Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Usage on a GUI-less server #90

Closed
szszszsz opened this issue Jun 14, 2019 · 2 comments
Closed

Usage on a GUI-less server #90

szszszsz opened this issue Jun 14, 2019 · 2 comments

Comments

@szszszsz
Copy link
Contributor

Hi!

Is it possible to use nitrocli in a GUI-less / init 3 Linux environment? I tried to simulate it in an Ubuntu 19.04 Docker container, and got this error:

root@a1f753f5d989:/# nitrocli pws get 0
83918950 Inappropriate ioctl for device <Pinentry>

Any ideas? Pinentry run separately works apparently. Getting status from the Storage device works as well. gpg-connect-agent also seems to work.

I tried to use /usr/bin/pinentry-tty (as here), but got other error:

83886340 Invalid IPC response <Pinentry>

Perhaps, alternatively, is it possible to disable gpg-connect-agent usage, and make nitrocli ask the PIN directly? E.g. via some kind of switch?

Full install and execution log attached:
nitrocli.init3.log

Connected: support request.
@d-e-s-o
Copy link
Owner

d-e-s-o commented Jun 15, 2019

For me it works in a non-X11 environment. pinentry falls back to pinentry-curses and I can enter the password as usual. It also does what it is supposed to do with pinentry-tty.

I think what ultimately should be tried is something like:

$ gpg-connect-agent 'GET_PASSPHRASE --data X error secret+please just+a+test' /bye
> 
>  *** error ***
> 
> just a test
> secret please:
> D test
> OK

which is pretty much what we use. My guess would be that this fails in the same way. If it doesn't that would be very interesting.

In the past, I've had luck with:

gpg-connect-agent updatestartuptty /bye

in a slightly different scenario (when GPG was started on a different tty), so running that may be worth a shot (but judging from the logs you provided I am not sure that's the case here).

Also, my notes suggest that:

export GPG_TTY=$(tty)

helped me at some point with exactly this error message. That's more shots in the dark than anything else, though, or at least I don't see a clear connection in this case.

Perhaps, alternatively, is it possible to disable gpg-connect-agent usage, and make nitrocli ask the PIN directly? E.g. via some kind of switch?

We more or less intentionally don't have that. pinentry should support all the scenarios we are interested in and should integrate nicely into the system, so I didn't see the need.

@szszszsz
Copy link
Contributor Author

Thank you for the check and thorough response! It looks clearer for me now. Closing, since it works on your side.

@d-e-s-o d-e-s-o mentioned this issue Sep 4, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@d-e-s-o @szszszsz