Mailinglist Archive: opensuse (1523 mails)
| < Previous | Next > |
Re: [opensuse] Pinentry problem
- From: Petr Uzel <petr.uzel@xxxxxxx>
- Date: Thu, 18 Mar 2010 10:54:31 +0100
- Message-id: <20100318095431.GA6321@xxxxxxxxxxxxxx>
On Wed, Mar 17, 2010 at 11:59:55AM -0400, Anton Aylward wrote:
Yes, that's expected. Most likely I wasn't clear before. You are
right that in such case it is pinentry-gtk-2, what is 'selected' by
/usr/bin/pinentry script. But since it figures out there is no
$DISPLAY, it runs pinentry-curses-like interface which is embedded
into pinentry-gtk-2 binary (as well as to other graphical pinentry's).
You can verify this by doing the following at tty2:
gpg --sign some_file -> pinentry-curses dialog appears, don't close it
switch to another console and issue
ps aux | grep pinentry -> it shows it is actually pinentry-gtk-2,
which does the curses-like interface.
And what would you suggest to use instead?
Pinentry-curses is used as a fallback only if there is no graphical
pinentry installed. That's intentional. Since every graphical
pinentry provides also embedded pinentry-curses interface,
this is fine IMHO.
If DISPLAY is not set, why should we care about KDE/GNOME? It
even does not make sense. Or am I missing something?
Anyway, this whole question about which pinentry version should
be ran under various circumstances seems to be totally unrelated
to the original issue with keychain freezing. Did you manage
to test the workaround?
Thanks,
Petr
--
Petr Uzel, openSUSE Boosters Team
IRC: ptr_uzl @ freenode
Petr Uzel said the following on 03/17/2010 11:01 AM:
Graphical pinentry's have precedence over pinentry-curses. If DISPLAY
is not set, then pinentry-{qt,gtk-2} runs pinentry-curses instead.
If you don't like this behavior, you can modify gpg-agent.conf
as mentioned above.
That is not the case.
From tty2 I ran 'sh - /usr/bin/pinentry'
I recorded it with 'script'
Sadly, "who am i" doens't seem to work within script, so you'll have to
take my word that this was on tty2
The result is:
Script started on Wed 17 Mar 2010 11:49:22 AM EDT
anton@BigBoy:~/tmp>
anton@BigBoy:~/tmp> unset DISPLAY
anton@BigBoy:~/tmp> sh -x /usr/bin/pinentry
+ kde_running=
+ '[' -n '' ']'
+ '[' -n '' ']'
+ arg=
+ display=
+ '[' -n '' ']'
+ '[' -n '' -a x = 4x -a -f /usr/bin/pinentry-qt4 ']'
+ '[' -n '' -a -f /usr/bin/pinentry-qt ']'
+ '[' -f /usr/bin/pinentry-gtk-2 ']'
+ export PINENTRY_BINARY=/usr/bin/pinentry-gtk-2
+ PINENTRY_BINARY=/usr/bin/pinentry-gtk-2
+ exec /usr/bin/pinentry-gtk-2
OK Your orders please
Yes, that's expected. Most likely I wasn't clear before. You are
right that in such case it is pinentry-gtk-2, what is 'selected' by
/usr/bin/pinentry script. But since it figures out there is no
$DISPLAY, it runs pinentry-curses-like interface which is embedded
into pinentry-gtk-2 binary (as well as to other graphical pinentry's).
You can verify this by doing the following at tty2:
gpg --sign some_file -> pinentry-curses dialog appears, don't close it
switch to another console and issue
ps aux | grep pinentry -> it shows it is actually pinentry-gtk-2,
which does the curses-like interface.
^C
anton@BigBoy:~/tmp> exit
Script done on Wed 17 Mar 2010 11:50:02 AM EDT
That's what I eamn about the if/elseif chain being wrong.
That code segment reads
# otherwise test if pinentry-gtk-2 is installed
elif [ -f /usr/bin/pinentry-gtk-2 ]
then
export PINENTRY_BINARY="/usr/bin/pinentry-gtk-2"
# otherwise test if pinentry-qt4 exists although KDE is not detected
elif [ -f /usr/bin/pinentry-qt4 ]
then
export PINENTRY_BINARY="/usr/bin/pinentry-qt4"
# otherwise test if pinentry-qt exists although KDE is not detected
elif [ -f /usr/bin/pinentry-qt ]
then
export PINENTRY_BINARY="/usr/bin/pinentry-qt"
# pinentry-curses is installed by default
else
export PINENTRY_BINARY="/usr/bin/pinentry-curses"
fi
So if -gtk-2 or -qt4 or -qt exist they well be used
EVEN IF KDE IS NOT DETECTED.
And what would you suggest to use instead?
I think this is WRONG !
Pinentry-curses is used as a fallback only if there is no graphical
pinentry installed. That's intentional. Since every graphical
pinentry provides also embedded pinentry-curses interface,
this is fine IMHO.
The test for KDE only happens if DISPLAY is set.
If DISPLAY is not set, why should we care about KDE/GNOME? It
even does not make sense. Or am I missing something?
So what about other window managers?Sorry, I don't get this question.
Anyway, this whole question about which pinentry version should
be ran under various circumstances seems to be totally unrelated
to the original issue with keychain freezing. Did you manage
to test the workaround?
Thanks,
Petr
--
Petr Uzel, openSUSE Boosters Team
IRC: ptr_uzl @ freenode
| < Previous | Next > |