Running pinentry natively under MacOS.

Benjamin Donnachie benjamin at py-soft.co.uk
Tue May 9 15:15:19 CEST 2006


Charly Avital has kindly helped me check the following instructions and
they should now be correct.  The following steps are required to run
pinentry natively under Mac OS, ie without X11.

These steps also have the advantage that GUI programs which use ssh,
such as Fugu, can now work with smartcard logins.

NB These steps assume that you previously used darwinports to install
gpg2 and associated libraries in /opt/local.


	1. Firstly, install qt3-mac.  Available from www.trolltech.com or using
sudo port install qt3-mac.  (If using ports make sure you deactivate
other versions of qt first! eg sudo port deactivate qt3)

	2. Download and extract pinentry.  In the pinentry sub-directory apply
the attached patch-pinentry.diff patch.  ie patch -p0 <
/path/to/patch-pinentry.diff

	3. Then export MOC=/opt/local/bin/moc and export
LDFLAGS="-L/opt/local/lib -liconv" followed by ./configure
--enable-pinentry-qt --prefix=/opt/local
--with-qt-includes=/opt/local/include/qt3/
--with-qt-libraries=/opt/local/lib/ --disable-rpath
--disable-fallback-curses

	4. Make and then sudo make install.

	5. Create the directory /opt/local/pinentry-qt.app  Create the
subdirectories /opt/local/pinentry-qt.app/Contents/ and
/opt/local/pinentry-qt.app/Contents/MacOS  If performing these steps in
finder pinentry-qt.app will appear as an application, you will need to
right click and select Show Package Contents before creating the
subdirectories.

	6. Copy /opt/local/bin/pinentry-qt to
/opt/local/pinentry-qt.app/Contents/MacOS/

	7. Place attached files Info.plist and PkgInfo in
/opt/local/pinentry-qt.app/Contents/

	8. Modify ~/.gnupg/gpg-agent.conf so that pinentry-program points to
/opt/local/pinentry-qt.app/Contents/MacOS/pinentry-qt

	9. Download and extract the gpg2 source code (Currently v1.9.20).  Then
apply attached patch-gpgparsemail.diff, patch-scdaemon.diff and
patch-query.diff patches.

	10. Then export LDFLAGS="-L/opt/local/lib -lpth" followed by
./configure --prefix=/opt/local
--with-pinentry-pgm=/opt/local/pinentry-qt.app/Contents/MacOS/pinentry-qt
--enable-agent-only

	11. make and then sudo make install

Now test it has all worked - open a terminal, type eval
$(/opt/local/bin/gpg-agent --daemon) followed by echo test | gpg -ase -r
"your email address" | gpg

BE PATIENT!  It can take a few moments for pinentry to pop up.

At the moment - to work with Thunderbird/Enigmail you will need to start
it from a terminal.  The steps required are: open terminal, type eval
$(gpg-agent --daemon) and then
/Applications/Thunderbird/Contents/MacOS/thunderbird-bin

I am currently working on a solution which will negate this step.  (Any
Mac OS gurus out there, please get in touch!)

Ben


cc:
gnu-devel	For developers to incorporate my Mac OS patches if they
		wish.
opendarwin	For information of the gpg-agent and pinentry
		maintainers.
enigmail	For information of readers wishing to use Engimail with
		gpg-agent under Mac OS.
macgpg-users	Details of patches required to run gpg-agent and
		pinentry under Mac OS.
-------------- next part --------------
--- pinentry/pinentry.c	2004-12-22 11:37:50.000000000 +0000
+++ pinentry/pinentry.c	2006-05-08 01:54:55.000000000 +0100
@@ -255,12 +255,17 @@
 int
 pinentry_have_display (int argc, char **argv)
 {
+#if defined(Q_OS_MACX)
+  // If running native QT under Mac OS display is irrelevant
+  return 1;
+#else
   if (getenv ("DISPLAY"))
     return 1;
   for (; argc; argc--, argv++)
     if (!strcmp (*argv, "--display"))
       return 1;
   return 0;
+#endif
 }
 
 





-------------- next part --------------
A non-text attachment was scrubbed...
Name: Info.plist
Type: text/xml
Size: 318 bytes
Desc: not available
Url : /pipermail/attachments/20060509/6bcf89df/Info-0001.bin
-------------- next part --------------
APPL



-------------- next part --------------
--- scd/scdaemon.c 2005-10-27 09:37:09.000000000 +0100
+++ scd/scdaemon.c 2006-05-03 16:03:07.000000000 +0100
@@ -139,11 +139,12 @@
 /* The card dirver we use by default for PC/SC.  */
 #if defined(HAVE_W32_SYSTEM) || defined(__CYGWIN__)
 #define DEFAULT_PCSC_DRIVER "winscard.dll"
+#elif defined(__APPLE__)
+  #define DEFAULT_PCSC_DRIVER "/System/Library/Frameworks/PCSC.framework/PCSC"
 #else
 #define DEFAULT_PCSC_DRIVER "libpcsclite.so"
 #endif
 
-
 /* Flag to indicate that a shutdown was requested. */
 static int shutdown_pending;




-------------- next part --------------
--- tools/gpgparsemail.c   2005-12-14 10:45:28.000000000 +0000
+++ tools/gpgparsemail.c   2006-04-10 09:52:49.000000000 +0100
@@ -145,7 +145,7 @@
   return p;
 }
 
-static char *
+/* static */ char *
 stpcpy (char *a,const char *b)
 {
   while (*b)



-------------- next part --------------
--- agent/query.c	2005-11-28 09:55:57.000000000 +0000
+++ agent/query.c	2006-05-08 16:06:13.000000000 +0100
@@ -217,6 +217,16 @@
   else
     pgmname++;
 
+#if defined(__APPLE__)
+  // If running under MacOS then pinentry must be invoked by sh
+  // otherwise bundle information is not processed and pinentry will
+  // be unable to grab keyboard / screen.
+
+  argv[0] = "sh";
+  argv[1] = "-c";
+  argv[2] = opt.pinentry_program;
+  argv[3] = NULL;
+#else
   argv[0] = pgmname;
   if (ctrl->display && !opt.keep_display)
     {
@@ -226,7 +236,8 @@
     }
   else
     argv[1] = NULL;
-  
+#endif
+
   i=0;
   if (!opt.running_detached)
     {
@@ -237,8 +248,13 @@
   no_close_list[i] = -1;
 
   /* Connect to the pinentry and perform initial handshaking */
-  rc = assuan_pipe_connect2 (&ctx, opt.pinentry_program, (char**)argv,
-                             no_close_list, atfork_cb, NULL);
+  rc = assuan_pipe_connect2 (&ctx, 
+    #if defined(__APPLE__)
+      "/bin/sh"  // See above.
+    #else
+      opt.pinentry_program 
+    #endif
+    , (char**)argv, no_close_list, atfork_cb, NULL);
   if (rc)
     {
       log_error ("can't connect to the PIN entry module: %s\n",





More information about the Gnupg-users mailing list