scim and pinentry-gtk2

Robby Workman rw at rlworkman.net
Tue Apr 8 20:15:19 CEST 2008 

Note: added Eric Hameleers to CC list; please preserve in replies...

Marcus Brinkmann wrote:
> At Wed, 19 Mar 2008 00:02:08 -0500,
> Robby Workman <rw at rlworkman.net> wrote:
>> Marcus Brinkmann wrote:
>>> At Thu, 21 Feb 2008 15:46:02 -0600,
>>> Robby Workman <rw at rlworkman.net> wrote:
>>>> To make a long story short, pinentry-gtk2 doesn't receive keyboard
>>>> input when scim is being used.  This has previously been reported
>>>> to both Ubuntu and OpenSuSE, and after scim and friends were recently
>>>> added to Slackware, we're seeing it there.
>>>>
>>>>    https://bugs.launchpad.net/ubuntu/+source/pinentry/+bug/176815
>>>>
>>>>    https://bugzilla.novell.com/show_bug.cgi?id=330073#c5
>>>>
>>>> Any idea what's at fault?
>>> pinentry grabs the keyboard and the screen by default (there is an
>>> option to switch it off).  Maybe scim doesn't work well with that?
>>
>> Hi Marcus,
>>
>> Sorry for the delay - I've unfortunately been short on time lately.
>>
>> Starting gpg-agent with the --no-grab option has no effect.
>> This is quite annoying for users who need alternate input methods,
>> especially scim.  Maybe I'm missing something obvious, but here's
>> how it appears to me:
>>
>> 1.  Pinentry is a GTK+ app.
>> 2.  GTK+ apps can use GTK+ input methods.
>> 3.  Rather than using an input method, pinentry grabs the raw input.
>>
>> I understand that there are perhaps security concerns with not
>> grabbing raw input, but surely there's a way to fix this?
>> pinentry-qt handles this just fine, btw...
> 
> If it can be implemented without linking to any more libraries, I
> would suggest a command line option to enable external input methods.
> 
> If more libraries are required, or if there is a slippery slope
> towards more GNOME/Gtk compliance, it might make sense to provide two
> separate versions of pinentry: A hardened version based on the current
> code, and a weakened version that does not make extra efforts to be
> secure, but instead complies to a multitude of GUI standards.
> 
> How does this sound?


I suppose the command line option to pinentry might be acceptable,
but there would need to be some way to specify in gpg-agent that
pinentry should be called with the --scim (or whatever) option.
Perhaps it could check for the presence of the XIM_PROGRAM or
GTK_IM_MODULE environment variables and automatically do the right
thing.

Alternatively, a pinentry-scim binary (which could then be specified
in gpg-agent with --pinentry-program) would be acceptable, I suppose.

I know basically nothing about gtk programming, but I must admit that
I find it hard to believe that there's no "correct" way to do this
in gtk without either command line options to pinentry or a special
pinentry binary -- obviously qt provides the ability, so surely gtk
does as well?

-RW

More information about the Gnupg-devel mailing list