Skip to content
This repository has been archived by the owner on Feb 21, 2023. It is now read-only.

Allow choosing GUI pinentry as your auth prompt #108

Merged
merged 4 commits into from
Oct 15, 2021
Merged

Conversation

toothbrush
Copy link
Member

@toothbrush toothbrush commented Oct 15, 2021

This adds the possibility to use pinentry to prompt the user for their credentials. We want that in the situation where (e.g.) MySQL Workbench calls ssh which calls yak, and we can't directly prompt the user for their credentials. For now we're making it opt-in, so we don't "move too many people's cheese".

Default to old password input, except with --pinentry mode.

We want to allow this option for when GUI apps call us in the background and we can't prompt for
password/TOTP via stdin/stdout as usual.  For now we're making it opt-in, so we don't "move too many
people's cheese".
@toothbrush toothbrush marked this pull request as ready for review October 15, 2021 02:32
@toothbrush toothbrush changed the title Spike: use GUI pinentry Allow choosing GUI pinentry as your auth prompt Oct 15, 2021
@@ -24,3 +25,5 @@ require (
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2
golang.org/x/net v0.0.0-20200202094626-16171245cfb2
)

replace github.com/gopasspw/pinentry => github.com/redbubble/pinentry v0.0.3-0.20211015012734-36081cf01f93
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using a fork of https://github.com/gopasspw/pinentry because of https://github.com/gopasspw/pinentry/issues/1. The only thing it does is hardcode pinentry-mac instead of (broken) auto lookup the library does. Note that in the Brew package i've added pinentry-mac as a dependency, so i expect this to go fine. It works for me.

Copy link
Contributor

@mipearson mipearson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I assume the pinentry fork has the details as to why it's a fork as well?

@toothbrush
Copy link
Member Author

LGTM. I assume the pinentry fork has the details as to why it's a fork as well?

Ah, no, not as such – the modification is really very simple. It's just hardcoding the Darwin-case: gopasspw/pinentry@main...redbubble:main

I can modify the README if you prefer?

@toothbrush toothbrush merged commit c7bc309 into master Oct 15, 2021
@toothbrush toothbrush deleted the paul/pinentry branch October 15, 2021 04:12
lokulin pushed a commit that referenced this pull request Aug 18, 2022
* Depend on pinentry-mac Homebrew formula

* Correct my preferred capitalisation if i'm here anyway.

* cmd/root.go: Add pinentry option.

* cli/login.go: Use pinentry, optionally.

Default to old password input, except with --pinentry mode.

We want to allow this option for when GUI apps call us in the background and we can't prompt for
password/TOTP via stdin/stdout as usual.  For now we're making it opt-in, so we don't "move too many
people's cheese".
lokulin pushed a commit that referenced this pull request Aug 18, 2022
* Depend on pinentry-mac Homebrew formula

* Correct my preferred capitalisation if i'm here anyway.

* cmd/root.go: Add pinentry option.

* cli/login.go: Use pinentry, optionally.

Default to old password input, except with --pinentry mode.

We want to allow this option for when GUI apps call us in the background and we can't prompt for
password/TOTP via stdin/stdout as usual.  For now we're making it opt-in, so we don't "move too many
people's cheese".
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants