Override pinentry program in a terminal

Ismael Bouya ismael at bouya.org
Sun May 17 23:16:40 CEST 2020 

It’s quite outside of the scope of pass, so this discussion should
probably happen somewhere else, but there is a way to do what you want:
I wrote a wrapper that looks like that, which you need to put for instance in
/usr/local/bin/pinentry-choose and use as the pinentry program
```
#!/bin/bash

program="/usr/bin/pinentry-curses"

parse_pinentry_env() {
  IFS=';' read -ra ARGS <<< "$PINENTRY_USER_DATA"
  for i in "${ARGS[@]}"; do
    t=$(echo "$i" | cut -d':' -f1)
    v=$(echo "$i" | sed -e "s/[^:]*://")

    if [ "$t" = "type" ]; then
      program="/usr/bin/pinentry-$v"
    fi
  done
}
parse_pinentry_env

$program "$@"
```

Then when you call gpg-related command you use PINENTRY_USER_DATA=type:curse
or type:gtk3.

Adjust the command/default to your needs.

The reason why it doesn’t work with DISPLAY is because pinentry is called by
gpg-agent, which is a long-running process (maybe even started by your systemd
service, it depends)
This gpg-agent has no idea of what env you’re calling gpg with, except for
PINENTRY_USER_DATA environment variable which is passed along.

Hope it helped,

(Sun, May 17, 2020 at 10:36:35PM +0200) password-store at storiepvtride.it :
> Am 17.05.20 um 16:19 schrieb Ondřej Synáček:
> 
> > Is there some kind of environment variable that could be use for this? I
> > tried doing something like `DISPLAY=“” pass -c mypassword` but with no
> > luck (I’m on macOS).
> 
> Also for me it was interesting to have that work so I checked around for
> a solution. Unfortunately there is no proper way [0] to have gpg-agent
> use one pinentry or another based on env variables and that is a known
> issue [1].
> When gpg-agent is started, it can only use *one* version of pinentry.
> You can change that but then you have to reload gpg-agent, which is a
> bit inconvenient.
> I could not think of any workaround...
> 
> [0]
> https://superuser.com/questions/520980/how-to-force-gpg-to-use-console-mode-pinentry-to-prompt-for-passwords
> 
> [1] https://dev.gnupg.org/tag/pinentry/

-- 
Ismael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20200517/73b225c5/attachment.asc>

More information about the Password-Store mailing list