[pkg-gnupg-maint] Bug#839991: gnupg-agent: 'allow-emacs-pinentry' setting in agent conf makes gpg2 respond no secret key
Werner Koch
wk at gnupg.org
Sat Oct 8 10:56:52 CEST 2016
Hi!
[CCing Ueno-san as Emacs Pinentry author]
On Fri, 7 Oct 2016 22:52, dkg at fifthhorseman.net said:
> Oct 07 16:39:10 alice gpg-agent[20025]: DBG: chan_9 <- OK Pleased to meet you, process 20025
Note to self: We should really print the type and version of the
Pinentry here.
> Oct 07 16:39:10 alice gpg-agent[20025]: DBG: chan_9 -> OPTION allow-emacs-prompt
> Oct 07 16:39:10 alice gpg-agent[20025]: DBG: chan_9 <- ERR 83886140 Not supported <Pinentry>
Okay, so pinentry knows about this option but opts to tell the caller
that it does not support it.
In gpg-agent we
> rc = assuan_transact (entry_ctx, "OPTION allow-emacs-prompt",
> NULL, NULL, NULL, NULL, NULL, NULL);
> if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION)
> return unlock_pinentry (rc);
bail out on this error because the Pinentry told us that it knows about
the option. So it was a Pinentry choice to return that error.
> No debian pinentries currently support emacs mode, fwiw. But whether
> they should or not is probably a different bug report than this one.
The interesting part is in Pinentry:
else if (!strcmp (key, "allow-emacs-prompt") && !*value)
{
#ifdef INSIDE_EMACS
pinentry_enable_emacs_cmd_handler ();
#else
return gpg_error (GPG_ERR_NOT_SUPPORTED);
#endif
}
Thus pinentry always tells us that it is not supported unless it is a
Pinentry which was build with Emacs support.
Alrthough we could handle this in gpg-agent, I consider it better to fix
this in Pinentry. The name "allow-emacs-prompt" means to me that Emacs
support is optional and thus Pinentry should just return OK. A new
Pinentry version is anyway due.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 162 bytes
Desc: not available
URL: </pipermail/attachments/20161008/ac6ca6b4/attachment.sig>
More information about the Gnupg-devel
mailing list