[pkg-gnupg-maint] Bug#845565: Bug#845565: anything outside the X session

Adam Borowski kilobyte at angband.pl
Tue Dec 6 03:38:26 UTC 2016 

On Mon, Dec 05, 2016 at 08:53:36PM -0500, Daniel Kahn Gillmor wrote:
> On Mon 2016-12-05 18:23:14 -0500, Adam Borowski wrote:
> > Same if you have a running X session but try to sign from the console;
> > killing the gpg-agent doesn't help.
> 
> Please see https://bugs.debian.org/842015 for a very lengthy discussion
> of this issue.  I think this is the same thing, so i'm inclined to merge
> it in with that bug report (and the other three bug reports already
> merged there).
[...]
> So I think the problem you're describing is only happening when:
> 
>  0) pinentry-gnome3 is the default pinentry on the system, and

[~]$ dpkg -l 'pinentry*'
un  pinentry         <none>        <none>        (no description available)
ii  pinentry-curses  0.9.7-9       amd64         curses-based PIN or pass-phrase entry
un  pinentry-doc     <none>        <none>        (no description available)
ii  pinentry-gtk2    0.9.7-9       amd64         GTK+-2-based PIN or pass-phrase entry
un  pinentry-x11     <none>        <none>        (no description available)

>  1) dbus-user-session is installed and configured, and

[~]$ dpkg -l 'dbus*'
ii  dbus             1.10.14-1.0no amd64         simple interprocess messaging system 
un  dbus-session-bus <none>        <none>        (no description available)
ii  dbus-x11         1.10.14-1.0no amd64         simple interprocess messaging system 

>  2) the user is logged into the system via ssh, and

Same happens on the text console.
 
On the other hand, logging in graphically again (via vnc) lets me sign
inside that session.

>  3) the user is *also* logged into the graphical console, and

Yeah.

>  4) the graphical console is not screenlocked.

It is locked.


> This is an worrisome way to operate the agent, since it grants access to
> your keys to anyone sitting at the unlocked console

The graphical console is locked, so is my home.


Meow!
-- 
u-boot problems can be solved with the help of your old SCSI manuals, the
parts that deal with goat termination.  You need a black-handled knife, and
an appropriate set of candles (number and color matters).  Or was it a
silver-handled knife?  Crap, need to look that up.

More information about the pkg-gnupg-maint mailing list