pinentry-tty does not work

[qrvstw]

Under arch linux I am trying to get nitrocli to run in a command line environment. If I call nitrocli like this: DISPLAY="" nitrocli encrypted open I get the error message.
Failed to parse pinentry secret: 83918950 Inappropriate ioctl for device

[d-e-s-o]

I think it's unlikely that's an issue with nitrocli itself. We just invoke gpg-connect-agent which then uses pinentry somewhere (and we also don't mess with the environment from what I recall). Please see #90 for a similar (if not the same) issue. For what it's worth, I am having the hell of a time with pinentry in headless environments under various conditions myself (not even in the context of nitrocli).

Can you try the following:

$ DISPLAY="" gpg-connect-agent 'GET_PASSPHRASE --data X error secret+please just+a+test' /bye

[qrvstw]

I have executed DISPLAY="" gpg-connect-agent 'GET_PASSPHRASE --data X error secret+please just+a+test' /bye and it is working, see the attachment.

[qrvstw]

If I set the environment variable GPG_TTY=$(tty), as recommended at issue 90, then I am asked for the pin like the screenshot above. I think, that point should be added to the documentation.

[d-e-s-o]

Glad you got it working. I think we may actually be able to set GPG_TTY programmatically. I'll do some digging when I have time.

[d-e-s-o]

I cooked something up here: https://github.com/d-e-s-o/nitrocli/tree/topic/gpg-tty

Feel free to give it a try when you get a chance.

[qrvstw]

I copied the branch to my computer and created the executable as described
cargo build --release
After that I performed DISPLAY="" ./target/release/nitrocli encrypted open and got the error
Failed to parse pinentry secret: 83918950 Inappropriate ioctl for device

I am not sure if it makes sense to include the setting of the environment variable GPG_TTY in the code. I think this should be left up to the user, because it isn't a problem for nitrocli.

[d-e-s-o]

After that I performed DISPLAY="" ./target/release/nitrocli encrypted open and got the error
Failed to parse pinentry secret: 83918950 Inappropriate ioctl for device

Grrrrr...there actually was a bug in there. Sorry. Should be fixed now in the same branch.

I am not sure if it makes sense to include the setting of the environment variable GPG_TTY in the code. I think this should be left up to the user, because it isn't a problem for nitrocli.

Okay. What are the arguments against setting this variable programmatically? I agree that nitrocli shouldn't have to do it. gpg-connect-agent should take care of that itself, in an attempt to be a little less stupid and more user friendly. That being said, I am neither equipped nor willing to fight that fight. At the same time, I do not believe that this kind of complexity should be pushed to the user.

The only downside I see is increased implementation complexity. That's fair (and a realistic concern given the bug we just saw [though I am going to fall back to blaming braindead POSIX C APIs that don't adhere to basic tenets of the language they are written in and designed for {strings are NUL terminated}, accompanied by inapt documentation ;-)]), but I believe that it does not trump user experience. I am -- to put it frankly -- annoyed by stupid errors a la "Inappropriate ioctl for device" (not when using nitrocli [I've not been able to reproduce any of the two problems reported], mind you, but in general on Linux in all sorts of terminal contexts). And I can guarantee you that not everybody reads the documentation, not even the README (it happened in the past, on issues opened against this repository).

[robinkrahl]

I’m a bit cautious about setting GPG_TTY in nitrocli because I haven’t found a proper documentation of the GPG_TTY environment variable and its implications, but I agree it’s probably still the best solution. But I think we should avoid trying to be smarter than the user. If I’m not mistaken, the current implementation does not check whether GPG_TTY is already set. If it is set, we shouldn’t mess with it.

[qrvstw]

To include the point in the documentation, this was just a suggestion from me and nothing more. I agree with you that reading documentation is not the primary focus of the user.

[d-e-s-o]

But I think we should avoid trying to be smarter than the user. If I’m not mistaken, the current implementation does not check whether GPG_TTY is already set. If it is set, we shouldn’t mess with it.

Yeah, agreed. I was planning to do that, but then I got sidetracked and that fell off :P In any event, this is not a fully blown pull request yet. I was merely hoping for acknowledgement that it solves the issue at hand. We will also have to dig more into implications for extension support. I've taken a note, though, to address it next time I touch the code.

[d-e-s-o]

I’m a bit cautious about setting GPG_TTY in nitrocli because I haven’t found a proper documentation of the GPG_TTY environment variable and its implications, but I agree it’s probably still the best solution.

I think it's well explained here:

It is important that this environment variable always reflects the output of the tty command.

(gets me back to the above but I'll stop ranting now; I am sure I am just missing technical intricacies :-))

[d-e-s-o]

By any chance, have you had a chance to test with the most recent version of the gpg-tty branch, @qrvstw? I'd want to move this issue forward one way or another.

[d-e-s-o]

I managed to reproduce the problem and verified that the fix is indeed working. I will polish it some and should have it out for review soon.

# I verified that GPG_TTY is not set at this point.
$ /tmp/rust-build-artifacts/[...]/target/debug/nitrocli otp get 0^C
# worked fine and I canceled the operation
# Now with binary that does not contain GPG_TTY logic:
$ nitrocli otp get 0
Failed to parse pinentry secret: 83918950 Inappropriate ioctl for device <Pinentry>
# the above error pops up immediately