Snap sign unable to invoke gpg-agent pinentry

cmatsuoka · April 15, 2019, 9:07pm

A while back, during assertion signing tests, I received the following error from snap sign:

$ cat model.json | snap sign -k test-key
error: cannot sign assertion: cannot sign using GPG: /usr/bin/gpg --personal-digest-preferences SHA512 --default-key <my key> --detach-sign failed: exit status 2 ("gpg: signing failed: No such file or directory\ngpg: signing failed: No such file or directory\n")

It seems that, when executed by snap, gpg-agent is unable to run the pinentry program to read the key passphrase and prefers to display this rather cryptic error message instead. Indeed, If I unlock my key by running a gpg operation manually, such as

$ gpg --homedir /home/claudio/.snap/gnupg --detach-sign <some file>
Please enter the passphrase to unlock the OpenPGP secret key:
"test-key"

it correctly asks my passphrase and for that point on snap sign operations are executed as expected (until the agent times out and starts asking for the passphrase again). I didn’t investigate why exactly this is happening, but I’ll leave the information here in case this is happening to someone else.

jberends · July 1, 2019, 12:33pm

I was wondering how you came to resolve this.

I have a snap that is accessing gpg to (amoungst others) able to create keys in a private keyring (gpg home dir) and indeed. It comes up with the error that is cannot launch /bin/gpg-agent, even when it is provided within the snap.

markus · February 6, 2020, 9:12am

I am currently encountering the same. I could swear that it worked once and now fails. I’ll see if it is related to having more than one key stored.

markus · February 6, 2020, 11:45am

It just happened again. I created a new key and for a while it worked. I made some more changes to the model assertion and tried signing it again and got the same failure.

Edit: Now that I read the original post again I understand the workaround. To reiterate: once you sign anything manually and directly with gpg the other way with snap sign starts working again for a while.

kyleN · August 16, 2021, 9:54pm

I encountered this issue recently. I was able to get snap sign to work by telling GPG to use tty for pinentry: export GPG_TTY=$(tty)