[pkg-gnupg-maint] Bug#930062: enigmail: Engimail decrypt-passphrase window takes control of desktop

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Jun 27 16:41:09 BST 2019 

On Thu 2019-06-27 10:28:43 +0200, Emmanuel Revah wrote:
> In .gnupg/gpg-agent.conf I went from "pinentry-program pinentry-qt" to 
> "pinentry-program pinentry".

"pinentry-program pinentry" is probably the same as no line at all (it
is the default).  I strongly recommend sticking with the simplest
default configuration possible, so removing that line is good.

but note that pinentry-program expects the full path
(e.g. /usr/bin/pinentry-qt), not the unadorned program name.  I think
that's an unnecessarily broken behavior that only gets in the way of
debugging. i've just documented that concern upstream at
https://dev.gnupg.org/T4588 (this is a separate issue from the current
discussion, of course).

> After each edition of that file, I did `killall gpg-agent`,

You can also use "gpgconf --kill gpg-agent"

> and to test (from Enigmail troubleshooting doc) :
>
> gpg-connect-agent <<EOT
> GET_CONFIRMATION Hello
> EOT

this can also be run as:

     gpg-connect-agent 'GET_CONFIRMATION Hello' /bye


> I have to either comment out "pinentry-program" or set it to "pinentry" 
> and everything is back to "normal".
>
> I'm not sure where to go from here, for now, I can at least read emails 
> as usual.

Is pinentry-gnome3 still installed?  If you don't want a grab, it should
not be installed.

So:

 * You should have only pinentry-qt installed (and no other `pinentry-*` packages)

 * You should have no `pinentry-program` line in your gpg-agent.conf.

 * "readlink -f $(which pinentry)" should point to /usr/bin/pinentry-qt

 * You should terminate your running gpg-agent after making all of the
   above changes, with "gpgconf --kill gpg-agent"

if all of these conditions are met, then the following should give you a
QT-based, non-grabbing confirmation prompt:

    gpg-connect-agent 'GET_CONFIRMATION Hello' /bye

If this doesn't work for you, then something else is more seriously
wrong, and i'd like to understand it better.

       --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20190627/424a3600/attachment.sig>

More information about the pkg-gnupg-maint mailing list