generic and flexible bindings for gpg without race conditions
Werner Koch
wk at gnupg.org
Sat Nov 26 17:40:24 CET 2016
On Wed, 12 Oct 2016 02:49, dkg at fifthhorseman.net said:
> With modern GnuPG, using this "send the password explicitly" mode
> requires --pinentry-mode=loopback, but neither classic nor stable
> supports this argument.
You could put
ignore-invalid-option pinentry-mode
pinentry-mode loopback
into gpg.conf but that would force the use of loopback for 2.1. The
ignore-invalid-option does only work with the configuraion file.
> additional subprocess ("gpg --version"), and a possible race condition
> (the subsequent call to gpg could hit a different installed gpg process
> than the one tested with --version if there was an upgrade in between
Which should not harm unless the upgrade is actually a downgrade.
> One way to resolve this would be to add --pinentry-mode=loopback as a
> dummy no-op parameter to classic and modern. This doesn't help for old
I am in favor of this.
The other alternative would be to switch to loopback mode in 2.1 as soon
as pinentry-fd is used. This has been suggested somewhere else. But
that would be surprising and doesn't work with symmetric only encryption.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: </pipermail/attachments/20161126/c7989e31/attachment.sig>
More information about the Gnupg-devel
mailing list