[pkg-gnupg-maint] Bug#1070688: gnupg: PINENTRY_USER_DATA not passed to pinentry
Farblos
in.cognito35 at arcor.de
Tue May 7 11:56:18 BST 2024
A quick comparison of the package sources hasn't revealed anything obvious.
So here is a reproducer (custom pinentry defined in gpg-agent.conf that dumps
its environment):
[~]$ grep ^pinentry-program .gnupg/gpg-agent.conf
pinentry-program /home/farblos/tmp/pinentry
[~]$ cat /home/farblos/tmp/pinentry
#!/bin/bash
( date; export; ) > /tmp/pinentry.log
[~]$ ls -al /home/farblos/tmp/pinentry
-rwxrwxr-x 1 farblos farblos 51 May 7 11:48 /home/farblos/tmp/pinentry
[~]$ gpg --encrypt --recipient BEA00D6B5803B828854E115908C216F6FF7B6B30 /home/farblos/tmp/pinentry > /home/farblos/tmp/pinentry.gpg
[~]$ systemctl --user restart gpg-agent
[~]$ gpg --decrypt /home/farblos/tmp/pinentry.gpg
gpg: encrypted with 3072-bit RSA key, ID 646746DE42C89279, created 2022-11-30
"backup"
gpg: decryption failed: No secret key
[~]$ cat /tmp/pinentry.log
Tue May 7 11:55:11 CEST 2024
declare -x DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/1000/bus"
declare -x DISPLAY=":0"
declare -x GSM_SKIP_SSH_AGENT_WORKAROUND="true"
declare -x HOME="/home/farblos"
declare -x INVOCATION_ID="73be729ef883415aaf43ca4a4de2049b"
declare -x JOURNAL_STREAM="8:18301"
declare -x LANG="en_US.UTF-8"
declare -x LANGUAGE="en_US:en"
declare -x LC_COLLATE="POSIX"
declare -x LC_MEASUREMENT="de_DE.UTF-8"
declare -x LC_PAPER="de_DE.UTF-8"
declare -x LC_TIME="POSIX"
declare -x LISTEN_FDNAMES="extra:ssh:std:browser"
declare -x LISTEN_FDS="4"
declare -x LISTEN_PID="4355"
declare -x LOGNAME="farblos"
declare -x MANAGERPID="1776"
declare -x MEMORY_PRESSURE_WATCH="/sys/fs/cgroup/user.slice/user-1000.slice/user at 1000.service/app.slice/gpg-agent.service/memory.pressure"
declare -x MEMORY_PRESSURE_WRITE="c29tZSAyMDAwMDAgMjAwMDAwMAA="
declare -x OLDPWD
declare -x PATH="/home/farblos/bin:/root/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games"
declare -x PWD="/home/farblos"
declare -x SHELL="/bin/bash"
declare -x SHLVL="1"
declare -x SSH_AUTH_SOCK="/run/user/1000/gnupg/S.gpg-agent.ssh"
declare -x SYSTEMD_EXEC_PID="4355"
declare -x USER="farblos"
declare -x XAUTHORITY="/home/farblos/.Xauthority"
declare -x XDG_RUNTIME_DIR="/run/user/1000"
declare -x XDG_SESSION_ID="1"
declare -x XDG_SESSION_TYPE="x11"
declare -x _assuan_pipe_connect_pid="4355"
[~]$ PINENTRY_USER_DATA=foobarbaz gpg --decrypt /home/farblos/tmp/pinentry.gpg
gpg: encrypted with 3072-bit RSA key, ID 646746DE42C89279, created 2022-11-30
"backup"
gpg: decryption failed: No secret key
[~]$ cat /tmp/pinentry.log
Tue May 7 12:08:16 CEST 2024
declare -x DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/1000/bus"
declare -x DISPLAY=":0"
declare -x GSM_SKIP_SSH_AGENT_WORKAROUND="true"
declare -x HOME="/home/farblos"
declare -x INVOCATION_ID="73be729ef883415aaf43ca4a4de2049b"
declare -x JOURNAL_STREAM="8:18301"
declare -x LANG="en_US.UTF-8"
declare -x LANGUAGE="en_US:en"
declare -x LC_COLLATE="POSIX"
declare -x LC_MEASUREMENT="de_DE.UTF-8"
declare -x LC_PAPER="de_DE.UTF-8"
declare -x LC_TIME="POSIX"
declare -x LISTEN_FDNAMES="extra:ssh:std:browser"
declare -x LISTEN_FDS="4"
declare -x LISTEN_PID="4355"
declare -x LOGNAME="farblos"
declare -x MANAGERPID="1776"
declare -x MEMORY_PRESSURE_WATCH="/sys/fs/cgroup/user.slice/user-1000.slice/user at 1000.service/app.slice/gpg-agent.service/memory.pressure"
declare -x MEMORY_PRESSURE_WRITE="c29tZSAyMDAwMDAgMjAwMDAwMAA="
declare -x OLDPWD
declare -x PATH="/home/farblos/bin:/root/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games"
declare -x PWD="/home/farblos"
declare -x SHELL="/bin/bash"
declare -x SHLVL="1"
declare -x SSH_AUTH_SOCK="/run/user/1000/gnupg/S.gpg-agent.ssh"
declare -x SYSTEMD_EXEC_PID="4355"
declare -x USER="farblos"
declare -x XAUTHORITY="/home/farblos/.Xauthority"
declare -x XDG_RUNTIME_DIR="/run/user/1000"
declare -x XDG_SESSION_ID="1"
declare -x XDG_SESSION_TYPE="x11"
declare -x _assuan_pipe_connect_pid="4355"
I also took debug traces of the agent, which show that the pinentry user
data is passed from gpg to the agent through assuan, but not forwarded
from there to the pinentry. Data available on request.
More information about the pkg-gnupg-maint
mailing list