You are not logged in.

#1 2018-03-18 15:40:40

anilg
Member
From: Sydney Australia
Registered: 2018-03-18
Posts: 4

tomb pinentry fails "No protocol specified" "error: Permission"

I've just installed tomb and I'm just trying to establish a test 'tomb'. I can do it successfully if I include the passphrase on the command line (--unsafe --tomb-pwd) but relying on tomb to call pinentry keeps failing like this:

tomb [D] using pinentry-gtk2
No protocol specified
tomb [W] Pinentry error: Permission
tomb [E] User aborted.

I've taken a copy of the tomb script and traced it down but the error appears at inexplicable places. I forced it to use pinentry-curses and pinentry-tty as well but I still got similar errors. pinentry still works fine when I call it directly, including pinentry-gtk-2, pinentry-curses and pinentry-tty. I've tried as root as well as using sudo. I've removed the need for a sudo password on the tomb command for my user. Still happens.

Strangely, I also see the error message "No protocol specified" when I run tomb -v. This line is emitted in between some hard coded output from tomb -v and a call to sudo -V (line 3106).

This looks like a pinentry problem because I believe pinentry is returning with an ERR line, possibly in addition to the actual passphrase, but it doesn't happen outside of tomb. tomb -v also emits the "No protocol specified" but it appears 3 lines of output before pinentry --version is called!

pinentry --version does emit "No protocol specified" itself.

Has anyone come across this before, or can give me any hints about what to do next?

Linux carbon 4.15.9-1-ARCH #1 SMP PREEMPT Sun Mar 11 17:54:33 UTC 2018 x86_64 GNU/Linux

$ pacman -Qs tomb
local/tomb 2.5-1
local/tomb-kdf 2.5-1
# pacman -Qs gnupg
local/gnupg 2.2.5-1
local/gpgme 1.10.0-2
local/libassuan 2.5.1-1
local/libgcrypt 1.8.2-1
$ sudo tomb -v
  Tomb 2.5 - a strong and gentle undertaker for your secrets
  . . .
  System utils:
  
No protocol specified
  Sudo version 1.8.22
  cryptsetup 2.0.2
  pinentry-gtk2 (pinentry) 1.1.0
Copyright (C) 2016 g10 Code GmbH
License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
  findmnt from util-linux 2.31.1
  gpg (GnuPG) 2.2.5 - key forging algorithms (GnuPG symmetric ciphers):
  /bin/gpg
 IDEA 3DES CAST5 BLOWFISH AES AES192 AES256 TWOFISH CAMELLIA128 CAMELLIA192 CAMELLIA256
  
  Optional utils:
  
  /bin/gettext
  dcfldd not found
  /bin/shred
  steghide not found
  /bin/resize2fs
  /bin/tomb-kdb-pbkdf2
  qrencode not found
  swish-e not found
  unoconv not found
  lsof not found
$ sudo tomb forge -D -k test.tomb.key
tomb [D] Identified caller: anil (1000:1000)
tomb [D] Updating HOME to match user's: /home/anil (was /root)
tomb [D] Tomb command: forge
tomb [D] Caller: uid[1000], gid[1000], tty[/dev/pts/0].
tomb [D] Temporary directory: /tmp/zsh
tomb  .  Commanded to forge key test.tomb.key with cipher algorithm AES256
tomb  .  Using KDF to protect the key password ( rounds)
tomb [W] This operation takes time. Keep using this computer on other tasks.
tomb [W] Once done you will be asked to choose a password for your tomb.
tomb [W] To make it faster you can move the mouse around.
tomb [W] If you are on a server, you can use an Entropy Generation Daemon.
tomb [D] Data dump using dd from /dev/random
512+0 records in
512+0 records out
512 bytes copied, 85.3346 s, 0.0 kB/s
tomb (*) Choose the password of your key: test.tomb.key
tomb  .  (You can also change it later using 'tomb passwd'.)
tomb [D] asking password with tty=/dev/pts/0 lc-ctype=en_AU.UTF-8
tomb [D] using pinentry-gtk2
No protocol specified
tomb [W] Pinentry error: Permission
tomb [E] User aborted.
# pinentry --version
No protocol specified
pinentry-gtk2 (pinentry) 1.1.0
Copyright (C) 2016 g10 Code GmbH
License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
$ pinentry-gtk-2
OK Pleased to meet you
GETPIN
D hello
OK
BYE
OK closing connection

systematic automatic realistic

Offline

#2 2018-08-06 02:32:52

drgibbon
Member
Registered: 2018-08-06
Posts: 1

Re: tomb pinentry fails "No protocol specified" "error: Permission"

I had the same problem and solved it using xhost:

xhost +si:localuser:root

Running this (as the unprivileged user, not as root) allows access to the current X session for the root user on the local machine. If this command works you can run it on login (in ~/.xsession or something similar). Note that a plain "xhost +" is a very bad idea, since it leaves the X session wide open.

Apparently this problem can also be solved in a better way using xauth, but I couldn't get that working on my machine.

Btw, looks like there are some good docs here.

Last edited by drgibbon (2018-08-06 02:36:38)

Offline

#3 2018-08-06 03:15:48

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: tomb pinentry fails "No protocol specified" "error: Permission"

Why are some of your packages so out-of-date? Please paste your full pacman.log


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#4 2018-08-06 03:19:08

circleface
Member
Registered: 2012-05-26
Posts: 639

Re: tomb pinentry fails "No protocol specified" "error: Permission"

jasonwryan wrote:

Why are some of your packages so out-of-date? Please paste your full pacman.log


Notice that this was a slight necrobump, and the original post is months old so that's probably why the packages are so old.

Offline

#5 2018-08-06 11:06:53

anilg
Member
From: Sydney Australia
Registered: 2018-03-18
Posts: 4

Re: tomb pinentry fails "No protocol specified" "error: Permission"

Thanks Dr Gibbon, I appreciate the tip. I'll get back to this and maybe get tomb working :-)


systematic automatic realistic

Offline

Board footer

Powered by FluxBB