From: Jani Nikula <jani@nikula.org>
To: Jameson Graef Rollins <jrollins@finestructure.net>,
David Bremner <david@tethera.net>,
notmuch@notmuchmail.org
Subject: Re: [PATCH] cli: crypto: tell gmime to use gpg-agent
Date: Thu, 28 Feb 2013 00:46:57 +0200 [thread overview]
Message-ID: <87txoxwf1a.fsf@nikula.org> (raw)
In-Reply-To: <87ehg1pt2u.fsf@servo.finestructure.net>
On Wed, 27 Feb 2013, Jameson Graef Rollins <jrollins@finestructure.net> wrote:
> On Wed, Feb 27 2013, David Bremner <david@tethera.net> wrote:
>> But right now we force people to enable the agent globally via use-agent
>> if they want to decrypt mail in notmuch-cli/emacs. The proposed change
>> allows them to use the agent only for notmuch.
>
> Doesn't the proposed change actually *force* the user to use gpg-agent?
> How can the user opt out?
If the user wants to have decryption in notmuch, the user *must* use
gpg-agent, regardless of this change or the "use-agent" configuration
option. There is no opt out if one wants to have decryption in notmuch,
regardless of this change.
The proposed change gives the user the possibility to opt out of
*globally* using gpg-agent for everything, and still have decryption in
notmuch.
The proposed change merely passes the --use-agent option to gpg. It does
not *force* anything. It tells gpg to *try* to connect to the gpg-agent
before it asks for a passphrase. (Except that notmuch will never ask for
a passphrase. It will fail if it can't connect to the gpg-agent. Without
--use-agent or "use-agent" option it will unconditionally fail.)
When I use gpg on the command line, I want it to prompt for the
passphrase on the command line instead of popping up a gpg-agent
dialog. I don't think that is unreasonable. To achieve that I have
disabled the "use-agent" configuration option. Without the proposed
change, if I still wanted to have this *and* decryption in notmuch, I
would have to pass --no-use-agent on the gpg command line. I think that
*is* unreasonable.
>> I don't think we should directly care about the presence of an X session
>> or not; the agent protocol doesn't depend on how the agent was started
>> afaik.
>
> Maybe, but I would like some example of what happens if you force usage
> of an agent and the agent is not present or there is no X session.
There is no force anything. It tries to connect to the agent, and if one
is not present, decryption fails like it would have failed without this
change.
Finally, look up the references I provided. The whole function in gmime
was provided *exactly* for situations like we have: the caller will fail
without the agent, so have a tiny bit of sanity and see if it's there
before failing.
BR,
Jani.
next prev parent reply other threads:[~2013-02-27 22:47 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-27 7:40 [PATCH] cli: crypto: tell gmime to use gpg-agent Jani Nikula
2013-02-27 8:45 ` Tomi Ollila
2013-02-27 16:14 ` Jameson Graef Rollins
2013-02-27 17:11 ` David Bremner
2013-02-27 17:25 ` Jameson Graef Rollins
2013-02-27 22:46 ` Jani Nikula [this message]
2013-03-01 0:10 ` Jameson Graef Rollins
2013-03-01 6:12 ` Daniel Kahn Gillmor
2013-03-01 6:52 ` Tomi Ollila
2013-03-01 16:43 ` [PATCH] man: show and reply --decrypt option requires gpg-agent Jani Nikula
2013-03-01 16:56 ` Jameson Graef Rollins
2013-03-02 14:48 ` [PATCH] cli: crypto: tell gmime to use gpg-agent David Bremner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87txoxwf1a.fsf@nikula.org \
--to=jani@nikula.org \
--cc=david@tethera.net \
--cc=jrollins@finestructure.net \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).