On 2025-02-08 20:50, Sam Overton via Gnupg-users wrote:
I have a proposed patch which I am preparing to send which adds a
gpg-agent configuration parameter to specify which environment
variables sent by the client should be *ignored* by the agent. This
solves the problem in my case, by filtering out
DBUS_SESSION_BUS_ADDRESS ensuring that the agent's environment is used
by pinentry (for that specific env-var).
Looking forward to it. Are you proposing to ignore by default, or give
the possibility to ignore DBUS_SESSION_BUS_ADDRESS? With the popularity
of Flatpak apps, ignoring DBUS_SESSION_BUS_ADDRESS by default feels like
it would be better UX overall. On the other hand, there must be a
usecase for passing through the dbus address to pinentry which I'm not
seeing.
In the meantime, the workaround I have been using is to configure
gpg-agent to use a custom pinentry command (~/.gnupg/gpg-agent.conf):
pinentry-program /home/sam/bin/pinentry-wrap
which then sets the correct environment for pinentry (pinentry-wrap):
Ingenious hack, obvious in hindsight! Cheers for the idea, I'll
implement this while waiting for your patch to trickle through the
supply chain ;)
AFAIK the agent only accepts a specific list of environment variables
from the client which can be listed using:
$ gpg-connect-agent 'getinfo std_env_names' /bye
Ah the wonderful niche commands that are available... if one only knew.
BR Jay
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
