[PATCH] pinentry-curses: Make sure we've got a real terminal

Miroslav Koskar mk at mkoskar.com
Tue Oct 14 14:10:17 CEST 2014


I've came across following issue while using GPG with pinentry-curses.

I have a script which I run interactively but also as a part of systemd user
timer. That script is invoking gpg, and hence pinentry if passphrase in the
cache is stale. Inside systemd service/timer I can't reasonably set GPG_TTY,
so I keep it unset assuming gpg will fail gracefully. To my surprise pinentry
process will spin-up CPU to 100% not wanting to finish. As a workaround I could
run gpg with --batch for that special case.

I think more robust solution is for pinentry to make sure it "talks" to real
terminal device, hence following patch. It is solving problem above, having
pinentry to fail right away as expected.

It seems to me as pretty reasonable change, though I might have overlooked
some consequences. Please consider merging.

Thanks ;)

Miroslav Koskar

-- 8< --
 pinentry/pinentry-curses.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pinentry/pinentry-curses.c b/pinentry/pinentry-curses.c
index 58da255..c1000d9 100644
--- a/pinentry/pinentry-curses.c
+++ b/pinentry/pinentry-curses.c
@@ -745,11 +745,15 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type)
 	  errno = err;
 	  return -1;
+      if (!isatty(fileno(ttyfi)) || !isatty(fileno(ttyfo)))
+        return -1;
       screen = newterm (tty_type, ttyfo, ttyfi);
       set_term (screen);
+      if (!isatty(0) || !isatty(1))
+        return -1;
       if (!init_screen)
 	  init_screen = 1;

More information about the Gnupg-devel mailing list