[pkg-gnupg-maint] Bug#1092631: pinentry-gnome3: Since other bugs against pinentry-gnome3, that cause system breakage, aren't being addressed, please remove package from debian

Tim Connors reportbug at rather.puzzling.org
Fri Jan 10 08:45:01 GMT 2025 

Package: pinentry-gnome3
Severity: important

Yes, this bug is different to all the other open bugs, because I'm
requesting the apparently unfixable offending package be removed from
Debian.

It is clear from bugs 823492 841909 842015 842334 842908 (which should
be grave, because when remote, the system is irrecoverable without
being local or killing the entire local session, which will invoke
it's own dataloss; thus temporary dataloss is guaranteed, as I found
yesterday when I tried to retrieve my banking password when attempting
to pay a multi-thousand dollar bill) 845565 853066 559101 801247 and
795368 that nearly a decade later (with no movement in the bugs made
in 8 years), pinentry-gnome3 is never going to be fixed to work on any
system that uses the native capabilities of network transparency and
X11 forwarding that we've been able to take for granted on X11 for the
past 40 years (quelle surprise that something gnome related would
consider that there are people other than gnome-users on the planet)
and that the authors of the software are not able to see that there
are alternative uses to shared computers from that envisaged by the
author's personal experience, so please remove this package from
debian so it stops breaking everyone's systems all the time.


*Something* keeps on installing pinentry-gnome3 through dependencies
on my systems.  Every time this happens, my ability to enter a
password into for example, gpg, is completely broken.  I'm not even
using gnome, so the comments in 841909 are irrelevant as to how to fix
it ("log out when sshing in" - how about "No.")!  I'm not using the
gnome screensaver (I'm using xscreensaver, with its locking
mechanism), and I'd rather not use gcr nor gnome-keyring, since they
were pulled in involuntarily and I'm not using gnome.  Note that
regardless of a sysadmin or package manager's choices as to what
packages should be installed on a shared system, that doesn't go
giving software that's not running on behalf of that user permission
to decide that it should take over the responsibility of displaying a
dialog (on the wrong display device).

  "DISPLAY has nothing to do with how pinentry-gnome3 works.
  pinentry-gnome3 does not communicate with any X11 session -- it
  communicates with a d-bus session."

Well it sounds like that's the source of the bug.  On what universe
would you ever want `pinentry` to ask for a password on a different
device to where `gpg --batch --decrypt ...` was invoked from?  I can
invoke `gpg --batch` from $DISPLAY=:0, DISPLAY=unset,
DISPLAY=localhost:13.0, etc - so pop up pinentry on that $DISPLAY, and
fallback to /dev/tty if /dev/tty is able to be opened.

"Why am I even using pinentry-gnome3 rather than pinentry-gtk2"?
Because something keeps on pulling it in, apparently
unnecessarily. But I have all the other pinentry's installed, so
fallback to them if the user's situation doesn't match a running gnome
session.

  "(ssh'ing into machines which have concurrent graphical sessions is
  not a common pattern afaict)."

And yet, here we are 11 open bugs later.  It surprises me that debian
maintainers *aren't* sshing everywhere.  What do you even do with your
computers?  How do you get into test systems without ssh?




-- System Information:
Debian Release: 12.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable'), (5, 'testing'), (2, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.10.11+bpo-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages pinentry-gnome3 depends on:
pn  gcr              <none>
ii  libassuan0       2.5.5-5
pn  libassuan9       <none>
ii  libc6            2.36-9+deb12u9
ii  libgcr-base-3-1  3.41.1-1+b1
ii  libglib2.0-0     2.74.6-2+deb12u4
pn  libglib2.0-0t64  <none>
ii  libgpg-error0    1.46-1
ii  libncursesw6     6.4-4
ii  libsecret-1-0    0.20.5-3
ii  libtinfo6        6.4-4

Versions of packages pinentry-gnome3 recommends:
ii  dbus-user-session  1.14.10-1~deb12u1

Versions of packages pinentry-gnome3 suggests:
pn  pinentry-doc  <none>

More information about the pkg-gnupg-maint mailing list