[pkg-gnupg-maint] Bug#913614: Bug#913614: Bug#913614: gnupg2 fails with "cannot open '/dev/tty': No such device or address"

[Werner Koch]

On Tue, 13 Nov 2018 16:19, tianon at debian.org said:

> Even for something that shouldn't have a reason to prompt, like
> "--recv-keys" with a full fingerprint?

You are right, this should not be needed.  I recall that we recently
fixed a similar case where we accidentally printed to the tty.

In any case --batch is always a good idea if you don't expect any
interactivity.

I agree that this --batch thing is contrary to standard Unix behavior
where you would explicitly need to to select an interactive option.
However, due to the legacy of of PGP and GPG 1.4 we had to use the tty
anyway to query the passphrase and for the dedicated commands like
--edit-key.  For reasons of syncing prompts with tty input more and more
output had to be send to the tty directly and, well, at some places we
got it wrong.  Now, with gpg-agent and its Pinentry, we could have
inhibited the tty access by default and allow it only for interactive
commands.  But then came the request for --pinentry-loopback and the new
Tofu prompts ...

> Would it make sense to detect that there's no TTY present and assume
> batch mode?  (apologies if something like that's been proposed before)

You can't do that in a reliable way.  But let me check whether it is
possible to turn this into a non-fatal error and terminate only when an
input is requested.  Nothing for 2.2, though.

Given dkg's comments, your best choice is to use --no-tty or no-tty in
gpg.conf.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20181114/41071b1e/attachment.sig>