[pkg-gnupg-maint] Bug#842015: Bug#842015: gnupg: gpg --no-tty freezes when there is no X display
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Oct 25 21:40:03 UTC 2016
Control: tags 842015 - unreproducible moreinfo
Control: tags 842015 + upstream
Control: forwarded 842015 https://bugs.gnupg.org/gnupg/issue2818
Hi Vincent--
I think your analysis is correct:
On Tue 2016-10-25 14:35:49 -0400, Vincent Lefevre wrote:
> This happened when I was at my lab and connected to my machine
> at home, and I've just gone back home and was surprised to see
> the dialog boxes (pinentry?) to type my passphrase.
>
> I think that what happened is the following:
>
> 1. Start an X session locally on machine A.
> I suppose that this starts gpg-agent automatically (otherwise
> maybe an "emacs file.gpg" is needed too).
It is intended behavior that gpg-agent should start automatically from
your graphical session. Since we use the standard socket location, each
user account on a given machine uses the same gpg-agent.
> 2. From machine B, do "ssh A" (without X forwarding).
>
> 3. From this ssh session, do "emacs file.gpg".
since each user has a single gpg-agent (thanks to the standard-socket),
I see a few choices here:
a) use pinentry-emacs where possible (this won't currently work within
debian since none of our pinentry implementations are configured to
support emacs, though this could change)
b) emacs could use "--pinentry-mode loopback" and directly handle the
user's passphrase
c) emacs could pass its controlling tty to the gpg process and rely on
pinentry-curses or pinentry-tty (or any comparable fallback
mechanism) to handle the situation.
I've opened the uptsream bug report
https://bugs.gnupg.org/gnupg/issue2818 to try to track this problem, as
i'm not sure the best way to solve it.
> It seems that gpg connects to gpg-agent, which thinks that the
> current screen is the one that corresponds to the X session,
> which is obviously wrong. At least, gpg and gpg-agent shouldn't
> assume that they have the same $DISPLAY in their environment.
>
> Before I do anything else, can you reproduce the problem with
> something like that?
yep, thanks, this is the info we needed. I've dropped the
unreproducible and moreinfo tags.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20161025/868d9dd7/attachment.sig>
More information about the pkg-gnupg-maint
mailing list