[pkg-gnupg-maint] Bug#822836: pinentry: "allow-emacs-pinentry" makes pinentry fail also outside Emacs
Kevin Brubeck Unhammer
unhammer at fsfe.org
Thu Apr 28 07:56:54 UTC 2016
Source: pinentry
Version: 0.9.7
Severity: normal
Dear Maintainer,
With the upstream (or at least the Arch Linux) package of pinentry
0.9.7, one can put
allow-emacs-pinentry
in ~/.gnupg/gpg-agent.conf, which allows using
http://elpa.gnu.org/packages/pinentry.html to enter passphrases from
within Emacs (and falls back to gtk or whatnot when not inside Emacs).
There is code in the upstream pinentry package that checks the
environment variable INSIDE_EMACS.
However, on pinentry-curses_0.9.7-3_amd64.deb (tested on Ubuntu
Xenial; apt-cache says it's originally Debian) if I put
"allow-emacs-pinentry" in ~/.gnupg/gpg-agent.conf, the gpg-agent
doesn't work at all, even outside Emacs:
$ echo $INSIDE_EMACS
$ cat ~/.gnupg/gpg-agent.conf
allow-emacs-pinentry
$ pkill gpg-agent
$ gpg-agent --homedir $HOME/.gnupg --daemon
$ gpg2 -d /tmp/foo.gpg | wc -l
gpg: encrypted with 2048-bit RSA key, ID F013AFA5, created 2012-05-22
"Kevin Brubeck Unhammer <unhammer at fsfe.org>"
gpg: public key decryption failed: Not supported
gpg: decryption failed: No secret key
0
$
while it works fine without that setting:
$ /bin/rm ~/.gnupg/gpg-agent.conf
$ pkill gpg-agent
$ gpg-agent --homedir $HOME/.gnupg --daemon
$ gpg2 -d /tmp/foo.gpg | wc -l
gpg: encrypted with 2048-bit RSA key, ID F013AFA5, created 2012-05-22
"Kevin Brubeck Unhammer <unhammer at fsfe.org>"
212
$
(Similarly if I start gpg-agent using --allow-emacs-pinentry. I also
tried the pinentry-curses .deb from
https://packages.debian.org/stretch/amd64/pinentry-curses/download and
got the same behaviour.)
https://bugs.gnupg.org/gnupg/issue2034 says that dkg removed the
binary pinentry-emacs, I guess this is the configure option
--disable-pinentry-emacs in
https://anonscm.debian.org/cgit/pkg-gnupg/pinentry.git/tree/debian/rules
(that binary is not needed for the allow-emacs-pinentry usage), but
also removed support for checking the INSIDE_EMACS variable,
presumably configure option --disable-inside-emacs.
The comment by dkg says "If the documentation and failure modes are
clarified, i'm happy to re-enable them in debian". From what I can
tell in that thread and the sub-bugs, the concerns about INSIDE_EMACS
are alleviated (e.g. allow-emacs-pinentry has to be explicitly enabled
in gpg-agent for INSIDE_EMACS-checking to take effect), so ideally the
package could be built without --disable-inside-emacs.
However, even without --disable-inside-emacs, gpg-agent shouldn't
completely stop working _outside Emacs_ just because
allow-inside-emacs is set.
-- System Information:
Debian Release: stretch/sid
APT prefers xenial-updates
APT policy: (500, 'xenial-updates'), (500, 'xenial-security'), (500, 'xenial'), (100, 'xenial-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.4.0-21-generic (SMP w/2 CPU cores)
Locale: LANG=nn_NO.UTF-8, LC_CTYPE=nn_NO.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
More information about the pkg-gnupg-maint
mailing list