Re: Small patch to enable use of gpg-agent with pgg

[Sascha Wilde]

Simon Josefsson <address@hidden> wrote:

Hi Simon,

first of all, fore some reasons you got lost from the list of CC's so
you missed some important messages in this thread, including a more
elaborated version of my patch...

> 1) Non-agent mode didn't work at all (the args list contained 'nil' so
>    invoking gpg failed with a lisp error).

Yes.  This was fixed in my second patch.  (and in the attached, of cause)

> 2) After fixing the above, the patch made the passphrase be 't', which
>    broke the passphrase cache, causing a lisp error.

Thanks, I used your strategy to fix this issue in my new patch (which
I attached).

> How about this patch instead?  It works for me.  I've also improved
> the pgg-use-agent default value.

This is very error prone.  As I wrote before on emacs-devel: there are
certain situations in which using the agent will fail -- even if it is
available: for example: on an text console running the standard
pin-entry program (which uses curses) from within emacs won't work.
That's why I think this option should be explicitly enabled by the user.

Another problem is, that checking for $GPG_AGENT_INFO is not
sufficient, the environment variable will stay set, even is the agent
was killed.

Could you please consider committing the attached patch, which
reverses the default of pgg-gpg-use-agent to nil, and adds an check if
the agent is _really_ available, when pgg-gpg-use-agent is set to t?

(The patch is against the latest CVS, including your patch that is)

cheers
sascha

Index: pgg-gpg.el
===================================================================
RCS file: /sources/emacs/emacs/lisp/pgg-gpg.el,v
retrieving revision 1.6
diff -c -r1.6 pgg-gpg.el
--- pgg-gpg.el  21 Mar 2006 21:24:27 -0000      1.6
+++ pgg-gpg.el  22 Mar 2006 08:14:59 -0000
@@ -4,7 +4,8 @@
 ;;   2005, 2006 Free Software Foundation, Inc.
 
 ;; Author: Daiki Ueno <address@hidden>
-;; Symmetric encryption added by: Sascha Wilde <address@hidden>
+;; Symmetric encryption and gpg-agent support added by: 
+;;   Sascha Wilde <address@hidden>
 ;; Created: 1999/10/28
 ;; Keywords: PGP, OpenPGP, GnuPG
 
@@ -51,10 +52,8 @@
   :type '(choice (const :tag "New `--recipient' option" "--recipient")
                 (const :tag "Old `--remote-user' option" "--remote-user")))
 
-(defcustom pgg-gpg-use-agent (if (getenv "GPG_AGENT_INFO") t nil)
-  "Whether to use gnupg agent for key caching.
-By default, it will be enabled iff the environment variable
-\"GPG_AGENT_INFO\" is set."
+(defcustom pgg-gpg-use-agent nil
+  "Whether to use gnupg agent for key caching."
   :group 'pgg-gpg
   :type 'boolean)
 
@@ -62,10 +61,11 @@
   "GnuPG ID of your default identity.")
 
 (defun pgg-gpg-process-region (start end passphrase program args)
-  (let* ((output-file-name (pgg-make-temp-file "pgg-output"))
+  (let* ((use-agent (pgg-gpg-use-agent-p)) 
+        (output-file-name (pgg-make-temp-file "pgg-output"))
         (args
          `("--status-fd" "2"
-           ,@(if pgg-gpg-use-agent '("--use-agent")
+           ,@(if use-agent '("--use-agent")
                (if passphrase '("--passphrase-fd" "0")))
            "--yes" ; overwrite
            "--output" ,output-file-name
@@ -189,7 +189,7 @@
 passphrase cache or user."
   (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
         (passphrase (or passphrase
-                        (when (and sign (not pgg-gpg-use-agent))
+                        (when (and sign (not (pgg-gpg-use-agent-p)))
                           (pgg-read-passphrase
                            (format "GnuPG passphrase for %s: "
                                    pgg-gpg-user-id)
@@ -221,7 +221,7 @@
 If optional PASSPHRASE is not specified, it will be obtained from the
 passphrase cache or user."
   (let* ((passphrase (or passphrase
-                        (when (not pgg-gpg-use-agent)
+                        (when (not (pgg-gpg-use-agent-p))
                           (pgg-read-passphrase
                            "GnuPG passphrase for symmetric encryption: "))))
         (args
@@ -250,7 +250,7 @@
         (pgg-gpg-user-id (or key-id key
                              pgg-gpg-user-id pgg-default-user-id))
         (passphrase (or passphrase
-                        (when (not pgg-gpg-use-agent)
+                        (when (not (pgg-gpg-use-agent-p))
                           (pgg-read-passphrase
                            (format (if (pgg-gpg-symmetric-key-p message-keys)
                                        "Passphrase for symmetric decryption: "
@@ -286,7 +286,7 @@
   "Make detached signature from text between START and END."
   (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
         (passphrase (or passphrase
-                        (when (not pgg-gpg-use-agent)
+                        (when (not (pgg-gpg-use-agent-p))
                           (pgg-read-passphrase
                            (format "GnuPG passphrase for %s: "
                                    pgg-gpg-user-id)
@@ -356,6 +356,25 @@
     (append-to-buffer pgg-output-buffer (point-min)(point-max))
     (pgg-process-when-success)))
 
+(defun pgg-gpg-update-agent ()
+  "Try to connet to gpg-agent and send UPDATESTARTUPTTY."
+  (let* ((agent-info (getenv "GPG_AGENT_INFO")) 
+        (socket (and agent-info
+                     (string-match "^\\([^:]*\\)" agent-info)
+                     (match-string 1 agent-info)))
+        (conn (and socket
+                   (make-network-process :name "gpg-agent-process"
+                                         :host 'local :family 'local
+                                         :service socket))))
+    (when (and conn (eq (process-status conn) 'open))
+      (process-send-string conn "UPDATESTARTUPTTY\n")
+      (delete-process conn)
+      t)))
+
+(defun pgg-gpg-use-agent-p ()
+  "Return t if `pgg-gpg-use-agent' is t and gpg-agent is available."
+  (and pgg-gpg-use-agent (pgg-gpg-update-agent)))
+
 (provide 'pgg-gpg)
 
 ;;; arch-tag: 2aa5d5d8-93a0-4865-9312-33e29830e000

-- 
Sascha Wilde

"Unix was the first OS where you could carry the media and system
documentation around in a briefcase. This was fixed in BSD4.2."