[pkg-gnupg-maint] Bug#839991: gnupg-agent: 'allow-emacs-pinentry' setting in agent conf makes gpg2 respond no secret key

Werner Koch wk at gnupg.org
Sat Oct 8 10:56:52 CEST 2016 

Hi!

[CCing Ueno-san as Emacs Pinentry author]

On Fri,  7 Oct 2016 22:52, dkg at fifthhorseman.net said:

> Oct 07 16:39:10 alice gpg-agent[20025]: DBG: chan_9 <- OK Pleased to meet you, process 20025

Note to self: We should really print the type and version of the
Pinentry here.

> Oct 07 16:39:10 alice gpg-agent[20025]: DBG: chan_9 -> OPTION allow-emacs-prompt
> Oct 07 16:39:10 alice gpg-agent[20025]: DBG: chan_9 <- ERR 83886140 Not supported <Pinentry>

Okay, so pinentry knows about this option but opts to tell the caller
that it does not support it.

In gpg-agent we 

>       rc = assuan_transact (entry_ctx, "OPTION allow-emacs-prompt",
>                             NULL, NULL, NULL, NULL, NULL, NULL);
>       if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION)
>         return unlock_pinentry (rc);

bail out on this error because the Pinentry told us that it knows about
the option.  So it was a Pinentry choice to return that error.

> No debian pinentries currently support emacs mode, fwiw.  But whether
> they should or not is probably a different bug report than this one.

The interesting part is in Pinentry:

  else if (!strcmp (key, "allow-emacs-prompt") && !*value)
    {
#ifdef INSIDE_EMACS
      pinentry_enable_emacs_cmd_handler ();
#else
      return gpg_error (GPG_ERR_NOT_SUPPORTED);
#endif
    }

Thus pinentry always tells us that it is not supported unless it is a
Pinentry which was build with Emacs support.

Alrthough we could handle this in gpg-agent, I consider it better to fix
this in Pinentry.  The name "allow-emacs-prompt" means to me that Emacs
support is optional and thus Pinentry should just return OK.  A new
Pinentry version is anyway due.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 162 bytes
Desc: not available
URL: </pipermail/attachments/20161008/ac6ca6b4/attachment.sig>

More information about the Gnupg-devel mailing list