[pkg-gnupg-maint] Bug#927105: pinentry-gnome3: No proper curses fallback.

Zephaniah E. Loss-Cutler-Hull zephaniah at gmail.com
Mon Apr 15 07:25:14 BST 2019 

Package: pinentry-gnome3
Version: 1.1.0-1+b1
Severity: normal

When using a standard gnome session, all invocations of pinentry-gnome3 
attempt to prompt via a GUI popup on that session, even if the specific 
instance has no DISPLAY set.

As an example use case, you boot your system, login to your gnome 
session, and then leave the house, realize you need something, and ssh 
home.  Then you proceed to try and decrypt a file with gpg.

No DISPLAY is set, but at this point everything fails, pinentry-gnome3 
tries to prompt on the desktop, and since you're not at the desktop, you 
can't use gpg.

If you are instead using pinentry-gtk-2 it correctly detects that you 
don't have a DISPLAY, and falls back to the curses interface.

Looking at the code, it sure looks like it tries to handle this, by 
checking to see if there is a DBUS_SESSION_BUS_ADDRESS (which there is, 
inherited from the gpg-agent), if a gcr system prompt is available, and 
trying to see if the screen is locked, however in my testing none of 
these actually seem to work to detect that, indeed, the screen is locked 
and the user isn't at the desktop any more.

To me the obvious solution is to also check and see if there is a 
display set, using the same logic as pinentry-gtk-2, I have some fear 
that this will break a pure wayland environment (one with no xwayland 
involved), however I don't actually have one of those handy to test 
with.  If someone with a wayland environment could test this that would 
be appreciated.

A proposed patch which works for me is attached.

(Note: It's hard to tell if some of the reports in #801247 would be 
fixed by this patch or not, there seems to be multiple issues going on 
in there.)

Regards,
Zephaniah E. Loss-Cutler-Hull.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0008-gnome3_display_check.patch
Type: text/x-patch
Size: 1665 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20190414/e2340bd4/attachment.bin>

More information about the pkg-gnupg-maint mailing list