[pkg-gnupg-maint] Bug#823492: pinentry-gnome3: does not handle SSH-forwarded X11 connections correctly

Andreas Rottmann a.rottmann at gmx.at
Wed May 4 18:59:30 UTC 2016 

Package: pinentry-gnome3
Version: 0.9.7-5
Severity: normal

Dear Maintainer,

When using pinentry-gnome3 over an SSH-forwarded X11 connection,
pinentry shows the dialog on the wrong display (i.e., the one that
gpg-agent was originally spawned on). This is in spite of using
"gpg-connect-agent updatestartuptty /bye" from the SSH-spawned shell
(which has the correct DISPLAY variable value). This information is
relayed to pinentry via the "--display" command-line option, as "ps"
output indicates:

10530 ?        SLl    0:00 pinentry --display localhost:10.0

A quick glance at the source code reveals this comment in
pinentry/pinentry.c (pinentry_parse_opts):

        case 'D':
          /* Note, this is currently not used because the GUI engine
             has already been initialized when parsing these options. */
          ...

So it seems that the "--display" option is broken; the contents of the
DISPLAY variable is supposedly honored correctly, so if this ever
worked as advertised by the gpg-agent manual page (see below), I
suspect a change in behavior in gpg-agent, not setting the DISPLAY
environment variable for the pinentry process it launches (anymore?).

>From the gpg-agent man page:

          [...] gpg-agent's ssh-support will use the TTY or X display
          where gpg-agent has been started.  To switch this display to
          the current one, the following command may be used:

       gpg-connect-agent updatestartuptty /bye
       
Nevertheless, I think the actual bug lies with pinentry not honoring
--display, even if that could be worked around by gpg-agent. Further
note that this probably affects all X11-based pinentry variants.

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.5.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages pinentry-gnome3 depends on:
ii  gcr              3.20.0-2
ii  libassuan0       2.4.2-3
ii  libc6            2.22-7
ii  libgcr-base-3-1  3.20.0-2
ii  libglib2.0-0     2.48.0-1
ii  libgpg-error0    1.22-1
ii  libgtk-3-0       3.18.9-1
ii  libncursesw5     6.0+20160319-1
ii  libsecret-1-0    0.18.3-1
ii  libtinfo5        6.0+20160319-1

pinentry-gnome3 recommends no packages.

Versions of packages pinentry-gnome3 suggests:
pn  pinentry-doc  <none>

-- no debconf information

More information about the pkg-gnupg-maint mailing list