Your message dated Wed, 17 Apr 2019 19:19:01 +0000
with message-id <[email protected]>
and subject line Bug#927105: fixed in pinentry 1.1.0-2
has caused the Debian Bug report #927105,
regarding pinentry-gnome3: No curses fallback over ssh when graphical console
screen is locked
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
927105: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927105
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: pinentry-gnome3
Version: 1.1.0-1+b1
Severity: normal
When using a standard gnome session, all invocations of pinentry-gnome3
attempt to prompt via a GUI popup on that session, even if the specific
instance has no DISPLAY set.
As an example use case, you boot your system, login to your gnome
session, and then leave the house, realize you need something, and ssh
home. Then you proceed to try and decrypt a file with gpg.
No DISPLAY is set, but at this point everything fails, pinentry-gnome3
tries to prompt on the desktop, and since you're not at the desktop, you
can't use gpg.
If you are instead using pinentry-gtk-2 it correctly detects that you
don't have a DISPLAY, and falls back to the curses interface.
Looking at the code, it sure looks like it tries to handle this, by
checking to see if there is a DBUS_SESSION_BUS_ADDRESS (which there is,
inherited from the gpg-agent), if a gcr system prompt is available, and
trying to see if the screen is locked, however in my testing none of
these actually seem to work to detect that, indeed, the screen is locked
and the user isn't at the desktop any more.
To me the obvious solution is to also check and see if there is a
display set, using the same logic as pinentry-gtk-2, I have some fear
that this will break a pure wayland environment (one with no xwayland
involved), however I don't actually have one of those handy to test
with. If someone with a wayland environment could test this that would
be appreciated.
A proposed patch which works for me is attached.
(Note: It's hard to tell if some of the reports in #801247 would be
fixed by this patch or not, there seems to be multiple issues going on
in there.)
Regards,
Zephaniah E. Loss-Cutler-Hull.
Description: Check for a DISPLAY for pinentry-gnome3.
With pinentry-gnome3, it will attempt to unconditionally prompt on the
session's GUI for all cases, even if the actual session trying to decrypt
something has no DISPLAY set.
.
This can break horribly when, for example, you ssh into your box and try to
decrypt something with ssh.
.
The gtk2 varient handles this gracefully, and so we should too.
Author: Zephaniah E. Loss-Cutler-Hull <[email protected]>
---
The information above should follow the Patch Tagging Guidelines, please
checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
are templates for supplementary fields that you might want to add:
Origin: <vendor|upstream|other>, <url of original patch>
Bug: <url in upstream bugtracker>
Bug-Debian: https://bugs.debian.org/<bugnumber>
Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
Forwarded: <no|not-needed|url proving that it has been forwarded>
Reviewed-By: <name and email of someone who approved the patch>
Last-Update: 2019-04-15
--- pinentry-1.1.0.orig/gnome3/pinentry-gnome3.c
+++ pinentry-1.1.0/gnome3/pinentry-gnome3.c
@@ -518,7 +518,13 @@ main (int argc, char *argv[])
pinentry_init (PGMNAME);
#ifdef FALLBACK_CURSES
- if (!getenv ("DBUS_SESSION_BUS_ADDRESS"))
+ if (!pinentry_have_display (argc, argv))
+ {
+ fprintf (stderr, "No display found, falling back to curses\n");
+ pinentry_cmd_handler = curses_cmd_handler;
+ pinentry_set_flavor_flag ("curses");
+ }
+ else if (!getenv ("DBUS_SESSION_BUS_ADDRESS"))
{
fprintf (stderr, "No $DBUS_SESSION_BUS_ADDRESS found,"
" falling back to curses\n");
--- End Message ---
--- Begin Message ---
Source: pinentry
Source-Version: 1.1.0-2
We believe that the bug you reported is fixed in the latest version of
pinentry, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Kahn Gillmor <[email protected]> (supplier of updated pinentry
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 17 Apr 2019 14:42:10 -0400
Source: pinentry
Architecture: source
Version: 1.1.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian GnuPG Maintainers <[email protected]>
Changed-By: Daniel Kahn Gillmor <[email protected]>
Closes: 927105
Changes:
pinentry (1.1.0-2) unstable; urgency=medium
.
* use DEP-14 branch naming
* d/control: add Rules-Requires-Root: no
* standards-version: update to 4.3.0 (no changes needed)
* Test screenlock correctly from pinentry-gnome3 (Closes: #927105)
Thanks, Zephaniah E. Loss-Cutler-Hull!
Checksums-Sha1:
fb35e9ddbd2dcdfaa022d70c9e1d1e6e8de8edd1 2055 pinentry_1.1.0-2.dsc
8909ce4c65894a7b32a50c9c28ea9c4f47f1ceb4 16480 pinentry_1.1.0-2.debian.tar.xz
da5fc2b856c4949072b4f42313cf41edb57284b6 19349 pinentry_1.1.0-2_amd64.buildinfo
Checksums-Sha256:
a3f157d367217eb91581d9fc53f23205794c7572894497a04d4d91eb6d5aff06 2055
pinentry_1.1.0-2.dsc
b09437607c63c620bb581fe14080e897b5fb8210d08611b18b751efead7776da 16480
pinentry_1.1.0-2.debian.tar.xz
4ca4291122b1dea7246f40416598411659cec2760321031552b7d2f4a12c5744 19349
pinentry_1.1.0-2_amd64.buildinfo
Files:
1cddf67a0bb5a8abb6b4220e79a154f1 2055 utils optional pinentry_1.1.0-2.dsc
8c3d462d1477d64ed676881dcee7200e 16480 utils optional
pinentry_1.1.0-2.debian.tar.xz
8527ac83335da1fdd378452caa3e7fd8 19349 utils optional
pinentry_1.1.0-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQTJDm02IAobkioVCed2GBllKa5f+AUCXLd40wAKCRB2GBllKa5f
+JbXAP0dooVv5EFmCGGNXli48KdcfmmovJKiN5IRsW16DJHFRwEA3IyhP7A4fpmL
CJO/PjFvrtskQX7YARDHK5xc+4Kn0Ag=
=yF2x
-----END PGP SIGNATURE-----
--- End Message ---
