Gpg stuck after any command!

After any command to list or edit keys, the command is stuck (I waited for over a minute for anything to be printed). The $HOME/.gnupg folder is populated and a few days ago I successfully imported two keys! Could you tell me what I have to do to troubleshoot this? I am quite worried.

System info

$ neofetch
             .',;::::;,'.                tommi@tfw 
         .';:cccccccccccc:;,.            --------- 
      .;cccccccccccccccccccccc;.         OS: Fedora Linux 39 (Workstation Edition) x86_64 
    .:cccccccccccccccccccccccccc:.       Host: Laptop 13 (AMD Ryzen 7040Series) A7 
  .;ccccccccccccc;.:dddl:.;ccccccc;.     Kernel: 6.5.12-300.fc39.x86_64 
 .:ccccccccccccc;OWMKOOXMWd;ccccccc:.    Uptime: 8 hours, 17 mins 
.:ccccccccccccc;KMMc;cc;xMMc:ccccccc:.   Packages: 1924 (rpm), 46 (flatpak) 
,cccccccccccccc;MMM.;cc;;WW::cccccccc,   Shell: zsh 5.9 
:cccccccccccccc;MMM.;cccccccccccccccc:   Resolution: 2256x1504 
:ccccccc;oxOOOo;MMM0OOk.;cccccccccccc:   DE: GNOME 45.1 
cccccc:0MMKxdd:;MMMkddc.;cccccccccccc;   WM: Mutter 
ccccc:XM0';cccc;MMM.;cccccccccccccccc'   WM Theme: Adwaita 
ccccc;MMo;ccccc;MMW.;ccccccccccccccc;    Theme: Adwaita [GTK2/3] 
ccccc;0MNc.ccc.xMMd:ccccccccccccccc;     Icons: Adwaita [GTK2/3] 
cccccc;dNMWXXXWM0::cccccccccccccc:,      Terminal: kgx 
cccccccc;.:odl:.;cccccccccccccc:,.       CPU: AMD Ryzen 7 7840U w/ Radeon 780M Graphics (16) @ 5.132G 
:cccccccccccccccccccccccccccc:'.         GPU: AMD ATI c1:00.0 Phoenix1 
.:cccccccccccccccccccccc:;,..            Memory: 12836MiB / 31261MiB 
  '::cccccccccccccc::;,
$ gpg --help
gpg (GnuPG) 2.4.3
libgcrypt 1.10.2-unknown
Copyright (C) 2023 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/tommi/.gnupg

Errors

$ gpg --list-secret-keys --verbose                       
gpg: enabled compatibility flags:
gpg: using pgp trust model
^C
$ gpg --list-keys --verbose                       
gpg: enabled compatibility flags:
gpg: using pgp trust model
^C
gpg --verbose --edit-key C25EBAA6557EEE9F72A574B9B045212E435C7A80 
gpg (GnuPG) 2.4.3; Copyright (C) 2023 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: enabled compatibility flags:
^C
gpg: signal Interrupt caught ... exiting

Hi @tommi and welcome to the forum!

Does it help if you use gpgconf to reload or kill and launch the gpg-agent?

Adding --verbose or even --debug-level basic to the command might also help to explain where it is stuck. Might be related to the new keyboxd if you started with a fresh gnupg home directory. In that case you could comment out use-keyboxd in ~/.gnupg/common.conf but then you will start with an empty public keyring.

Hi @cklassen and @aheinecke! Thanks a lot for your replies!

Unfortunately, after running gpgconf -K gpg-agent or gpgconf -R gpg-agent nothing changes… after rebooting, I see waiting for lock (held by 20) ...

$ gpg --list-keys 
gpg: waiting for lock (held by 20) ...
gpg: waiting for lock (held by 20) ...
gpg: waiting for lock (held by 20) ...
^C
gpg: signal Interrupt caught ... exiting

After doing what you suggested, I get:

$ gpg --list-keys --verbose
gpg: enabled compatibility flags:
gpg: keybox '/home/tommi/.gnupg/pubring.kbx' created
gpg: using pgp trust model

Btw I have keys already saved in the directory!

Ping… Does anyone have any suggestions?

I also tried reinstalling: sudo dnf reinstall gpg. Nothing changes.

I ran into this problem, and landed here looking for a solution.
Reading through that even a reinstall did not change the behavior I surmised there must be some kind of lock file, persisting the lock state in the filesystem.
For me the fix was to rm ~/.gnupg/{S.keyboxd,public-keys.d/pubring.db.lock}

in alpine I did not have to restart gpg-agent again after this, but it may be helpful to do so after removing the lockfiles: gpgconf -R gpg-agent

3 Likes

Hi deftclaw, thank you for joining in!

I do not know why nobody answered again to Tommi last year but, extrapolating from myself, probably to much else to do and no definitive answer…

For Tommi I would guess the cause of the not accessible lock files was that Fedora AFAIK uses systemd to start the gpg-agent, which can lead to issues with inaccessible lock files or sockets. Deleting those - like you did - would solve the problem for the moment but it may recur. Although likely not often, otherwise more people would complain :wink:
Needless to say, using systemd is not the way recommended by the gpg developers to start gpg-agent. Unfortunately several Linux distributions do it.

AFAIK Alpine is an exception though. How does Alpine start gpg-agent? Maybe a logind?
It seems anyway you did not start it by using gpg, as then the socket would have been in /run/user/UID not in your GPGHOME.

thank you! This did it for me :slight_smile:

Thanks @deftclaw it worked also! :+1:

@deftclaw Your answer needs more love!