[PATCH] Add inside-Emacs mode to GUI pinentry programs

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Jun 9 04:57:45 CEST 2015 

Hi Daiki--

thanks for your work on this.  A couple questions/comments below...

On Mon 2015-06-08 00:05:01 -0400, Daiki Ueno wrote:
> --- a/gnome3/pinentry-gnome3.c
> +++ b/gnome3/pinentry-gnome3.c
 [...]
> @@ -253,14 +257,21 @@ main (int argc, char *argv[])
>  {
>    pinentry_init (PGMNAME);
>  
> -#ifdef FALLBACK_CURSES
> -  if (pinentry_have_display (argc, argv))
> -    gtk_init (&argc, &argv);
> +#ifdef INSIDE_EMACS
> +  if (pinentry_inside_emacs ())
> +    pinentry_cmd_handler = emacs_cmd_handler;
>    else
> -    pinentry_cmd_handler = curses_cmd_handler;
> +#endif
> +    {
> +#ifdef FALLBACK_CURSES
> +      if (pinentry_have_display (argc, argv))
> +	gtk_init (&argc, &argv);
> +      else
> +	pinentry_cmd_handler = curses_cmd_handler;
>  #else
> -  gtk_init (&argc, &argv);
> +      gtk_init (&argc, &argv);
>  #endif
> +    }
>  
>    pinentry_parse_opts (argc, argv);

This worries me a bit.  I use emacs regularly, and i often use emacs
under X11.  I'd generally rather that emacs *not* ever see or touch my
passphrase or my secret key material, deferring instead to gpg-agent and
graphical pinentry prompts to retain its ignorance.

But i think the code you've outlined above makes it so that pinentry
will be used automatically as long as it is detected as running within
emacs.  is that right?  What can i do to ensure that this doesn't
happen, if i want to rely on either pinentry-curses (without X11) or one
of the graphical pinentries, while still invoking GnuPG from within
emacs?


> --- /dev/null
> +++ b/pinentry/pinentry-emacs.c
 [...]
> +int
> +pinentry_inside_emacs (void)
> +{
> +  const char *envvar;
> +
> +  /* Check if INSIDE_EMACS envvar is set.  */
> +  envvar = getenv ("INSIDE_EMACS");
> +  if (!envvar || !*envvar)
> +    return 0;
> +
> +  /* FIXME: Additional checks for the value.  */
> +  return pinentry_emacs_init ();
> +}

What does the FIXME above mean?  What checks do you imagine going here?
what problems could happen if the checks are not done?

     --dkg

More information about the Gnupg-devel mailing list