-
Notifications
You must be signed in to change notification settings - Fork 5
Allow choosing GUI pinentry as your auth prompt #108
Conversation
Default to old password input, except with --pinentry mode. We want to allow this option for when GUI apps call us in the background and we can't prompt for password/TOTP via stdin/stdout as usual. For now we're making it opt-in, so we don't "move too many people's cheese".
3460ee8
to
fecc766
Compare
@@ -24,3 +25,5 @@ require ( | |||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 | |||
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 | |||
) | |||
|
|||
replace github.com/gopasspw/pinentry => github.com/redbubble/pinentry v0.0.3-0.20211015012734-36081cf01f93 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using a fork of https://github.com/gopasspw/pinentry because of https://github.com/gopasspw/pinentry/issues/1. The only thing it does is hardcode pinentry-mac
instead of (broken) auto lookup the library does. Note that in the Brew package i've added pinentry-mac
as a dependency, so i expect this to go fine. It works for me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. I assume the pinentry fork has the details as to why it's a fork as well?
Ah, no, not as such – the modification is really very simple. It's just hardcoding the Darwin-case: gopasspw/pinentry@main...redbubble:main I can modify the README if you prefer? |
* Depend on pinentry-mac Homebrew formula * Correct my preferred capitalisation if i'm here anyway. * cmd/root.go: Add pinentry option. * cli/login.go: Use pinentry, optionally. Default to old password input, except with --pinentry mode. We want to allow this option for when GUI apps call us in the background and we can't prompt for password/TOTP via stdin/stdout as usual. For now we're making it opt-in, so we don't "move too many people's cheese".
* Depend on pinentry-mac Homebrew formula * Correct my preferred capitalisation if i'm here anyway. * cmd/root.go: Add pinentry option. * cli/login.go: Use pinentry, optionally. Default to old password input, except with --pinentry mode. We want to allow this option for when GUI apps call us in the background and we can't prompt for password/TOTP via stdin/stdout as usual. For now we're making it opt-in, so we don't "move too many people's cheese".
This adds the possibility to use
pinentry
to prompt the user for their credentials. We want that in the situation where (e.g.) MySQL Workbench calls ssh which calls yak, and we can't directly prompt the user for their credentials. For now we're making it opt-in, so we don't "move too many people's cheese".