From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jwakely.gcc@gmail.com>
Received: from mail-il1-x141.google.com (mail-il1-x141.google.com
 [IPv6:2607:f8b0:4864:20::141])
 by sourceware.org (Postfix) with ESMTPS id 75085385DC00
 for <overseers@sourceware.org>; Tue,  2 Jun 2020 20:43:59 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 75085385DC00
Received: by mail-il1-x141.google.com with SMTP id p5so232620ile.6
 for <overseers@sourceware.org>; Tue, 02 Jun 2020 13:43:59 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=EohGbX98BXFsvVYcoCztjdKcdZAYzEzUbj2PsZ9Xzy0=;
 b=f5zYQBDeGJCRxcxVhGoEeHRf2RMT/BuCcUiT+v0+bdzIISx3LdZm/YXetYDtYuRxly
 1sEGTsOA+5bE/KtOcAPordBoKCuFZKZEWxeqHHNncLIaI5iJaMwrHtuaP+A1SP28qaFj
 ID/LOveYxGM3gN0SwPHivPiuIySzxAjB/1DuC25Y3KczVIjJwDOnbhxm7EsQ11SMe0Nl
 aolDMM2M01keHTQLL8iG+auMGk7TG8sfm9oVlhYAhYh8MMR5+ImefGHCThNcItgCJhQA
 ApEcXVxhOg63MPZ1EG/pDdjijoapu5dKjDr3nma312QWUDobSccUxZC1a5/zPucVM8y4
 sU8Q==
X-Gm-Message-State: AOAM5331Tr3tEpFJTKIx8Kt4jSnhAH7bNq5VbqQWMlFpeGs9Dy/HpA8Y
 IZYOSlRN6qUQiHh+3VSZNl4HMd2WXiiXVIf3JRU=
X-Google-Smtp-Source: ABdhPJwttFDGOGiH2UqF3i7sGgw4LX0bi5ixUZxb2sulWT+nFG8hBg2MWbvjUjJiUWpXArevUZ5q1BGJ7I7XF0frioU=
X-Received: by 2002:a92:9f82:: with SMTP id z2mr971656ilk.59.1591130638974;
 Tue, 02 Jun 2020 13:43:58 -0700 (PDT)
MIME-Version: 1.0
References: <e1c28ef9-b5ab-f5e7-e72b-5d7284fd361d@gmail.com>
 <20200601181037.GB16575@redhat.com>
 <CAH6eHdQ-W1=pfw0Dp3qdK4yaJy7oDVMfrk==Pvw96vAMpfqc9w@mail.gmail.com>
 <ead72a77-46a4-a3d2-fb86-96df4849601e@gmail.com>
In-Reply-To: <ead72a77-46a4-a3d2-fb86-96df4849601e@gmail.com>
From: Jonathan Wakely <jwakely.gcc@gmail.com>
Date: Tue, 2 Jun 2020 21:43:47 +0100
Message-ID: <CAH6eHdSFuzXq9x6ya=n_xO3nEd+T=x5SNRqGvVf8mdjYi74BEw@mail.gmail.com>
Subject: Re: sign_and_send_pubkey: signing failed: agent refused operation
To: Martin Sebor <msebor@gmail.com>
Cc: Overseers mailing list <overseers@sourceware.org>,
 "Frank Ch. Eigler" <fche@redhat.com>, gcc mailing list <gcc@gcc.gnu.org>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,
 SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: overseers@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Overseers mailing list <overseers.sourceware.org>
List-Unsubscribe: <http://sourceware.org/mailman/options/overseers>,
 <mailto:overseers-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/overseers/>
List-Post: <mailto:overseers@sourceware.org>
List-Help: <mailto:overseers-request@sourceware.org?subject=help>
List-Subscribe: <http://sourceware.org/mailman/listinfo/overseers>,
 <mailto:overseers-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jun 2020 20:44:01 -0000

On Tue, 2 Jun 2020 at 21:26, Martin Sebor <msebor@gmail.com> wrote:
>
> On 6/1/20 1:12 PM, Jonathan Wakely via Overseers wrote:
> > On Mon, 1 Jun 2020 at 19:11, Frank Ch. Eigler via Gcc <gcc@gcc.gnu.org> wrote:
> >>
> >> Hi -
> >>
> >>> git pull from the GCC and Glibc repos is failing for me with the error
> >>> below.  It worked fine last week and I haven't made any changes to my
> >>> ssh keys.
> >>
> >> And are you logging in from the same workstation with access to the same
> >> set of ssh private keys?
> >>
> >>> Is this a transient glitch or has something changed recently that I
> >>> need to make some adjustments for?
> >>
> >> I know of nothing relevant that has changed on the sourceware side.
> >>
> >>> sign_and_send_pubkey: signing failed: agent refused operation
> >>> msebor@gcc.gnu.org: Permission denied (publickey).
> >>> fatal: Could not read from remote repository.
> >>
> >> The usual advice is to run       % ssh -vv gcc.gnu.org alive
> >> and report the ssh level error.
> >>
> >> "agent refused operation" sounds like a problem on the client end.
> >
> > Yes, it is. "agent" refers to the ssh-agent program.
> >
> > Martin, what does 'ssh-add -l' show?
> >
> > Is there only one ssh-agent process shown by 'ps -ef | fgrep
> > [s]sh-agent'? Does its PID match $SSH_AGENT_PID?
> >
> > Another possible cause is that the file permissions are not strict
> > enough on the private key, or on the ~/.ssh directory that contains
> > it. Key files should be 600 and ~/.ssh should be 700.
>
> We solved the problem over IRC last night so just to close the loop
> on it here: it turned out to be caused by Gnome keyring setting
> SSH_AUTH_SOCK=/run/user/1000/keyring/ssh.  With the environment
> variable undefined I get prompted for the password as expected.

But that just means you're not using an agent, right?

Do you really want to enter a passphrase every time you connect to gcc.gnu.org?

Solving it by the GNOME keyring would match Jim's suggestion that the
GNOME keyring won't use your key.

You could generate a new 4K key that GNOME keyring will accept, upload
the public key to gcc.gnu.org, and use that instead. Then you could
use the keyring as your agent.