From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Sascha Wilde Newsgroups: gmane.emacs.devel,gmane.emacs.gnus.general Subject: Re: Small patch to enable use of gpg-agent with pgg Date: Sun, 26 Mar 2006 20:11:30 +0200 Message-ID: References: <2cd46e7f0510031250u66ea1349yb437d539ce4027ef@mail.gmail.com> <20051008103627.GA1218@kenny.sha-bang.local> <2cd46e7f0510081131h14e2bbeaga7f1a33ebd6347c8@mail.gmail.com> <2cd46e7f0510101415t76825ea7u9749fe23da54ce@mail.gmail.com> <2cd46e7f0510121647x3c51fb65pc883ed61f4e864ab@mail.gmail.com> <2cd46e7f0510200708x4640d1c2t50743cf439e52dd4@mail.gmail.com> <87pskfq361.fsf@latte.josefsson.org> <87zmjicv9d.fsf@latte.josefsson.org> <87irq6yrfo.fsf@latte.josefsson.org> <87slp9y15z.fsf@latte.josefsson.org> <87wtelwhvl.fsf@latte.josefsson.org> <87odzx4dpp.fsf@latte.josefsson.org> <87wtel2u56.fsf@latte.josefsson.org> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1143396915 14272 80.91.229.2 (26 Mar 2006 18:15:15 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Sun, 26 Mar 2006 18:15:15 +0000 (UTC) Cc: Katsumi Yamaoka , "Daiki Ueno \(pgg author\)" , Reiner Steib , ding@gnus.org, emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Mar 26 20:15:13 2006 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by ciao.gmane.org with esmtp (Exim 4.43) id 1FNZkM-0002Bk-2a for ged-emacs-devel@m.gmane.org; Sun, 26 Mar 2006 20:13:51 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FNZkJ-0005ZL-96 for ged-emacs-devel@m.gmane.org; Sun, 26 Mar 2006 13:13:47 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FNZiS-0005M2-7R for emacs-devel@gnu.org; Sun, 26 Mar 2006 13:11:52 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FNZiN-0005Jh-Pd for emacs-devel@gnu.org; Sun, 26 Mar 2006 13:11:47 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FNZiI-0005JZ-3f for emacs-devel@gnu.org; Sun, 26 Mar 2006 13:11:42 -0500 Original-Received: from [62.141.58.119] (helo=km1136.keymachine.de) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1FNZjc-0008Bb-1w for emacs-devel@gnu.org; Sun, 26 Mar 2006 13:13:04 -0500 Original-Received: from kenny.sha-bang.de (xdsly124.osnanet.de [82.149.180.124]) (authenticated bits=0) by km1136.keymachine.de (8.12.11/8.12.10) with ESMTP id k2QIBPY7030430; Sun, 26 Mar 2006 20:11:25 +0200 Original-Received: from wilde by kenny.sha-bang.de with local (Kenny MUA v.0409034.42) ID 1FNZi6-00026e-4V; Sun, 26 Mar 2006 20:11:30 +0200 Original-To: Simon Josefsson In-Reply-To: <87wtel2u56.fsf@latte.josefsson.org> (Simon Josefsson's message of "Thu, 23 Mar 2006 14:00:21 +0100") User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:52073 gmane.emacs.gnus.general:62410 Archived-At: Simon Josefsson wrote: > Sascha Wilde writes: >> Here is an example[0] from my own experience: >> >> - A user logs in on machine 'A' and starts the gpg-agent. >> - He leaves the machine, but stays logged in... >> - Now he uses machine 'B' to log in on machine 'A': >> the environment is setup to use the already running gpg-agent >> (automatically, in an login script) >> - He starts Emacs/Gnus and tries to sign, decrypt whatever... >> - The agent runs and is working, everything seems fine, but the user >> isn't queried for the passphrase ... what happened? >> - The User _is_ actually queried, but the pinentry program is started >> on the X11 Display or tty of machine 'A'. >> >> I think this is a design problem of the gpg-agent. And yes, there are >> several ways to circumvent this problem, but I think it would be very >> convenient, if I could tell pgg to just ignore any agent and ask for >> the passphrase. > > This example seems strange. How would the user's second session get > the GPG_AGENT_INFO environment variable that points to the gpg-agent > running in the user's first session? Without that, I don't think it > will work as you describe. You are right, but that is the way things work, when you follow the official gpg-agent documentation: | [...] If you don't use an X server, you can also put this into your | regular startup file `~/.profile' or `.bash_profile'. It is best | not to run multiple instance of the `gpg-agent', so you should make | sure that only one is running: `gpg-agent' uses an environment | variable to inform clients about the communication parameters. You | can write the content of this environment variable to a file so that | you can test for a running agent. [...] > I'm not sure I see any disadvantage (except code complexity) with > Daiki's approach. Having a second thought on the subject I agree. The problem exists (even in simpler use cases: when you login on the text console and start an X server from there, the pinentry will always appear on the console) but it is only related to gpg-agent design and the documented use pattern -- so the place where this problems should be discussed and solved is gnupg development. I'll write the gnupg developers on this subject. cheers sascha -- Sascha Wilde - no sig today... sorry!