Override pinentry program in a terminal
Ismael Bouya
ismael at bouya.org
Sun May 17 23:16:40 CEST 2020
It’s quite outside of the scope of pass, so this discussion should
probably happen somewhere else, but there is a way to do what you want:
I wrote a wrapper that looks like that, which you need to put for instance in
/usr/local/bin/pinentry-choose and use as the pinentry program
```
#!/bin/bash
program="/usr/bin/pinentry-curses"
parse_pinentry_env() {
IFS=';' read -ra ARGS <<< "$PINENTRY_USER_DATA"
for i in "${ARGS[@]}"; do
t=$(echo "$i" | cut -d':' -f1)
v=$(echo "$i" | sed -e "s/[^:]*://")
if [ "$t" = "type" ]; then
program="/usr/bin/pinentry-$v"
fi
done
}
parse_pinentry_env
$program "$@"
```
Then when you call gpg-related command you use PINENTRY_USER_DATA=type:curse
or type:gtk3.
Adjust the command/default to your needs.
The reason why it doesn’t work with DISPLAY is because pinentry is called by
gpg-agent, which is a long-running process (maybe even started by your systemd
service, it depends)
This gpg-agent has no idea of what env you’re calling gpg with, except for
PINENTRY_USER_DATA environment variable which is passed along.
Hope it helped,
(Sun, May 17, 2020 at 10:36:35PM +0200) password-store at storiepvtride.it :
> Am 17.05.20 um 16:19 schrieb Ondřej Synáček:
>
> > Is there some kind of environment variable that could be use for this? I
> > tried doing something like `DISPLAY=“” pass -c mypassword` but with no
> > luck (I’m on macOS).
>
> Also for me it was interesting to have that work so I checked around for
> a solution. Unfortunately there is no proper way [0] to have gpg-agent
> use one pinentry or another based on env variables and that is a known
> issue [1].
> When gpg-agent is started, it can only use *one* version of pinentry.
> You can change that but then you have to reload gpg-agent, which is a
> bit inconvenient.
> I could not think of any workaround...
>
> [0]
> https://superuser.com/questions/520980/how-to-force-gpg-to-use-console-mode-pinentry-to-prompt-for-passwords
>
> [1] https://dev.gnupg.org/tag/pinentry/
--
Ismael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20200517/73b225c5/attachment.asc>
More information about the Password-Store
mailing list