Let me start by admitting it:I did not treat my Gentoo box well. That is I did not update in months. I finally found the time to take on that dauntig task.
Besides the massive backlog of updates that I accumulated, I was also running a LibreSSL based system that I decided to switch over to OpenSLL in the light of recent events.
Portage did not figure out everything on its own as advertized in the news item, I assume mainly because there where a couple of blockers and I did not care updating first and switching from a clean state.
However, I got rid of LibreSSL, dropped in OpenSSL instead, rebuild wget, iputils, python and then resolved blocks until @preserved-rebuild finished. From there I escalated to --newuse --deep @world, again resolving a block or two along the way. Finally, I ran --update --deep @world followed by another @preserved-rebuild and the obligatory --depclean.
After a reboot, everything seemed fine, until I tried to make a git commit and it failed because GPG couldn't sign the data.
I quickly realized that git was not to blame: A simple
Code: Select all
gpg --clearsign <<< testIt did work before and I did no change any settings. If I unset GPG_TTY I get the expected 'Inappropriate ioctl for device' error.
With GPG_TTY properly set however, I do get prompted for the passphrase for the (correct) secret key via pinentry. If I (deliberately) enter a wrong passphrase, I get the expected 'Bad Passphrase' error and two more tries. If I wait too long, pinentry closes and gpg fails with the expected 'Timeout' error. If, however, I enter the correct passphrase, gpg fails with an 'End of file' error.
Along the update process described above, I updated app-crypt/gnupg from 2.2.20-r1 to 2.2.25, app-crypt/pinentry remained at 1.1.0-r3 but was re-build.
At first I suspected some breakage related to the SSL provider switch, so I went through an emerge --oneshot --emptytree app-crypt/gnupg which did not help.
That included dbus and elogind which might be of interest since I don't run systemd and the only hint I could find regarding gpg failing with end of fle was this side note in the infamous Arch Wiki.
I did check loginctl list-sessions and I have a valid session there. Also I assume I had bigger issues than gpg complaining if my update screwed with my login session setup.
The point is that I have no clue how to go about that. I'd love to downgrade app-crypt/gnupg to see if the old version build against OpenSSL works but there are no ebuilds for =app-crypt/gnupg-2.2.20-r1 in the tree anymore.
Besides that, gpg appears to be working: I can list my keys etc just fine.
But I can't use them anymore and I kinda need to be able to sign things to use this system.
So If anyone has some idea how to further troubleshoot this situation, I'd be very happy to hear it.
Thank you in advance for you help and have a great day!
