You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
During adding a new recipient when using the age backend the reencryption fails for all but one worker, resulting in only a single file being updated.
This is caused by all workers simultaneously trying to open the pinentry modal, where pinentry refuses operation due to a modal being present.
I confirmed this to be a concurrency issue by running gopass with taskset 1 to limit it to a single core, upon which reencryption worked.
$ gopass recipients add "$(cat ~/.ssh/id_ed25519.pub)"
Starting reencrypt
] 5 / 5 [Goooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooopass] 100.00% ❌ Decryption failed: failed to decrypt /home/rad4day/.config/gopass/age/identities: pinentry error: pinentry error: Operation cancelled <Pinentry>
Worker 0: Failed to get current value for extern/cloudflare/api_token: failed to decrypt
❌ Decryption failed: failed to decrypt /home/rad4day/.config/gopass/age/identities: pinentry error: pinentry error: Operation cancelled <Pinentry>
Worker 2: Failed to get current value for keycloak/grafana/secret: failed to decrypt
❌ Decryption failed: failed to decrypt /home/rad4day/.config/gopass/age/identities: pinentry error: pinentry error: Operation cancelled <Pinentry>
Worker 1: Failed to get current value for extern/cloudflare/account_id: failed to decrypt
❌ Decryption failed: failed to decrypt /home/rad4day/.config/gopass/age/identities: pinentry error: pinentry error: Operation cancelled <Pinentry>
Worker 4: Failed to get current value for keycloak/hedgedoc/secret: failed to decrypt
Steps To Reproduce
Have a store with more than 1 secret
Use age as backend
add a new key via gopass receipients add
Observe gopass failing
Expected behavior
Being asked a single time for password, decrypted secret reused for all workers.
gopass not exploding.
Environment
OS: ArchLinux
OS version: Linux - 6.5.2-arch1-1 #1 SMP PREEMPT_DYNAMIC Wed, 06 Sep 2023 21:01:01 +0000 x86_64 GNU/Linux
gopass Version: gopass 1.15.8 go1.21.1 linux amd64
Installation method: ArchLinux Repository
Additional context
The text was updated successfully, but these errors were encountered:
Summary
During adding a new recipient when using the age backend the reencryption fails for all but one worker, resulting in only a single file being updated.
This is caused by all workers simultaneously trying to open the pinentry modal, where pinentry refuses operation due to a modal being present.
I confirmed this to be a concurrency issue by running gopass with
taskset 1
to limit it to a single core, upon which reencryption worked.Steps To Reproduce
gopass receipients add
Expected behavior
Environment
Linux - 6.5.2-arch1-1 #1 SMP PREEMPT_DYNAMIC Wed, 06 Sep 2023 21:01:01 +0000 x86_64 GNU/Linux
Additional context
The text was updated successfully, but these errors were encountered: