diff options
| author | Toby Vincent <tobyv13@gmail.com> | 2023-07-04 16:29:18 -0500 |
|---|---|---|
| committer | Toby Vincent <tobyv13@gmail.com> | 2023-07-04 16:29:18 -0500 |
| commit | d4353d726755f28d0405fbb34499bdcc60adf3a6 (patch) | |
| tree | 9e73c0fddf1e8cc9c03c59ed817f6bead60e6341 | |
| parent | 45c9278c78c955b7b5b6cdd8c830320efd28392c (diff) | |
gnupg: dynamic pinentry
| -rw-r--r-- | gnupg/.config/zsh/.zshrc.d/20-gnupg.zsh | 8 | ||||
| -rw-r--r-- | gnupg/.gnupg/gpg-agent.conf | 2 | ||||
| -rwxr-xr-x | gnupg/.local/bin/pinentry-auto | 38 |
3 files changed, 43 insertions, 5 deletions
diff --git a/gnupg/.config/zsh/.zshrc.d/20-gnupg.zsh b/gnupg/.config/zsh/.zshrc.d/20-gnupg.zsh index 532697e..0b3c422 100644 --- a/gnupg/.config/zsh/.zshrc.d/20-gnupg.zsh +++ b/gnupg/.config/zsh/.zshrc.d/20-gnupg.zsh @@ -1,9 +1,9 @@ #!/bin/zsh # vim:ft=sh -GPG_TTY=$(tty) -export GPG_TTY +if [ -t 0 ] && [ -z "$SSH_TTY" ]; then + export GPG_TTY="$(tty)" + export PINENTRY_USER_DATA=USE_TTY=1 +fi gpg-connect-agent updatestartuptty /bye >/dev/null 2>&1 - -alias unlock='echo "" | gpg --clearsign 1>/dev/null && ssh localhost -- : 1>/dev/null' diff --git a/gnupg/.gnupg/gpg-agent.conf b/gnupg/.gnupg/gpg-agent.conf index 2e3f358..b15e92e 100644 --- a/gnupg/.gnupg/gpg-agent.conf +++ b/gnupg/.gnupg/gpg-agent.conf @@ -1,3 +1,3 @@ enable-ssh-support enable-putty-support -pinentry-program /usr/bin/pinentry-curses +pinentry-program /home/tobyv/.local/bin/pinentry-auto diff --git a/gnupg/.local/bin/pinentry-auto b/gnupg/.local/bin/pinentry-auto new file mode 100755 index 0000000..b788361 --- /dev/null +++ b/gnupg/.local/bin/pinentry-auto @@ -0,0 +1,38 @@ +#!/bin/sh +# Choose between pinentry-tty and pinentry-x11 based on whether +# $PINENTRY_USER_DATA contains USE_TTY=1 +# +# Based on: +# https://kevinlocke.name/bits/2019/07/31/prefer-terminal-for-gpg-pinentry +# +# Note: Environment detection is difficult. +# - stdin is Assuan pipe, preventing tty checking +# - configuration info (e.g. ttyname) is passed via Assuan pipe, preventing +# parsing or fallback without implementing Assuan protocol. +# - environment is sanitized by atfork_cb in call-pinentry.c (removing $GPG_TTY) +# +# $PINENTRY_USER_DATA is preserved since 2.08 https://dev.gnupg.org/T799 +# +# Format of $PINENTRY_USER_DATA not specified (that I can find), pinentry-mac +# assumes comma-separated sequence of NAME=VALUE with no escaping mechanism +# https://github.com/GPGTools/pinentry-mac/blob/v0.9.4/Source/AppDelegate.m#L78 +# and recognizes USE_CURSES=1 for curses fallback +# https://github.com/GPGTools/pinentry-mac/pull/2 +# +# To the extent possible under law, Kevin Locke <kevin@kevinlocke.name> has +# waived all copyright and related or neighboring rights to this work +# under the terms of CC0: https://creativecommons.org/publicdomain/zero/1.0/ + +set -Ceu + +# Use pinentry-tty if $PINENTRY_USER_DATA contains USE_TTY=1 +case "${PINENTRY_USER_DATA-}" in +*USE_TTY=1*) + # Note: Change to pinentry-curses if a Curses UI is preferred. + exec pinentry-curses "$@" + ;; +esac + +# Otherwise, use any X11 UI (configured by Debian Alternatives System) +# Note: Will fall back to curses if $DISPLAY is not available. +exec pinentry-gtk-2 "$@" |