Pinentry with flatpak applications
jay.kayes at posteo.com
jay.kayes at posteo.com
Sat Feb 8 22:29:21 CET 2025
On 2025-02-08 20:50, Sam Overton via Gnupg-users wrote:
> I have a proposed patch which I am preparing to send which adds a
> gpg-agent configuration parameter to specify which environment
> variables sent by the client should be *ignored* by the agent. This
> solves the problem in my case, by filtering out
> DBUS_SESSION_BUS_ADDRESS ensuring that the agent's environment is used
> by pinentry (for that specific env-var).
Looking forward to it. Are you proposing to ignore by default, or give
the possibility to ignore DBUS_SESSION_BUS_ADDRESS? With the popularity
of Flatpak apps, ignoring DBUS_SESSION_BUS_ADDRESS by default feels like
it would be better UX overall. On the other hand, there must be a
usecase for passing through the dbus address to pinentry which I'm not
seeing.
> In the meantime, the workaround I have been using is to configure
> gpg-agent to use a custom pinentry command (~/.gnupg/gpg-agent.conf):
>
> pinentry-program /home/sam/bin/pinentry-wrap
>
> which then sets the correct environment for pinentry (pinentry-wrap):
Ingenious hack, obvious in hindsight! Cheers for the idea, I'll
implement this while waiting for your patch to trickle through the
supply chain ;)
> AFAIK the agent only accepts a specific list of environment variables
> from the client which can be listed using:
>
> $ gpg-connect-agent 'getinfo std_env_names' /bye
Ah the wonderful niche commands that are available... if one only knew.
BR Jay
More information about the Gnupg-users
mailing list