 1.1.0
Copyright (C) 2016 g10 Code GmbH
License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
$ pinentry-gtk-2
OK Pleased to meet you
GETPIN
D hello
OK
BYE
OK closing connection
systematic automatic realistic
Offline
I had the same problem and solved it using xhost:
xhost +si:localuser:root
Running this (as the unprivileged user, not as root) allows access to the current X session for the root user on the local machine. If this command works you can run it on login (in ~/.xsession or something similar). Note that a plain "xhost +" is a very bad idea, since it leaves the X session wide open.
Apparently this problem can also be solved in a better way using xauth, but I couldn't get that working on my machine.
Btw, looks like there are some good docs here.
Last edited by drgibbon (2018-08-06 02:36:38)
Offline
Why are some of your packages so out-of-date? Please paste your full pacman.log
Offline
Why are some of your packages so out-of-date? Please paste your full pacman.log
Notice that this was a slight necrobump, and the original post is months old so that's probably why the packages are so old.
Offline
Thanks Dr Gibbon, I appreciate the tip. I'll get back to this and maybe get tomb working :-)
systematic automatic realistic
Offline