gpgme_op_delete_ext flag GPGME_DELETE_FORCE not working?
Mike Inman
mangocats at gmail.com
Tue Jun 19 23:43:32 CEST 2018
As a followup: I have done some tracing of the code, found that the
GPGME_DELETE_FORCE flag to gpgme_op_delete_ext causes a --yes option to be
added to the gpg command. I confirmed on command line that the behavior is
the same there: --yes does not suppress the "are you sure" graphic dialog
boxes when deleting keys. I was able to suppress the Terminal prompts by
going to --batch mode, but never the graphic dialogs when using gpg2, both
the 2.2.8 which I compiled from git, nor the 2.1.11 that apparently ships
with Ubuntu 16.04 by default. gpg 1.4.20 seems to never request graphic
confirmation to delete keys from command line, though a --batch was
required to suppress the terminal prompt.
I dug a little deeper into the gpg code and found that the --yes command
line flag seems to be translated to a --force option on the DELETE_KEY
command passed to assuan_transact(). I found this hint in
gnupg/agent/command.c:
DELETE_KEY [--force|--stub-only] <hexstring_with_keygrip>
Delete a secret key from the key store. If --force is used
and a loopback pinentry is allowed, the agent will not ask
the user for confirmation.
and a further breadcrumb in gpg-agent.texi
@opindex no-allow-loopback-pinentry
@opindex allow-loopback-pinentry
Disallow or allow clients to use the loopback pinentry features; see
the option @option{pinentry-mode} for details. Allow is the default.
The @option{--force} option of the Assuan command @command{DELETE_KEY}
is also controlled by this option: The option is ignored if a loopback
pinentry is disallowed.
but, I'm struggling with how to get the allow-loopback-pinentry option to
the gpg-agent? It is supposed to be the default, but something seems to be
defeating that in gpg2?
All of this raises a related system setup question: apparently, replacing
gpg 1.4.20 with gpg 2.x (as happens when building gpg from the git sources
into /usr/local/lib) breaks the apt-get package management system in
Ubuntu. What is the commonly practiced method (installation folders,
paths, etc.) for an up-to-date build of gpg that keeps it from breaking
apt-get?
Thanks,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180619/dbda805c/attachment.html>
More information about the Gnupg-users
mailing list