[pass] pass grep doesn't spawn pinentry dialog when no cached password is available in gpg-agent

Lucas Hoffmann l-m-h at web.de
Fri Nov 28 01:40:17 CET 2014


On Wed, Nov 26, 2014 at 11:21:35AM +0700, Allan Odgaard wrote:
> On 26 Nov 2014, at 8:13, nfb wrote:
>
> >[…] I'm using pass on Debian jessie/testing […] no cached password […]
> >What i get is:
> >[…] which i have to brutally stop like this since it seems to go on
> >forever.

I can confirm (and maybe explain) some of these points after some tests
on Arch Linux running pass 1.6.3 and gpg{,-agent} 2.1.0 (All of this
assumes the pass phrase is not stored in the agent atm.):

When running `pass show something` I get the dialog and if I cancle the
dialog it will abort the process.

If I run `pass grep something` I get the dialog but it will be reopened
when canceling it.  This is done for every file in my password store so
depending on the size of the latter it might *seem* to be repeated
infinitely.

You can try this with a small pw-store or enter the correct pass phrase
after canceling the dialog some times: The matches given by grep will
not include lines from the first view files in your pw-store.

> There is a similar problem on OS X, here though no output is shown, instead
> a background task takes 100% CPU time.
>
> >My question is: is there a reason why the grep command doesn't spawn the
> >pinentry dialog like […]
>
> I believe the problem is with the invocation:
>
> 	grepresults="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | grep --color=always
> "$search")"
>
> Here the output of $GPG is sent to a pipe, so there is no tty for bringing
> up the passphrase dialog.

I can not confirm this.  Curses and GTK pinentry both work for me.  The
following little shell script can also demonstrate the point:

> var="$(
>   test -t 0 && echo stdin is a tty
>   test -t 1 && echo stdout is a tty
>   test -t 2 && echo stderr is a tty
> )"
> echo "$var"

This reports that stdin and stderr are connected to the terminal.  The
fact that stdout is not connected should not be a problem as we actually
want to pipe the output of gpg to grep.

Cheers
Lucas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20141128/ae0058d7/attachment.asc>


More information about the Password-Store mailing list