Fixpoint

Unsurprising perhaps but worth documenting since I just tripped on it:

[root@ny7 package]# su - monitorsrv
[monitorsrv@ny7 ~]$ gpg --gen-key
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.(i)
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: directory `/var/lib/monitorsrv/.gnupg' created
gpg: new configuration file `/var/lib/monitorsrv/.gnupg/gpg.conf' created
gpg: WARNING: options in `/var/lib/monitorsrv/.gnupg/gpg.conf' are not yet active during this run(ii)
gpg: keyring `/var/lib/monitorsrv/.gnupg/secring.gpg' created(iii)
gpg: keyring `/var/lib/monitorsrv/.gnupg/pubring.gpg' created
Please select what kind of key you want:(iv)
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.(v)
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name:
Name must be at least 5 characters long
Real name:
Name must be at least 5 characters long
Real name:
Name must be at least 5 characters long
Real name:
Name must be at least 5 characters long
Real name:
Name must be at least 5 characters long
Real name:
Name must be at least 5 characters long(vi)
Real name: monitorsrv
Email address:
Comment:
You selected this USER-ID:
    "monitorsrv"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.(vii)

can't connect to `/var/lib/monitorsrv/.gnupg/S.gpg-agent': No such file or directory
gpg-agent[484]: directory `/var/lib/monitorsrv/.gnupg/private-keys-v1.d' created
gpg-agent[484]: command get_passphrase failed: Operation cancelled
gpg: cancelled by user(viii)
gpg: Key generation canceled.

And why might that be, not that it matters? I'd hazard a guess that it's to do with the switch from root to unprivileged user that opened the session, in combination with gpg-agent wanting to bypass stdin/out, to read the Passphrase I won't even be providing by going directly to the tty device, which access is denied.

[monitorsrv@ny7 ~]$ ls -l `tty`
crw--w---- 1 root tty 136, 1 Dec 18 02:52 /dev/pts/1

Maybe there's a still-working gnupg1 package available like on ubuntu?

[root@ny7 ~]# yum search gnupg
http://mirror.centos.org/centos/6/os/i386/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found"
Trying other mirror.
To address this issue please refer to the below wiki article

https://wiki.centos.org/yum-errors

If above article doesn't help to resolve this issue please use https://bugs.centos.org/.

http://mirror.centos.org/centos/6/extras/i386/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found"
Trying other mirror.
http://mirror.centos.org/centos/6/updates/i386/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found"
Trying other mirror.
===================================================================================== N/S Matched: gnupg ======================================================================================
gnupg2-debuginfo.i686 : Debug information for package gnupg2
gnupg2-smime.i686 : CMS encryption and signing tool and smart card support for GnuPG
gnupg2.i686 : Utility for secure communication and data storage
gpgme.i686 : GnuPG Made Easy - high level crypto API
libassuan-devel.i686 : GnuPG IPC library
libgpg-error.i686 : Library for error values used by GnuPG components

  Name and summary matches only, use "search all" for everything.

That'd be a "no", after 12 lines expended on errors from something they didn't need to break in order to get a database update I didn't ask for. Perhaps I'll simply drop in a working static gpg binary from Gales...

1. Version 2 would have been my first sign of trouble, if those self-important FSF banners hadn't been so spammy as to get tuned out altogether. [^]
2. It's such a widely used and well-honed tool that it... spews a warning that some settings (which I didn't create or ask to create) are inactive, on such a commonplace occasion as running the program the first time in a fresh installation. [^]
3. I have no secret or public keys at this point but apparently I need rings to hold all that nothing. [^]
4. Despite a 15,000-some word manual page, there are no CLI options to bypass this or the following interactive prompts. [^]
5. Why the magic upper limit, if it's configurable at all? I've seen an 8192-bit key in the wild, presumably from a different version or implementation. [^]
6. Yeah, I was mashing the same key over and over wondering if something different would happen: this is IT after all. As to "why": the "real" name of a key is its RSA modulus, or fingerprint if you must: that fixed support upon which identity (such as human name) is constructed by others' view. This being a machine key, a human name isn't warranted in any case, and not even helpful as a "reminder" because the key's role is to be defined by separate config files, the ones that determine what it's actually allowed to do (an example of that "others' view"). Anything I'm forced to put here will end up a fossil of a claim at best, not any source of current truth. [^]
7. And a thneed. [^]
8. A bald-faced lie - with the cherry on top of inconsistent speling. [^]