bug#24076: gnupg [-agent]: when signing [commits], it claims that there is no pinentry - but there is

["Ludovic Courtès" <ludo@gnu.org>]

Hi!

ludo@gnu.org (Ludovic Courtès) skribis:

> What about having GnuPG depend on pinentry-tty, and configuring it with:
>
>   --with-pinentry-pgm=/path/to/pinentry-tty
>
> ?  That would at least provide a reasonable default.  The closure size
> of GnuPG would increase from 220 to 243 MiB (+10%).
>
> Most of the time, people will want to use pinentry-gtk though.
>
> Another option would be to change ‘gnupg_module_name’, in homedir.c, from:
>
>     case GNUPG_MODULE_NAME_PINENTRY:
> #ifdef GNUPG_DEFAULT_PINENTRY
>       return GNUPG_DEFAULT_PINENTRY;
> #else
>       X(bindir, "pinentry");
> #endif
>
>
> to something like:
>
>     case GNUPG_MODULE_NAME_PINENTRY:
>       X(homedir, ".guix-profile/bin/pinentry);
>
> … in which case GnuPG would default to the user-installed pinentry, if
> available.  Not perfect either, but closer to what other distros do.

I (finally!) implemented this second option in commit
c7af9d0b5ebaa1fdb08ff5d8a56004998bcd8103.

I confirmed that it has the indented effect like this:

--8<---------------cut here---------------start------------->8---
ludo@ribbon ~/src/guix$ ./pre-inst-env guix environment --ad-hoc gnupg strace coreutils sed grep -C
ludo@ribbon ~/src/guix [env]$ strace -f -o ,,s -s 500 gpg --generate-key
gpg (GnuPG) 2.2.20; Copyright (C) 2020 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: directory '/home/ludo/.gnupg' created
gpg: keybox '/home/ludo/.gnupg/pubring.kbx' created
Note: Use "gpg --full-generate-key" for a full featured key generation dialog.

GnuPG needs to construct a user ID to identify your key.

Real name: Foo Bar
Email address: foo@example.org
You selected this USER-ID:
    "Foo Bar <foo@example.org>"

Change (N)ame, (E)mail, or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: agent_genkey failed: No pinentry
Key generation failed: No pinentry

--8<---------------cut here---------------end--------------->8---

where the strace log shows:

  10    execve("/home/ludo/.gnupg/.guix-profile/bin/pinentry", ["pinentry"], 0x7f7aa80035e0 /* 14 vars */) = -1 ENOENT (No such file or directory)

So now one just needs to install one of the pinentry packages.

Thanks,
Ludo’.