GPG PINENTRY_LAUNCHED error when sources are deleted

[heartsucker]

Description

Deleting a source raises this error.

Exception in thread Thread-39:
Traceback (most recent call last):
  File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner
    self.run()
  File "/usr/lib/python2.7/threading.py", line 754, in run
    self.__target(*self.__args, **self.__kwargs)
  File "/usr/local/lib/python2.7/dist-packages/pretty_bad_protocol/_meta.py", line 670, in _read_response
    result._handle_status(keyword, value)
  File "/usr/local/lib/python2.7/dist-packages/pretty_bad_protocol/_parsers.py", line 1024, in _handle_status
    raise ValueError("Unknown status message: %r" % key)
ValueError: Unknown status message: u'PINENTRY_LAUNCHED'

Steps to Reproduce

• Start container
• Start client
• Delete source

Expected Behavior

No errors.

Actual Behavior

There are errors but the HTTP code is still 200, and the key is still deleted on the server side.

[kushaldas]

I can see the same errors.

[redshiftzero]

Background: I made this change 62bd71a such that secret keys would be properly deleted on Xenial (due to upstream issues with --pinentry-mode loopback and --delete-secret-keys)

[kushaldas]

If I install pinentry-gtk2 package on Xenial, then this error goes away. 🤕

[eloquence]

@kushaldas Do you subsequently get the OSSEC alert described in #4362 after deleting a source?

[redshiftzero]

If I install pinentry-gtk2 on Xenial on branch test-pinentry, the following happens:

1. the web UI blocks when I delete a source
2. (presumably) eventually the call to pinentry-gtk2 times out
3. I still see the above ValueError: Unknown status message: u'PINENTRY_LAUNCHED'

it's worth noting that any attempt by gpg to launch a passphrase prompt is futile in this scenario as we don't have the source key passphrase stored directly anywhere (only the source does, we only have the hash)

[kushaldas]

@kushaldas Do you subsequently get the OSSEC alert described in #4362 after deleting a source?

I saw the OSSEC logs (when I checked), but, just now we deleted another source, and this time no alert in OSSEC.

[emkll]

On an instance upgraded from Trusty to Xenial (one that has pinentry-gtk2 installed) this error does not appear in journalist logs on source deletion.

This bug appears to only affect instances that are using pinentry-curses (the Xenial default, which is present on Xenial clean installs)

EDIT: The error is not visible in logs due to #4362 : once the AppArmor profile is updated, the PINTENTRY_LAUNCHED error appears.