On Mon, Dec 05, 2016 at 08:53:36PM -0500, Daniel Kahn Gillmor wrote: > On Mon 2016-12-05 18:23:14 -0500, Adam Borowski wrote: > > Same if you have a running X session but try to sign from the console; > > killing the gpg-agent doesn't help. > > Please see https://bugs.debian.org/842015 for a very lengthy discussion > of this issue. I think this is the same thing, so i'm inclined to merge > it in with that bug report (and the other three bug reports already > merged there). [...] > So I think the problem you're describing is only happening when: > > 0) pinentry-gnome3 is the default pinentry on the system, and
[~]$ dpkg -l 'pinentry*' un pinentry <none> <none> (no description available) ii pinentry-curses 0.9.7-9 amd64 curses-based PIN or pass-phrase entry un pinentry-doc <none> <none> (no description available) ii pinentry-gtk2 0.9.7-9 amd64 GTK+-2-based PIN or pass-phrase entry un pinentry-x11 <none> <none> (no description available) > 1) dbus-user-session is installed and configured, and [~]$ dpkg -l 'dbus*' ii dbus 1.10.14-1.0no amd64 simple interprocess messaging system un dbus-session-bus <none> <none> (no description available) ii dbus-x11 1.10.14-1.0no amd64 simple interprocess messaging system > 2) the user is logged into the system via ssh, and Same happens on the text console. On the other hand, logging in graphically again (via vnc) lets me sign inside that session. > 3) the user is *also* logged into the graphical console, and Yeah. > 4) the graphical console is not screenlocked. It is locked. > This is an worrisome way to operate the agent, since it grants access to > your keys to anyone sitting at the unlocked console The graphical console is locked, so is my home. Meow! -- u-boot problems can be solved with the help of your old SCSI manuals, the parts that deal with goat termination. You need a black-handled knife, and an appropriate set of candles (number and color matters). Or was it a silver-handled knife? Crap, need to look that up.
