Bug#842015: [pkg-gnupg-maint] Bug#842015: gnupg: gpg --no-tty freezes when there is no X display

Tue, 25 Oct 2016 14:42:43 -0700 

Control: tags 842015 - unreproducible moreinfo
Control: tags 842015 + upstream
Control: forwarded 842015 https://bugs.gnupg.org/gnupg/issue2818

Hi Vincent--

I think your analysis is correct:

On Tue 2016-10-25 14:35:49 -0400, Vincent Lefevre wrote:
> This happened when I was at my lab and connected to my machine
> at home, and I've just gone back home and was surprised to see
> the dialog boxes (pinentry?) to type my passphrase.
>
> I think that what happened is the following:
>
> 1. Start an X session locally on machine A.
>    I suppose that this starts gpg-agent automatically (otherwise
>    maybe an "emacs file.gpg" is needed too).

It is intended behavior that gpg-agent should start automatically from
your graphical session.  Since we use the standard socket location, each
user account on a given machine uses the same gpg-agent.

> 2. From machine B, do "ssh A" (without X forwarding).
>
> 3. From this ssh session, do "emacs file.gpg".

since each user has a single gpg-agent (thanks to the standard-socket),
I see a few choices here:

 a) use pinentry-emacs where possible (this won't currently work within
    debian since none of our pinentry implementations are configured to
    support emacs, though this could change)

 b) emacs could use "--pinentry-mode loopback" and directly handle the
    user's passphrase

 c) emacs could pass its controlling tty to the gpg process and rely on
    pinentry-curses or pinentry-tty (or any comparable fallback
    mechanism) to handle the situation.

I've opened the uptsream bug report
https://bugs.gnupg.org/gnupg/issue2818 to try to track this problem, as
i'm not sure the best way to solve it.

> It seems that gpg connects to gpg-agent, which thinks that the
> current screen is the one that corresponds to the X session,
> which is obviously wrong. At least, gpg and gpg-agent shouldn't
> assume that they have the same $DISPLAY in their environment.
>
> Before I do anything else, can you reproduce the problem with
> something like that?

yep, thanks, this is the info we needed.  I've dropped the
unreproducible and moreinfo tags.

     --dkg

Attachment: signature.asc
Description: PGP signature

Reply via email to