[Pkg-gnupg-commit] [gnupg2] 173/205: agent: Make --allow-loopback-pinentry the default.

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed May 11 08:38:35 UTC 2016


This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch experimental
in repository gnupg2.

commit 3ef0938cfd8637e9801369f142eb8dd564f2ca61
Author: Werner Koch <wk at gnupg.org>
Date:   Wed May 4 09:24:18 2016 +0200

    agent: Make --allow-loopback-pinentry the default.
    
    * agent/gpg-agent.c (oNoAllowLoopbackPinentry): New.
    (opts): Add --no-allow-loopback-pinentry.  Hide
    description of --allow-loopback-pinentry.
    (parse_rereadable_options): Set opt.allow_loopback_pinentry by
    default.
    (main): Replace allow-loopback-pinentry by no-allow-loopback-pinentry
    in the gpgconf list.
    * tools/gpgconf-comp.c (gc_options_gpg_agent): Ditto.
    --
    
    Given that a user can anyway change that options in the gpg-agent.conf
    file and that gpg needs to be invoked with --pinentry-mode=loopback
    the former default does not make much sense - in that option is useful
    at all.  There was a discussion of this topic on gnupg-devel in April
    without a clear result.  So we try this new default and just in case
    real problems are found for the majority of installations, we can
    revert that.  The new default is also aligned with GnuPG's policy to
    make its use easier and only require users with very high security
    standards to tweak certain options (those users have anyway modeled
    their threat model and configured their software according to this).
    
    Signed-off-by: Werner Koch <wk at gnupg.org>
---
 agent/gpg-agent.c    | 12 ++++++++----
 doc/gpg-agent.texi   | 10 ++++++----
 tools/gpgconf-comp.c |  4 ++--
 3 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index a87052a..a950530 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -122,6 +122,7 @@ enum cmd_and_opt_values
   oNoAllowMarkTrusted,
   oAllowPresetPassphrase,
   oAllowLoopbackPinentry,
+  oNoAllowLoopbackPinentry,
   oNoAllowExternalCache,
   oAllowEmacsPinentry,
   oKeepTTY,
@@ -220,8 +221,9 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oAllowMarkTrusted,   "allow-mark-trusted", "@"),
   ARGPARSE_s_n (oAllowPresetPassphrase, "allow-preset-passphrase",
                 /* */                    N_("allow presetting passphrase")),
-  ARGPARSE_s_n (oAllowLoopbackPinentry, "allow-loopback-pinentry",
-                                   N_("allow caller to override the pinentry")),
+  ARGPARSE_s_n (oNoAllowLoopbackPinentry, "no-allow-loopback-pinentry",
+                                N_("disallow caller to override the pinentry")),
+  ARGPARSE_s_n (oAllowLoopbackPinentry, "allow-loopback-pinentry", "@"),
   ARGPARSE_s_n (oAllowEmacsPinentry,  "allow-emacs-pinentry",
                 /* */    N_("allow passphrase to be prompted through Emacs")),
 
@@ -626,6 +628,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
       opt.ignore_cache_for_signing = 0;
       opt.allow_mark_trusted = 1;
       opt.allow_external_cache = 1;
+      opt.allow_loopback_pinentry = 1;
       opt.allow_emacs_pinentry = 0;
       opt.disable_scdaemon = 0;
       disable_check_own_socket = 0;
@@ -699,6 +702,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
     case oAllowPresetPassphrase: opt.allow_preset_passphrase = 1; break;
 
     case oAllowLoopbackPinentry: opt.allow_loopback_pinentry = 1; break;
+    case oNoAllowLoopbackPinentry: opt.allow_loopback_pinentry = 0; break;
 
     case oNoAllowExternalCache: opt.allow_external_cache = 0;
       break;
@@ -1154,8 +1158,8 @@ main (int argc, char **argv )
 #ifdef HAVE_W32_SYSTEM
       es_printf ("enable-putty-support:%lu:\n", GC_OPT_FLAG_NONE);
 #endif
-      es_printf ("allow-loopback-pinentry:%lu:\n",
-                 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
+      es_printf ("no-allow-loopback-pinentry:%lu:\n",
+              GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
       es_printf ("allow-emacs-pinentry:%lu:\n",
                  GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
       es_printf ("pinentry-timeout:%lu:0:\n",
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index d890036..2989d3b 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -329,11 +329,13 @@ accept Root-CA keys.
 This option allows the use of @command{gpg-preset-passphrase} to seed the
 internal cache of @command{gpg-agent} with passphrases.
 
- at anchor{option --allow-loopback-pinentry}
+ at anchor{option --no-allow-loopback-pinentry}
+ at item --no-allow-loopback-pinentry
 @item --allow-loopback-pinentry
+ at opindex no-allow-loopback-pinentry
 @opindex allow-loopback-pinentry
-Allow clients to use the loopback pinentry features; see the option
- at option{pinentry-mode} for details.
+Disallow or allow clients to use the loopback pinentry features; see
+the option @option{pinentry-mode} for details.  Allow is the default.
 
 @item --no-allow-external-cache
 @opindex no-allow-external-cache
@@ -1455,7 +1457,7 @@ following values are defined:
   Use a loopback pinentry.  This fakes a pinentry by using inquiries
   back to the caller to ask for a passphrase.  This option may only be
   set if the agent has been configured for that.
-  Use the @xref{option --allow-loopback-pinentry}.
+  To disable this feature use @xref{option --no-allow-loopback-pinentry}.
 
   @end table
 
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index 45e5c90..4dd10a4 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -548,8 +548,8 @@ static gc_option_t gc_options_gpg_agent[] =
    { "no-allow-mark-trusted", GC_OPT_FLAG_RUNTIME,
      GC_LEVEL_ADVANCED, "gnupg", "disallow clients to mark keys as \"trusted\"",
      GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
-   { "allow-loopback-pinentry", GC_OPT_FLAG_RUNTIME,
-     GC_LEVEL_EXPERT, "gnupg", "allow caller to override the pinentry",
+   { "no-allow-loopback-pinentry", GC_OPT_FLAG_RUNTIME,
+     GC_LEVEL_EXPERT, "gnupg", "disallow caller to override the pinentry",
      GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
    { "no-grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
      "gnupg", "do not grab keyboard and mouse",

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git



More information about the Pkg-gnupg-commit mailing list