Re: [opensuse] Pinentry problem
On Wed, Mar 17, 2010 at 11:59:55AM -0400, Anton Aylward wrote:
Petr Uzel said the following on 03/17/2010 11:01 AM:
Graphical pinentry's have precedence over pinentry-curses. If DISPLAY is not set, then pinentry-{qt,gtk-2} runs pinentry-curses instead. If you don't like this behavior, you can modify gpg-agent.conf as mentioned above.
That is not the case. From tty2 I ran 'sh - /usr/bin/pinentry' I recorded it with 'script' Sadly, "who am i" doens't seem to work within script, so you'll have to take my word that this was on tty2
The result is:
Script started on Wed 17 Mar 2010 11:49:22 AM EDT anton@BigBoy:~/tmp> anton@BigBoy:~/tmp> unset DISPLAY anton@BigBoy:~/tmp> sh -x /usr/bin/pinentry + kde_running= + '[' -n '' ']' + '[' -n '' ']' + arg= + display= + '[' -n '' ']' + '[' -n '' -a x = 4x -a -f /usr/bin/pinentry-qt4 ']' + '[' -n '' -a -f /usr/bin/pinentry-qt ']' + '[' -f /usr/bin/pinentry-gtk-2 ']' + export PINENTRY_BINARY=/usr/bin/pinentry-gtk-2 + PINENTRY_BINARY=/usr/bin/pinentry-gtk-2 + exec /usr/bin/pinentry-gtk-2 OK Your orders please
Yes, that's expected. Most likely I wasn't clear before. You are right that in such case it is pinentry-gtk-2, what is 'selected' by /usr/bin/pinentry script. But since it figures out there is no $DISPLAY, it runs pinentry-curses-like interface which is embedded into pinentry-gtk-2 binary (as well as to other graphical pinentry's). You can verify this by doing the following at tty2: gpg --sign some_file -> pinentry-curses dialog appears, don't close it switch to another console and issue ps aux | grep pinentry -> it shows it is actually pinentry-gtk-2, which does the curses-like interface.
^C anton@BigBoy:~/tmp> exit
Script done on Wed 17 Mar 2010 11:50:02 AM EDT
That's what I eamn about the if/elseif chain being wrong. That code segment reads
# otherwise test if pinentry-gtk-2 is installed elif [ -f /usr/bin/pinentry-gtk-2 ] then export PINENTRY_BINARY="/usr/bin/pinentry-gtk-2" # otherwise test if pinentry-qt4 exists although KDE is not detected elif [ -f /usr/bin/pinentry-qt4 ] then export PINENTRY_BINARY="/usr/bin/pinentry-qt4" # otherwise test if pinentry-qt exists although KDE is not detected elif [ -f /usr/bin/pinentry-qt ] then export PINENTRY_BINARY="/usr/bin/pinentry-qt" # pinentry-curses is installed by default else export PINENTRY_BINARY="/usr/bin/pinentry-curses" fi
So if -gtk-2 or -qt4 or -qt exist they well be used EVEN IF KDE IS NOT DETECTED.
And what would you suggest to use instead?
I think this is WRONG !
Pinentry-curses is used as a fallback only if there is no graphical pinentry installed. That's intentional. Since every graphical pinentry provides also embedded pinentry-curses interface, this is fine IMHO.
The test for KDE only happens if DISPLAY is set.
If DISPLAY is not set, why should we care about KDE/GNOME? It even does not make sense. Or am I missing something?
So what about other window managers? Sorry, I don't get this question.
Anyway, this whole question about which pinentry version should be ran under various circumstances seems to be totally unrelated to the original issue with keychain freezing. Did you manage to test the workaround? Thanks, Petr -- Petr Uzel, openSUSE Boosters Team IRC: ptr_uzl @ freenode
Petr Uzel said the following on 03/18/2010 05:54 AM:
Yes, that's expected. Most likely I wasn't clear before. You are right that in such case it is pinentry-gtk-2, what is 'selected' by /usr/bin/pinentry script. But since it figures out there is no $DISPLAY, it runs pinentry-curses-like interface which is embedded into pinentry-gtk-2 binary (as well as to other graphical pinentry's).
If that's the case then the if/elsif tree is pointless. First, because it will never get to pinentry-curses and secondly if the -curses code is embedded in the GUI versions, why bother having a -cures version anyway. There's something here that's either pretty dumb or doesn't make sense.
You can verify this by doing the following at tty2:
gpg --sign some_file -> pinentry-curses dialog appears, don't close it switch to another console and issue ps aux | grep pinentry -> it shows it is actually pinentry-gtk-2, which does the curses-like interface.
Done. It is so :-)
So if -gtk-2 or -qt4 or -qt exist they well be used EVEN IF KDE IS NOT DETECTED.
And what would you suggest to use instead?
As I said, it the -curses version in embedded then any of them will do and the test and if/elseif tree are pointless.
I think this is WRONG !
Pinentry-curses is used as a fallback only if there is no graphical pinentry installed. That's intentional. Since every graphical pinentry provides also embedded pinentry-curses interface, this is fine IMHO.
So why have all those packages?
The test for KDE only happens if DISPLAY is set.
If DISPLAY is not set, why should we care about KDE/GNOME? It even does not make sense. Or am I missing something?
So what about other window managers? Sorry, I don't get this question.
I phrased that badly. If DISPLAY is set then there is _some_ windows manager running. How to choose between the one for Gnome and the one for KDE? Or something else.? Oh, right. Gtk-2 is enough. Which gets back to my original question, why have more than one if Gtk-2 can work for KDE (It does I just tested it) and has the -curses code in it. Why have the shell script? Why have -qt and -qt4 when just one package will do the job? -- 'Faith' means not _wanting_ to know what is true. -- Nietzsche, Der Antichrist -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, Mar 18, 2010 at 08:34:39AM -0400, Anton Aylward wrote:
Petr Uzel said the following on 03/18/2010 05:54 AM:
Yes, that's expected. Most likely I wasn't clear before. You are right that in such case it is pinentry-gtk-2, what is 'selected' by /usr/bin/pinentry script. But since it figures out there is no $DISPLAY, it runs pinentry-curses-like interface which is embedded into pinentry-gtk-2 binary (as well as to other graphical pinentry's).
If that's the case then the if/elsif tree is pointless. First, because it will never get to pinentry-curses and secondly if the -curses code is embedded in the GUI versions, why bother having a -cures version anyway.
There's something here that's either pretty dumb or doesn't make sense.
Imagine minimal server installation - only pinentry-curses is installed there and in such case it is selected. gpg2 depends only on pinentry-curses. -qt and -gtk-2 are pulled by KDE4/GNOME patterns. [...]
The test for KDE only happens if DISPLAY is set.
If DISPLAY is not set, why should we care about KDE/GNOME? It even does not make sense. Or am I missing something?
So what about other window managers? Sorry, I don't get this question.
I phrased that badly.
If DISPLAY is set then there is _some_ windows manager running. How to choose between the one for Gnome and the one for KDE? Or something else.?
Oh, right. Gtk-2 is enough. Which gets back to my original question, why have more than one if Gtk-2 can work for KDE (It does I just tested it) and has the -curses code in it.
Yes, it works, but - to have consistent look and feel, KDE4 users prefer pinentry-qt4 - why should KDE4 installation pull all gtk2 libraries just because of pinentry-gtk-2 ?
Why have the shell script? Why have -qt and -qt4 when just one package will do the job?
You're right that -qt likely could be dropped. Petr -- Petr Uzel, openSUSE Boosters Team IRC: ptr_uzl @ freenode
Petr Uzel said the following on 03/18/2010 10:48 AM:
On Thu, Mar 18, 2010 at 08:34:39AM -0400, Anton Aylward wrote:
Petr Uzel said the following on 03/18/2010 05:54 AM:
Yes, that's expected. Most likely I wasn't clear before. You are right that in such case it is pinentry-gtk-2, what is 'selected' by /usr/bin/pinentry script. But since it figures out there is no $DISPLAY, it runs pinentry-curses-like interface which is embedded into pinentry-gtk-2 binary (as well as to other graphical pinentry's).
If that's the case then the if/elsif tree is pointless. First, because it will never get to pinentry-curses and secondly if the -curses code is embedded in the GUI versions, why bother having a -cures version anyway.
There's something here that's either pretty dumb or doesn't make sense.
Imagine minimal server installation - only pinentry-curses is installed there and in such case it is selected. gpg2 depends only on pinentry-curses. -qt and -gtk-2 are pulled by KDE4/GNOME patterns.
[...]
The test for KDE only happens if DISPLAY is set.
If DISPLAY is not set, why should we care about KDE/GNOME? It even does not make sense. Or am I missing something?
So what about other window managers? Sorry, I don't get this question.
I phrased that badly.
If DISPLAY is set then there is _some_ windows manager running. How to choose between the one for Gnome and the one for KDE? Or something else.?
Oh, right. Gtk-2 is enough. Which gets back to my original question, why have more than one if Gtk-2 can work for KDE (It does I just tested it) and has the -curses code in it.
Yes, it works, but - to have consistent look and feel, KDE4 users prefer pinentry-qt4 - why should KDE4 installation pull all gtk2 libraries just because of pinentry-gtk-2 ?
So ... * any one of the GUI pinentry packages is sufficient. * if I have KDE I can drop -gtk-2 and install -qt4
Why have the shell script? Why have -qt and -qt4 when just one package will do the job?
You're right that -qt likely could be dropped.
Done. All this makes me think that here should be something like the NSSSwtich but for the GUI. One tool, this and others, that uses a 'standard' API that goes to the right libraries. I'd like that in Firefox and Thunderbird; I hate having to load all the gtk2 libraries for them. I want a PURE KDE system. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, Mar 18, 2010 at 11:29:07AM -0400, Anton Aylward wrote:
Petr Uzel said the following on 03/18/2010 10:48 AM:
Yes, it works, but - to have consistent look and feel, KDE4 users prefer pinentry-qt4 - why should KDE4 installation pull all gtk2 libraries just because of pinentry-gtk-2 ?
So ...
* any one of the GUI pinentry packages is sufficient. * if I have KDE I can drop -gtk-2 and install -qt4 Yes.
Petr -- Petr Uzel, openSUSE Boosters Team IRC: ptr_uzl @ freenode
Petr Uzel said the following on 03/18/2010 11:37 AM:
On Thu, Mar 18, 2010 at 11:29:07AM -0400, Anton Aylward wrote:
Petr Uzel said the following on 03/18/2010 10:48 AM:
Yes, it works, but - to have consistent look and feel, KDE4 users prefer pinentry-qt4 - why should KDE4 installation pull all gtk2 libraries just because of pinentry-gtk-2 ?
So ...
* any one of the GUI pinentry packages is sufficient. * if I have KDE I can drop -gtk-2 and install -qt4 Yes.
That's what I thought, too. Experimentation proves otherwise. See my later email. -- "Objectives are not fate; they are direction. They are not commands; they are commitments. They do not determine the future; they are a means to mobilize resources and energies of the business for the making of the future." -- Peter F. Drucker. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anton Aylward said the following on 03/18/2010 11:29 AM:
So ...
* any one of the GUI pinentry packages is sufficient. * if I have KDE I can drop -gtk-2 and install -qt4
Apparently not. I removed -gtk-2 and installed -qt4. Works fine under Gnome But when I log in from a tty it fails. It asks if pinentry is installed But.. pinentry-0.7.6-5.5.i586 pinentry-qt4-0.7.6-5.5.i586 so pinentry-curses *IS* installed. Something is wrong with that shell script! Surely its logic should be if DISPLAY isn't set then skip to using pinentry-curses -- When you are in any contest you should work as if there were - to the very last minute - a chance to lose it. Dwight D. Eisenhower -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, Mar 18, 2010 at 11:48:32AM -0400, Anton Aylward wrote:
Anton Aylward said the following on 03/18/2010 11:29 AM:
So ...
* any one of the GUI pinentry packages is sufficient. * if I have KDE I can drop -gtk-2 and install -qt4
Apparently not.
I removed -gtk-2 and installed -qt4. Works fine under Gnome
But when I log in from a tty it fails. It asks if pinentry is installed
You are right - it seems that unlike -qt and -gtk-2, pinentry-qt4 fails (does not fall back to curses interface) when executed without DISPLAY.
But.. pinentry-0.7.6-5.5.i586 pinentry-qt4-0.7.6-5.5.i586
so pinentry-curses *IS* installed.
Something is wrong with that shell script! Surely its logic should be
if DISPLAY isn't set then skip to using pinentry-curses
I agree. Will do. Thanks for the report! Petr -- Petr Uzel, openSUSE Boosters Team IRC: ptr_uzl @ freenode
participants (2)
-
Anton Aylward -
Petr Uzel