Ubuntu
gnupg package

gpg uses popup dialog instead of cli by default

Bug #367163 reported by Matt Jones
2
Affects Status Importance Assigned to Milestone
gnupg (Ubuntu)
Opinion
Undecided
Unassigned

Bug Description

Binary package hint: gnupg

On ubuntu jaunty 32bit:

For some reason gnupg uses a popup dialog to ask for passphrases, instead of using the command line. This means that things like debuild will also use popup dialogs when signing packages.

This breaks lots of software and scripts that are reliant on it being able to pragmatically drive gpg and debuild.

The default behaviour should be to use the cli. With an option for popup dialogs.

This was not a problem in hardy or intrepid.

Revision history for this message
Daniel Leidert (dleidert-deactivatedaccount) wrote :

That is IMO a self-caused "issue" in Ubuntu. In the Ubuntu package the `use-agent' option is enabled by default (#15485). Turn it off and be satisfied.

I'm closing this, as Ubuntu has explicitly enabled this option be default. Please reopen your report if you wish to revert this change (JFTR: I'm not responsible for the Ubuntu gnupg package).

Changed in gnupg (Ubuntu):
status: New → Invalid
Revision history for this message
Matt Jones (workhorsy) wrote :

I think the use-agent option should not be enabled by default.

As mentioned above: It breaks lots of scripts, and makes no sense to have a command line app also use a gui dialog by default, when it can do the same thing in cli just fine.

I've also looked around for an explanation for this change, and found none. If there is a good reason for it, then I will have to live with it. But until then, my vote is on pure cli for cli apps.

Changed in gnupg (Ubuntu):
status: Invalid → Confirmed
Revision history for this message
Michael Bienia (geser) wrote :

It was added to enable gnupg support in kmail (see bug 15485).

Revision history for this message
Daniel Leidert (dleidert-deactivatedaccount) wrote :

@Michael: What about invoking gnupg by kmail with the related switch instead of relying on having this option in the user configuration? This sounds more reasonable to me and it won't break any behaviour.

Revision history for this message
Michael Bienia (geser) wrote :

I don't believe that would work as the Xsession.d file for gnupg-agent starts the gnupg-agent only if "use-agent" is active in the configuration file.

As I don't use KDE and kmail, I don't know if "use-agent" is the only solution to let kmail work with gnupg. Better talk to some kubuntu devs about it. Scott Kitterman introduced this change, so he hopefully still knows about the reasons.

Revision history for this message
Rolf Leggewie (r0lf) wrote :

FWIW, "sudo aptitude pinentry-ncurses;sudo aptitude purge pinentry-gtk2" or simply "sudo update-alternatives --config pinentry" should fix the issue for those with headless installations.

Maybe having gpg-agent depend on "pinentry-ncurses | pinentry-gtk2 | pinentry" would be a better option over the current situation of preferring the gtk2 variant (why not qt?). If you want to argue that case, please open a separate ticket, I suggest.

I agree the change in question had some fallout (and I am a frequent user of headless systems and often annoyed by the lack of consideration for that group) but it's been a conscious choice it seems. Setting to Opinion as resolution.

Changed in gnupg (Ubuntu):
status: Confirmed → Opinion
Revision history for this message
Rolf Leggewie (r0lf) wrote :

make that

"sudo aptitude install pinentry-ncurses;sudo aptitude purge pinentry-gtk2" or simply "sudo aptitude install pinentry-ncurses;sudo update-alternatives --config pinentry"

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.