[pkg-gnupg-maint] Bug#822836: pinentry: "allow-emacs-pinentry" makes pinentry fail also outside Emacs

Kevin Brubeck Unhammer unhammer at fsfe.org
Thu Apr 28 07:56:54 UTC 2016 

Source: pinentry
Version: 0.9.7
Severity: normal

Dear Maintainer,

With the upstream (or at least the Arch Linux) package of pinentry
0.9.7, one can put

   allow-emacs-pinentry

in ~/.gnupg/gpg-agent.conf, which allows using
http://elpa.gnu.org/packages/pinentry.html to enter passphrases from
within Emacs (and falls back to gtk or whatnot when not inside Emacs).

There is code in the upstream pinentry package that checks the
environment variable INSIDE_EMACS.


However, on pinentry-curses_0.9.7-3_amd64.deb (tested on Ubuntu
Xenial; apt-cache says it's originally Debian) if I put
"allow-emacs-pinentry" in ~/.gnupg/gpg-agent.conf, the gpg-agent
doesn't work at all, even outside Emacs:

$ echo $INSIDE_EMACS

$ cat ~/.gnupg/gpg-agent.conf
allow-emacs-pinentry
$ pkill gpg-agent
$ gpg-agent --homedir $HOME/.gnupg  --daemon
$ gpg2 -d /tmp/foo.gpg | wc -l
gpg: encrypted with 2048-bit RSA key, ID F013AFA5, created 2012-05-22
      "Kevin Brubeck Unhammer <unhammer at fsfe.org>"
gpg: public key decryption failed: Not supported
gpg: decryption failed: No secret key
0
$

while it works fine without that setting:

$ /bin/rm ~/.gnupg/gpg-agent.conf
$ pkill gpg-agent
$ gpg-agent --homedir $HOME/.gnupg  --daemon
$ gpg2 -d /tmp/foo.gpg | wc -l
gpg: encrypted with 2048-bit RSA key, ID F013AFA5, created 2012-05-22
      "Kevin Brubeck Unhammer <unhammer at fsfe.org>"
212
$

(Similarly if I start gpg-agent using --allow-emacs-pinentry. I also
tried the pinentry-curses .deb from
https://packages.debian.org/stretch/amd64/pinentry-curses/download and
got the same behaviour.)

https://bugs.gnupg.org/gnupg/issue2034 says that dkg removed the
binary pinentry-emacs, I guess this is the configure option
--disable-pinentry-emacs in
https://anonscm.debian.org/cgit/pkg-gnupg/pinentry.git/tree/debian/rules
(that binary is not needed for the allow-emacs-pinentry usage), but
also removed support for checking the INSIDE_EMACS variable,
presumably configure option --disable-inside-emacs.

The comment by dkg says "If the documentation and failure modes are
clarified, i'm happy to re-enable them in debian". From what I can
tell in that thread and the sub-bugs, the concerns about INSIDE_EMACS
are alleviated (e.g. allow-emacs-pinentry has to be explicitly enabled
in gpg-agent for INSIDE_EMACS-checking to take effect), so ideally the
package could be built without --disable-inside-emacs.

However, even without --disable-inside-emacs, gpg-agent shouldn't
completely stop working _outside Emacs_ just because
allow-inside-emacs is set.



-- System Information:
Debian Release: stretch/sid
  APT prefers xenial-updates
  APT policy: (500, 'xenial-updates'), (500, 'xenial-security'), (500, 'xenial'), (100, 'xenial-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.4.0-21-generic (SMP w/2 CPU cores)
Locale: LANG=nn_NO.UTF-8, LC_CTYPE=nn_NO.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

More information about the pkg-gnupg-maint mailing list