gpg-agent stops working after OSX Upgrade to Yosemite
Reported by Support | October 21st, 2014 @ 03:52 PM | in 2.0.26b5 (closed)
Assigned to Problems #28634. As reported in Tender:
Situation: I'm using the gpg-tools on OSX for yubikey-ssh-authentification. After Upgrade to OSX 10.10 Yosemite, gpg-agent seems to stop working after some time.
Setup:
Installed latest gpg-tools from this website.
Added "enable-ssh-support" to .gnupg/gpg-agent.conf and restarted mac
export SSH_AUTH_SOCK=~/.gnupg/S.gpg-agent.ssh
Connect to an ssh-server.Problem:
After some time (~1-2 Hours maybe, not sure), the agent isn't working anymore. It's still listed as active in the processlist, but everything related to my yubikey fails (no error, just nothing happens, no segfaults).
Connecting to a ssh-server results in nothing, as well as gpg --card-statusTemporary Fix:
On shell: Kill gpg-agent with signal 9 and execute gpg --card-status, to launch the gpg-agent again. This works for another 1-2 hours.
Runa reported this also on Twitter: https://twitter.com/runasand/status/525339105232564224
Comments and changes to this ticket
-
Mento October 23rd, 2014 @ 06:58 PM
- State changed from “new” to “started”
Status update:
Das Problem ist nicht gpg-agent sondern scdaemon.
-
Luke Le October 23rd, 2014 @ 06:59 PM
Verhältnismäßig gute infos. Insofern nicht unbedingt ein blocker.
-
-
-
Jan Schermer January 8th, 2015 @ 09:59 AM
This problem is much worse if one uses the card for both ssh and mail signing - in my case all it needs is one signed mail and scdaemon(?) gets stuck and needs killing (+ card replug).
-
Luke Le January 8th, 2015 @ 10:11 AM
Hi Jan,
if this is reproducible on your system, would you mind having a look into Console.app the next time it happens and tell me if you can see any message regarding the status of the smart card?
-
Luke Le January 8th, 2015 @ 10:17 AM
- Assigned user changed from “Mento” to “Luke Le”
-
Jan Schermer January 14th, 2015 @ 12:39 PM
Looks like I probably "fixed" it - I disabled the OpenSC.tokend and now I can't replicate it anymore.
That doesn't mean the issue is fixed - I still have to occassionaly kill scdaemon, but at least it doesn't hang forever anymore
(ssh-add -L reports no keys in that case, replugging card doesn't help).I crawled through the logs and found nothing relevant (now), I re-enabled gpg-agent debug but the last time it only said "card detected ... card error"
How can I enable debug for scdaemon? Is it looking for some config file by default? -
Luke Le January 14th, 2015 @ 12:41 PM
Hi Jan,
would you mind joining us in our live chat at http://www.hipchat.com/gi8zHW4K3
I'd like to ask you some questions about this issue. -
Jan Schermer January 14th, 2015 @ 12:41 PM
I suspect the problem could in fact be in OpenSC - their tokend doesn't work right (or rather, there are lots of bugs in 10.10 regarding smartcards) but to be honest I don't know exactly how it interacts with the card. I don't think OpenSC handles openpgp applet (by default) and I don't use PIV (because it was a lot more buggy than gpg).
-
Support January 25th, 2015 @ 09:11 PM
- State changed from “started” to “fixed”
- Assigned user changed from “Luke Le” to “Mento”
(from [f4c3e1bbf1c96cf03ad33a364ec10365f68bf63f]) pcsc-wrapper hang on Yosemite.
[#140 state:fixed assigned:mento] https://github.com/GPGTools/MacGPG2/commit/f4c3e1bbf1c96cf03ad33a36...
-
steve January 28th, 2015 @ 02:14 PM
- State changed from “fixed” to “verified”
- Tag cleared.
-
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Alex (via GPGTools)
Ben Hughes
Luke Le
Mento
steve
Support