Package: pinentry-gnome3
Version: 1.1.0-1+b1
Severity: normal
When using a standard gnome session, all invocations of pinentry-gnome3
attempt to prompt via a GUI popup on that session, even if the specific
instance has no DISPLAY set.
As an example use case, you boot your system, login to your gnome
session, and then leave the house, realize you need something, and ssh
home. Then you proceed to try and decrypt a file with gpg.
No DISPLAY is set, but at this point everything fails, pinentry-gnome3
tries to prompt on the desktop, and since you're not at the desktop, you
can't use gpg.
If you are instead using pinentry-gtk-2 it correctly detects that you
don't have a DISPLAY, and falls back to the curses interface.
Looking at the code, it sure looks like it tries to handle this, by
checking to see if there is a DBUS_SESSION_BUS_ADDRESS (which there is,
inherited from the gpg-agent), if a gcr system prompt is available, and
trying to see if the screen is locked, however in my testing none of
these actually seem to work to detect that, indeed, the screen is locked
and the user isn't at the desktop any more.
To me the obvious solution is to also check and see if there is a
display set, using the same logic as pinentry-gtk-2, I have some fear
that this will break a pure wayland environment (one with no xwayland
involved), however I don't actually have one of those handy to test
with. If someone with a wayland environment could test this that would
be appreciated.
A proposed patch which works for me is attached.
(Note: It's hard to tell if some of the reports in #801247 would be
fixed by this patch or not, there seems to be multiple issues going on
in there.)
Regards,
Zephaniah E. Loss-Cutler-Hull.
Description: Check for a DISPLAY for pinentry-gnome3.
With pinentry-gnome3, it will attempt to unconditionally prompt on the
session's GUI for all cases, even if the actual session trying to decrypt
something has no DISPLAY set.
.
This can break horribly when, for example, you ssh into your box and try to
decrypt something with ssh.
.
The gtk2 varient handles this gracefully, and so we should too.
Author: Zephaniah E. Loss-Cutler-Hull <zephan...@gmail.com>
---
The information above should follow the Patch Tagging Guidelines, please
checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
are templates for supplementary fields that you might want to add:
Origin: <vendor|upstream|other>, <url of original patch>
Bug: <url in upstream bugtracker>
Bug-Debian: https://bugs.debian.org/<bugnumber>
Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
Forwarded: <no|not-needed|url proving that it has been forwarded>
Reviewed-By: <name and email of someone who approved the patch>
Last-Update: 2019-04-15
--- pinentry-1.1.0.orig/gnome3/pinentry-gnome3.c
+++ pinentry-1.1.0/gnome3/pinentry-gnome3.c
@@ -518,7 +518,13 @@ main (int argc, char *argv[])
pinentry_init (PGMNAME);
#ifdef FALLBACK_CURSES
- if (!getenv ("DBUS_SESSION_BUS_ADDRESS"))
+ if (!pinentry_have_display (argc, argv))
+ {
+ fprintf (stderr, "No display found, falling back to curses\n");
+ pinentry_cmd_handler = curses_cmd_handler;
+ pinentry_set_flavor_flag ("curses");
+ }
+ else if (!getenv ("DBUS_SESSION_BUS_ADDRESS"))
{
fprintf (stderr, "No $DBUS_SESSION_BUS_ADDRESS found,"
" falling back to curses\n");
