Gpg stuck after any command!

tommi · November 25, 2023, 8:22am

After any command to list or edit keys, the command is stuck (I waited for over a minute for anything to be printed). The $HOME/.gnupg folder is populated and a few days ago I successfully imported two keys! Could you tell me what I have to do to troubleshoot this? I am quite worried.

System info

$ neofetch
             .',;::::;,'.                tommi@tfw 
         .';:cccccccccccc:;,.            --------- 
      .;cccccccccccccccccccccc;.         OS: Fedora Linux 39 (Workstation Edition) x86_64 
    .:cccccccccccccccccccccccccc:.       Host: Laptop 13 (AMD Ryzen 7040Series) A7 
  .;ccccccccccccc;.:dddl:.;ccccccc;.     Kernel: 6.5.12-300.fc39.x86_64 
 .:ccccccccccccc;OWMKOOXMWd;ccccccc:.    Uptime: 8 hours, 17 mins 
.:ccccccccccccc;KMMc;cc;xMMc:ccccccc:.   Packages: 1924 (rpm), 46 (flatpak) 
,cccccccccccccc;MMM.;cc;;WW::cccccccc,   Shell: zsh 5.9 
:cccccccccccccc;MMM.;cccccccccccccccc:   Resolution: 2256x1504 
:ccccccc;oxOOOo;MMM0OOk.;cccccccccccc:   DE: GNOME 45.1 
cccccc:0MMKxdd:;MMMkddc.;cccccccccccc;   WM: Mutter 
ccccc:XM0';cccc;MMM.;cccccccccccccccc'   WM Theme: Adwaita 
ccccc;MMo;ccccc;MMW.;ccccccccccccccc;    Theme: Adwaita [GTK2/3] 
ccccc;0MNc.ccc.xMMd:ccccccccccccccc;     Icons: Adwaita [GTK2/3] 
cccccc;dNMWXXXWM0::cccccccccccccc:,      Terminal: kgx 
cccccccc;.:odl:.;cccccccccccccc:,.       CPU: AMD Ryzen 7 7840U w/ Radeon 780M Graphics (16) @ 5.132G 
:cccccccccccccccccccccccccccc:'.         GPU: AMD ATI c1:00.0 Phoenix1 
.:cccccccccccccccccccccc:;,..            Memory: 12836MiB / 31261MiB 
  '::cccccccccccccc::;,

$ gpg --help
gpg (GnuPG) 2.4.3
libgcrypt 1.10.2-unknown
Copyright (C) 2023 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/tommi/.gnupg

Errors

$ gpg --list-secret-keys --verbose                       
gpg: enabled compatibility flags:
gpg: using pgp trust model
^C

$ gpg --list-keys --verbose                       
gpg: enabled compatibility flags:
gpg: using pgp trust model
^C

gpg --verbose --edit-key C25EBAA6557EEE9F72A574B9B045212E435C7A80 
gpg (GnuPG) 2.4.3; Copyright (C) 2023 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: enabled compatibility flags:
^C
gpg: signal Interrupt caught ... exiting

cklassen · November 25, 2023, 8:29am

Hi @tommi and welcome to the forum!

Does it help if you use gpgconf to reload or kill and launch the gpg-agent?

aheinecke · November 25, 2023, 10:36am

Adding --verbose or even --debug-level basic to the command might also help to explain where it is stuck. Might be related to the new keyboxd if you started with a fresh gnupg home directory. In that case you could comment out use-keyboxd in ~/.gnupg/common.conf but then you will start with an empty public keyring.

tommi · November 25, 2023, 2:03pm

Hi @cklassen and @aheinecke! Thanks a lot for your replies!

Unfortunately, after running gpgconf -K gpg-agent or gpgconf -R gpg-agent nothing changes… after rebooting, I see waiting for lock (held by 20) ...

$ gpg --list-keys 
gpg: waiting for lock (held by 20) ...
gpg: waiting for lock (held by 20) ...
gpg: waiting for lock (held by 20) ...
^C
gpg: signal Interrupt caught ... exiting

After doing what you suggested, I get:

$ gpg --list-keys --verbose
gpg: enabled compatibility flags:
gpg: keybox '/home/tommi/.gnupg/pubring.kbx' created
gpg: using pgp trust model

Btw I have keys already saved in the directory!

tommi · November 27, 2023, 10:41am

Ping… Does anyone have any suggestions?

I also tried reinstalling: sudo dnf reinstall gpg. Nothing changes.

deftclaw · April 2, 2024, 7:04am

I ran into this problem, and landed here looking for a solution.
Reading through that even a reinstall did not change the behavior I surmised there must be some kind of lock file, persisting the lock state in the filesystem.
For me the fix was to rm ~/.gnupg/{S.keyboxd,public-keys.d/pubring.db.lock}

in alpine I did not have to restart gpg-agent again after this, but it may be helpful to do so after removing the lockfiles: gpgconf -R gpg-agent

eebb · April 2, 2024, 10:51am

Hi deftclaw, thank you for joining in!

I do not know why nobody answered again to Tommi last year but, extrapolating from myself, probably to much else to do and no definitive answer…

For Tommi I would guess the cause of the not accessible lock files was that Fedora AFAIK uses systemd to start the gpg-agent, which can lead to issues with inaccessible lock files or sockets. Deleting those - like you did - would solve the problem for the moment but it may recur. Although likely not often, otherwise more people would complain
Needless to say, using systemd is not the way recommended by the gpg developers to start gpg-agent. Unfortunately several Linux distributions do it.

AFAIK Alpine is an exception though. How does Alpine start gpg-agent? Maybe a logind?
It seems anyway you did not start it by using gpg, as then the socket would have been in /run/user/UID not in your GPGHOME.

simonDos · April 16, 2024, 7:07pm

thank you! This did it for me