I am running macOS Catalina on a late 2013 iMac and I use MacPorts for installing various command line tools. Although I do use the Mac Mail app a bit I still handle most of my email using Mutt, or rather the fork called NeoMutt. I also want the ability to send and receive signed and encrypted emails using GnuPG. So my two most important ports are probably neomutt and gnupg2. I also use GnuPG to encrypt files using a symmetric cipher, in particular a file containing all my passwords.
Every few days I update my MacPorts installation using “port selfupdate” and then upgrade any outdated ports using “port upgrade outdated”. Normally this is painless but last night it was a bit of a nightmare!
Soon after doing the update I ran mutt and things were not as they should be. I didn’t immediately link it to the MacPorts update and struggled to work out what was going on. It dawned on me that for some reason mutt no longer knew about my ~/Mail directory, which contains a load of mail folders. For example, when I typed “c” to change folder and then “=” and the first few characters of a folder name I would normally then be able to use tab completion, but that wasn’t working. Eventually I worked out that adding the line “set folder=~/Mail” to my .muttrc file restored previous behaviour, but why had that become necessary? According to the neomuttrc man page the “folder” variable should default to “~/Mail” but clearly it wasn’t doing so, otherwise I wouldn’t have needed to set it myself. The only reasonable explanation seemed to be that neomutt was one of the ports that had been upgraded and the new version was neglecting to set the folder variable. There is more testing I could have done but I had basically fixed it and another more pressing problem had arisen.
I needed to look up a password so I ran gpg with the –decrypt option to decrypt my password file. I was expecting a window to pop up and ask for the passphrase but instead I got the following:
gpg: problem with the agent: No pinentry
gpg: encrypted with 1 passphrase
gpg: decryption failed: No secret key
Prior to using GnuPG to encrypt and decrypt files I had been using OpenSSL. In November last year, after upgrading to Catalina and re-installing MacPorts I got a fright when I was unable to decrypt my password file. It contained over 100 passwords, many of which were random 16 character strings, and I had no plain text copy of them anywhere. It turned out that (as with NeoMutt) the problem could be traced to a change in defaults since the previous version and all I had to do was add “-md md5” to the decrypt command. However, I was still getting a warning about deprecated key derivation and after reading a few comments I decided to switch to using GnuPG.
So when I got that “decryption failed” message my heart sank! The gnupg2 port had been set up to use pinentry-mac for passphrase entry and I couldn’t see anything obviously wrong. I floundered around for a while but eventually came across the suggestion to run “gpgconf –kill gpg-agent” and thankfully it worked!
Looking back through my notes I found an incident in December last year when, after updating MacPorts, I got a warning when I tried to decrypt my password file:
gpg: WARNING: server ‘gpg-agent’ is older than us (2.2.17 < 2.2.18)
gpg: Note: Outdated servers may lack important security fixes.
gpg: Note: Use the command "gpgconf –kill all" to restart them.
In that case it was just a warning, and decryption succeeded, and it told me what to do to fix it. I must try to remember if I ever get a similar problem in future then the first thing I should do is run “gpgconf –kill all” and try again.
I hope this post may prove useful for anyone else who experiences these problems.