Allow configuring pinentry binary #322
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The pinentry module doesn't have access to the client configuration, and until now it didn't actually need it. We're about to introduce a new config option though that makes the pinentry binary configurable via the config file, which requires us to plumb through the configuration. Unfortunately, we cannot pass through the `config.Config` directly due to an import cycle between the "pinentry" and the "config" modules. The latter implements logic to unlock the vault, which uses pinentry under the hood to obtain the password. Work around this issue by introducing a `PinentryConfig` interface. For now this interface is still empty, but we'll enrich it in a subsequent commit so that it allows us to retrieve the pinentry binary name. This is split up into two steps so that we can separate the plumbing, namely passing the new argument at all callsites, from the actual changes. Signed-off-by: Patrick Steinhardt <[email protected]>
The pinentry binary can currently only be configured via the GnuPG configuration. On the one hand this is quite awkward on systems where GnuPG isn't used at all, as the user is now asked to create a file that shouldn't have anything to do with Goldwarden in order to configure it. And on the other hand this isn't really discoverable and doesn't exactly follow the principle of least surprise. While it's nice that we try to honor a user's preexisting configuration, we should also provide a way to explicitly set the pinentry binary used by Goldwarden. This improves discoverability and also gives users more flexibility in case they want to use a different pinentry implementation for Goldwarden than for GnuPG, due to whatever reason. Implement a new "PinentryBinary" configuration key. If set, it takes precedence over the value derived from the GnuPG configuration and over the platform-specific "pinentry-mac" default that is used on Darwin. Signed-off-by: Patrick Steinhardt <[email protected]>
Add a command to configure the pinentry binary via the IPC interface. Signed-off-by: Patrick Steinhardt <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The pinentry binary can currently only be configured via the GnuPG
configuration. On the one hand this is quite awkward on systems where
GnuPG isn't used at all, as the user is now asked to create a file that
shouldn't have anything to do with Goldwarden in order to configure it.
And on the other hand this isn't really discoverable and doesn't exactly
follow the principle of least surprise.
While it's nice that we try to honor a user's preexisting configuration,
we should also provide a way to explicitly set the pinentry binary used
by Goldwarden. This improves discoverability and also gives users more
flexibility in case they want to use a different pinentry implementation
for Goldwarden than for GnuPG, due to whatever reason.
Implement a new "PinentryBinary" configuration key. If set, it takes
precedence over the value derived from the GnuPG configuration and over
the platform-specific "pinentry-mac" default that is used on Darwin.