[SOLVED] signature from "Levente Polyak (anthraxx) <levente@leventepol

seth · 2026-05-11 21:24:37

There should™ be no pinentry invocation at all

strace -o /tmp/wtf.strace -f demoscript.sh

and upload the strace.

~/.gnupg/gpg-agent.conf and /etc/gnupg/gpg.conf might be interesting (though only the latter would impact sudo pacman-key)
Did you do anything fancy about your gpg setup (yubikey etc et pp)?

loginctl session-status
echo $DBUS_SESSION_BUS_ADDRESS

Some ENOTTY's seem normal but

djg1971 · 2026-05-11 21:29:49

there is no gnupg directory in etc, at least not anymore. so no /etc/gnupg/gpg.conf

user account has no .gnupg and root account has a ~/.gnupg directory but no such file(s) there either.

from which shell would you want the above commands entered? (urxvt or the xterm with env variable set)

djg1971 · 2026-05-11 21:33:19

Here are the command returns:

[djg-lt ~]# loginctl session-status
4 - djg (11167)
  Since: Wed 2026-04-15 16:33:50 EDT; 3 days ago
  State: active
 Leader: 1318 (sddm-helper)
   Seat: seat0; vc2
    TTY: tty2
 Remote: no
Service: sddm
   Type: x11
  Class: user
   Idle: no
   Unit: session-4.scope
         ├─   1318 /usr/lib/sddm/sddm-helper --socket /tmp/sddm-auth-600cd4c3-5dfc-4f6a-a511-13f06db96b79 --id 1 --start /usr/bin/open>
         ├─   1360 /usr/bin/ksecretd --pam-login 13 14
         ├─   1361 /usr/bin/openbox --startup "/usr/lib/openbox/openbox-autostart OPENBOX"
         ├─   1396 kalendarac
         ├─   1397 krb5-auth-dialog
         ├─   1398 kunifiedpush-distributor
         ├─   1399 zeitgeist-datahub
         ├─   1400 /usr/lib/evolution-data-server/evolution-alarm-notify
         ├─   1402 kgpg %U
         ├─   1403 /usr/lib/geoclue-2.0/demos/agent
         ├─   1406 kclockd
         ├─   1408 /usr/bin/kdeconnectd
         ├─   1409 nm-applet
         ├─   1410 /usr/bin/python /usr/bin/blueman-applet
         ├─   1776 /usr/bin/python /usr/bin/blueman-tray
         ├─   2294 /usr/bin/urxvt -fg gray -j -ss -bg black -sb -sr -sk -si -sl 10000 -w 30
         ├─   2295 bash
         ├─   2300 /usr/lib/firefox/firefox
         ├─   2305 /usr/lib/firefox/crashhelper 2300 9 /tmp/ 11
         ├─   2381 /usr/lib/firefox/firefox -contentproc -ipcHandle 0 -signalPipe 1 -initialChannelId {a2d83ab7-528b-4a94-863e-3f89683>
         ├─   2397 "/usr/lib/firefox/firefox -contentproc -parentBuildID 20260223201419 -prefsHandle 0:46787 -prefMapHandle 1:288356 ->
         ├─   2412 "/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:46894 -prefMapHandle 1:288356 -jsInitHandle 2:2>
         ├─   2421 "/usr/lib/firefox/firefox -contentproc -parentBuildID 20260223201419 -prefsHandle 0:46894 -prefMapHandle 1:288356 ->
         ├─   2487 "/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:56725 -prefMapHandle 1:288356 -jsInitHandle 2:2>
         ├─   2544 "/usr/lib/firefox/firefox -contentproc -parentBuildID 20260223201419 -sandboxingKind 0 -prefsHandle 0:56815 -prefMa>
         ├─   2553 "/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:47156 -prefMapHandle 1:288356 -jsInitHandle 2:2>
         ├─   2560 "/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:47208 -prefMapHandle 1:288356 -jsInitHandle 2:2>
         ├─   2709 "/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:47208 -prefMapHandle 1:288356 -jsInitHandle 2:2>
         ├─  17054 "/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:47448 -prefMapHandle 1:288356 -jsInitHandle 2:2>
         ├─  17732 "/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:47448 -prefMapHandle 1:288356 -jsInitHandle 2:2>
         ├─  17897 "/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:47448 -prefMapHandle 1:288356 -jsInitHandle 2:2>
         ├─  17904 "/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:47448 -prefMapHandle 1:288356 -jsInitHandle 2:2>
         ├─  18068 "/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:47448 -prefMapHandle 1:288356 -jsInitHandle 2:2>
         ├─  18206 "/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:47448 -prefMapHandle 1:288356 -jsInitHandle 2:2>
         ├─  22088 "/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:47448 -prefMapHandle 1:288356 -jsInitHandle 2:2>
         ├─  24623 "/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:47448 -prefMapHandle 1:288356 -jsInitHandle 2:2>
         ├─  58115 "/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:47448 -prefMapHandle 1:288356 -jsInitHandle 2:2>
         ├─  58205 "/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:47448 -prefMapHandle 1:288356 -jsInitHandle 2:2>
         ├─  58252 "/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:47448 -prefMapHandle 1:288356 -jsInitHandle 2:2>
         ├─  58468 "/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:47448 -prefMapHandle 1:288356 -jsInitHandle 2:2>
         ├─  74827 "/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:47449 -prefMapHandle 1:288356 -jsInitHandle 2:2>
         ├─ 888929 /home/djg/.MathWorks/ServiceHost/djg-lt/v2026.5.0.3/bin/glnxa64/MathWorksServiceHost service --realm-id companion@p>
         ├─ 889150 /home/djg/.MathWorks/ServiceHost/-mw_shared_installs/v2026.5.0.3/bin/glnxa64/MathWorksServiceHost-Monitor --client->
         ├─1242344 gpg-agent --homedir /etc/pacman.d/gnupg --use-standard-socket --daemon
         ├─1282334 "/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:48307 -prefMapHandle 1:288356 -jsInitHandle 2:2>
         ├─1297892 "/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:48307 -prefMapHandle 1:288356 -jsInitHandle 2:2>
         ├─1304929 /usr/bin/urxvt -fg gray -j -ss -bg black -sb -sr -sk -si -sl 10000 -w 30
         ├─1304930 bash
         ├─1306434 kicad
         ├─1318788 su
         ├─1318874 bash
         ├─1358144 gpg-agent --homedir /tmp/gnupg --use-standard-socket --daemon
         ├─1359664 /usr/bin/xterm -fg gray -bg black -j -sb -rightbar -sl 10000 -cn -sk -w 30
         ├─1359666 bash
         ├─1360049 su -
         ├─1360054 -bash
         ├─1363876 "/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:48307 -prefMapHandle 1:288356 -jsInitHandle 2:2>
         ├─1364329 "/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:48307 -prefMapHandle 1:288356 -jsInitHandle 2:2>
         ├─1364528 "/usr/lib/firefox/firefox -contentproc -isForBrowser -prefsHandle 0:48307 -prefMapHandle 1:288356 -jsInitHandle 2:2>
         ├─1364676 loginctl session-status
         └─1364677 less

May 11 13:45:35 djg-lt su[1318788]: (to root) djg on pts/0
May 11 13:45:35 djg-lt su[1318788]: pam_unix(su:session): session opened for user root(uid=0) by djg(uid=11167)
May 11 13:56:57 djg-lt kscreenlocker_greet[1321333]: Couldn't start kglobalaccel from org.kde.kglobalaccel.service: QDBusError("org.fr>
May 11 13:56:57 djg-lt kscreenlocker_greet[1321333]: Member contentWidth of the object PopupList_QMLTYPE_124 overrides a member of the>
May 11 15:03:24 djg-lt kscreenlocker_greet[1334807]: Couldn't start kglobalaccel from org.kde.kglobalaccel.service: QDBusError("org.fr>
May 11 15:03:25 djg-lt kscreenlocker_greet[1334807]: Member contentWidth of the object PopupList_QMLTYPE_125 overrides a member of the>
May 11 15:14:36 djg-lt kscreenlocker_greet[1337031]: Couldn't start kglobalaccel from org.kde.kglobalaccel.service: QDBusError("org.fr>
May 11 15:14:37 djg-lt kscreenlocker_greet[1337031]: Member contentWidth of the object PopupList_QMLTYPE_135 overrides a member of the>
May 11 17:06:51 djg-lt su[1360049]: (to root) djg on pts/1
May 11 17:06:51 djg-lt su[1360049]: pam_unix(su-l:session): session opened for user root(uid=0) by djg(uid=11167)
[djg-lt ~]# echo $DBUS_SESSION_BUS_ADDRESS

[djg-lt ~]#

djg1971 · 2026-05-11 21:38:36

Here is the screen return from running the script again in the xterm shell with the env variabel set:

[djg-lt ~]# strace -o /tmp/wtf.strace -f ./demoscript.sh 
gpg: enabled compatibility flags:
gpg: keybox '/tmp/gnupg/pubring.kbx' created
gpg: Generating useless key...
gpg: no running gpg-agent - starting '/usr/bin/gpg-agent'
gpg: waiting for the agent to come up ... (8s)
gpg: connection to the agent established
gpg: writing self signature
gpg: RSA/SHA512 signature from: "CD002B52463E0D68 [?]"
gpg: writing public key to '/tmp/gnupg/pubring.kbx'
gpg: /tmp/gnupg/trustdb.gpg: trustdb created
gpg: using pgp trust model
gpg: directory '/tmp/gnupg/openpgp-revocs.d' created
gpg: writing to '/tmp/gnupg/openpgp-revocs.d/7D979E0D2C78E75BF314B880CD002B52463E0D68.rev'
gpg: RSA/SHA512 signature from: "CD002B52463E0D68 foo <bar>"
gpg: revocation certificate stored as '/tmp/gnupg/openpgp-revocs.d/7D979E0D2C78E75BF314B880CD002B52463E0D68.rev'
gpg: Done

seth · 2026-05-11 21:41:33

from which shell would you want the above commands entered? (urxvt or the xterm with env variable set)

Irrelevant.

# echo $DBUS_SESSION_BUS_ADDRESS

Sorry, not in a root shell.
But w/ sddm that's hardly the problem.

The interesting output is in /tmp/wtf.strace but atm I suspect kgpg to be the problem.
What if you log out of KDE and into a console session (ctrl+alt+f3)
Can you run the demo script there?

djg1971 · 2026-05-11 21:45:02

Note I just uploaded the latest strace file you requested. I got interrupted for a minute.

from user account in urxvt shell, the DBUS env variable returned is:

unix:path=/run/user/11167/bus

djg1971 · 2026-05-11 21:49:59

I am very hesitant to do the last thing you mentioned... I am not using kde... for many years I ran openbox with gdm... when things went sideways a couple months ago and the machine bricked, it was not too hard to use chroot and various other tricks to get it to do a complete pacman -Syu, however, it still would stubbornly refuse to boot all the way up. In the end, I only solved that by installing kde and using sddm. Now I run openbox under sddm and only use the kde screensaver as the screensaver (before recent upgrades at least, xscreensaver would hang things and I had to either ssh in or reboot).

djg1971 · 2026-05-11 21:51:38

And no, no yubikey, etc.

seth · 2026-05-11 21:53:01

There's a lot of KDE stuff running there, however the plan is to just log out of KDE, head over to a different TTY and log in on the console and create a dummy key in /tmp
If that breaks anything, the gods hate you *so* much that nobody can ever help you

seth · 2026-05-11 21:56:55

Hold on, leaving aside that you didn't upload the strace, the key generation in #29 was actually successful???
Did you get the pinentry again and this time enter a(n empty) password?

djg1971 · 2026-05-11 22:04:19

No, it didn't pop up the pinentry box and I did not have to interact at all.

Hence my "magic shell" statement...

Do you still want me to try running the script from a tty? If so, straight away or via the command to generate another strace?

djg1971 · 2026-05-11 22:05:25

But I did upload the second strace, and obtained similar response to the shell. Did you need the output to read it on your end?

djg1971 · 2026-05-11 22:06:17

{"link":"LashesGlucose","url":"https://paste.c-net.org/LashesGlucose","delete_key":"elf5IXC4UQupzozT"}

djg1971 · 2026-05-11 22:17:49

Unfortunately I have to sign off until tomorrow. Thanks very much for your help thus far.

seth · 2026-05-11 22:54:14

Do you still want me to try running the script from a tty? If so, straight away

Yes and yes.
Something triggers a (mandatory) pinentry that you only get to see when specifying the GPG_TTY - but that should™ not be the case.
So checking whether this holds in a more simple environment might provide a clue for the identity of "something".

This btw. runs at your pace and I'll just hit the sarcophagus whenever I feel like and w/o further notice

Lone_Wolf · 2026-05-12 09:50:54

Moderator Note
djg1971 , your bumping makes this thread hard to follow .
please edit your post if no one has responded and don't make a new one.

Consider this a friendly warning.

EDITED after private email convo with djg1971 .

Last edited by Lone_Wolf (2026-05-14 10:57:32)

djg1971 · 2026-05-12 14:06:41

Seth: Thanks for your help. I tried the script again this morning with zero changes to anything, as far as I know, and this time it hangs at (or after) creating a pubring.kbx file. Here is the strace info:

{"link":"TotingObsessed","url":"https://paste.c-net.org/TotingObsessed","delete_key":"NBToToiIOYVy91Ns"}

I will try from the tty now.

djg1971 · 2026-05-12 14:49:02

I'm not sure what happened but I cannot get to a TTY from the login screen.

That said, I considered your statement about kgpg. I didn't recall setting it up when it first tried to launch itself after I unbricked my gdm+openbox system; instead I think I canceled it immediately because I assumed it would be a bad idea...Crossing my fingers, I rebooted...the system came back up, and while I cannot get to a TTY currently, when openbox started, kgpg once again launched...this time I did not click cancel, but instead let it continue for a few steps and then ended the process. After this, I could not do pacman -S archlinux-keyring because the signature check was (still) failing, but I could do pacman-key --init and pacman-key --populate, which I could not do before. I then tried another pacman -Syu, which completed without incident. And there are now new files in /etc/pacman.d/gnupg/ which (at first glance) appear normal.

I think this may be fixed now?(!) If so, it would seem it was due to having kgpg on the system but never allowing it to run at all. I suppose I will know for sure next time archlinux-keyring gets updated.

Will mark as solved for now. Thanks to those who helped.

Lone_Wolf · 2026-05-13 11:14:17

Moderator Note

<EDIT>
for clarity : the text below is meant for all forum users.
<end-of-EDIT>

It seems I forgot to clarify what bumping means.
https://wiki.archlinux.org/title/Genera … es#Bumping has general info, but I've used the term here somewhat differently .

Look at post 36, 37 and 38 . They were made by 1 person within 2 minutes, between post 38 and 39 there were 12 minutes which is still a very short period.
This thread has multiple oocurrences of this.

If no one has answered/responded to a post, users are expected to edit the existing post instead of creating a new one.
If a reasonable time has passed (like 1/2 a day) creating a new post can be acceptable.
Anything shorter though is questionable and may be considered bumping .

Lone_Wolf

Last edited by Lone_Wolf (2026-05-14 10:59:49)

Arch Linux

#26 2026-05-11 21:24:37

Re: [SOLVED] signature from "Levente Polyak (anthraxx) <levente@leventepol

#27 2026-05-11 21:29:49

Re: [SOLVED] signature from "Levente Polyak (anthraxx) <levente@leventepol

#28 2026-05-11 21:33:19

Re: [SOLVED] signature from "Levente Polyak (anthraxx) <levente@leventepol

#29 2026-05-11 21:38:36

Re: [SOLVED] signature from "Levente Polyak (anthraxx) <levente@leventepol

#30 2026-05-11 21:41:33

Re: [SOLVED] signature from "Levente Polyak (anthraxx) <levente@leventepol

#31 2026-05-11 21:45:02

Re: [SOLVED] signature from "Levente Polyak (anthraxx) <levente@leventepol

#32 2026-05-11 21:49:59

Re: [SOLVED] signature from "Levente Polyak (anthraxx) <levente@leventepol

#33 2026-05-11 21:51:38

Re: [SOLVED] signature from "Levente Polyak (anthraxx) <levente@leventepol

#34 2026-05-11 21:53:01

Re: [SOLVED] signature from "Levente Polyak (anthraxx) <levente@leventepol

#35 2026-05-11 21:56:55

Re: [SOLVED] signature from "Levente Polyak (anthraxx) <levente@leventepol

#36 2026-05-11 22:04:19

Re: [SOLVED] signature from "Levente Polyak (anthraxx) <levente@leventepol

#37 2026-05-11 22:05:25

Re: [SOLVED] signature from "Levente Polyak (anthraxx) <levente@leventepol

#38 2026-05-11 22:06:17

Re: [SOLVED] signature from "Levente Polyak (anthraxx) <levente@leventepol

#39 2026-05-11 22:17:49

Re: [SOLVED] signature from "Levente Polyak (anthraxx) <levente@leventepol

#40 2026-05-11 22:54:14

Re: [SOLVED] signature from "Levente Polyak (anthraxx) <levente@leventepol

#41 2026-05-12 09:50:54

Re: [SOLVED] signature from "Levente Polyak (anthraxx) <levente@leventepol

#42 2026-05-12 14:06:41

Re: [SOLVED] signature from "Levente Polyak (anthraxx) <levente@leventepol

#43 2026-05-12 14:49:02

Re: [SOLVED] signature from "Levente Polyak (anthraxx) <levente@leventepol

#44 2026-05-13 11:14:17

Re: [SOLVED] signature from "Levente Polyak (anthraxx) <levente@leventepol

Board footer