bug#24076: gnupg [-agent]: when signing [commits], it claims that there is no pinentry - but there is

Thu, 28 Jul 2016 04:53:47 -0700 

Alex Kost <alez...@gmail.com> skribis:

> Ludovic Courtès (2016-07-27 14:01 +0300) wrote:
>
>> Hi,
>>
>> Danny Milosavljevic <dan...@scratchpost.org> skribis:
>>
>>>> My ~/.gnupg/gpg-agent.conf file reads this:
>>>> 
>>>> --8<---------------cut here---------------start------------->8---
>>>> pinentry-program /home/ludo/.guix-profile/bin/pinentry-gtk-2
>>>> --8<---------------cut here---------------end--------------->8---
>>>
>>> Yes, the file didn't exist. I created it and it works now.
>>
>> Great.
>>
>>> I did install the pinentry package, though.
>>>
>>> Do you think it would make sense to put this in the skeleton for new user 
>>> accounts?
>>
>> Maybe.  Ideally, this would be addressed by GnuPG itself, which should
>> somehow make it easier to set it up, because there’s nothing
>> GuixSD-specific here AFAICS.  What do other distros do to help?
>
> My guess: other distros do nothing, because GnuPG searches for
> pinentries in a default bindir, I mean in a dir where gpg is placed
> (/usr/bin or whatever).
>
> IMO this is Guix-specific, as you have to run gpg-agent with
> --pinentry-program option (or specify it in the "gpg-agent.conf" file).

Good point.

What about having GnuPG depend on pinentry-tty, and configuring it with:

  --with-pinentry-pgm=/path/to/pinentry-tty

?  That would at least provide a reasonable default.  The closure size
of GnuPG would increase from 220 to 243 MiB (+10%).

Most of the time, people will want to use pinentry-gtk though.

Another option would be to change ‘gnupg_module_name’, in homedir.c, from:

--8<---------------cut here---------------start------------->8---
    case GNUPG_MODULE_NAME_PINENTRY:
#ifdef GNUPG_DEFAULT_PINENTRY
      return GNUPG_DEFAULT_PINENTRY;
#else
      X(bindir, "pinentry");
#endif
--8<---------------cut here---------------end--------------->8---

to something like:

--8<---------------cut here---------------start------------->8---
    case GNUPG_MODULE_NAME_PINENTRY:
      X(homedir, ".guix-profile/bin/pinentry);
--8<---------------cut here---------------end--------------->8---

… in which case GnuPG would default to the user-installed pinentry, if
available.  Not perfect either, but closer to what other distros do.

Thoughts?

Ludo’.

Reply via email to