Pinentry with flatpak applications
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Feb 11 03:16:47 CET 2025
On Mon 2025-02-10 16:26:05 +0100, Werner Koch wrote:
> On Sun, 9 Feb 2025 23:53, Daniel Kahn Gillmor said:
>
>> What if, in a FreeDesktop environment, the overall policy was just:
>>
>> - gpg-agent decides where to display the pinentry, *not* the gpg
>> invocation which talks to gpg-agent
>
> Very funny: The pinentry pops up on the remove machine you are connected
> to.
I'm not sure i understand what you mean by this. In this case, folks
are talking about a *local* machine that has multiple channels that
*might* give feedback to the user (whether it's a dbus session or X11
display or whatever. It's not a remote machine.
> But we actually have options for this --keep-tty and --keep-display
> which locks the pinentry to the tty were gpg-agent was started.
> Original use case was to show the pinentry in a fixed screen(1) session.
So maybe --keep-display is the option that jay and Sam need to add to
~/.gnupg/gpg-agent.conf, then? Should those options also cover
DBUS_SESSION_BUS_ADDRESS? or should we add a third option
--keep-dbus-session? or should there really just be one option,
something like --keep-user-channel, which resists the temptation to
adjust any of these settings?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250210/61228d13/attachment.sig>
More information about the Gnupg-users
mailing list