The default behavior of Crostini’s Debian Stretch container is to use a curses-based pinentry. This behaves strangely, in two different ways:
Inherently, it shows the semi-graphical pinentry dialog in the terminal that has last called
gpg-connect-agent updatestartuptty /bye. You can do this in
.bashrc or similar, but if your habit is (like mine) to run many different terminals at once, you would need to call this whenever focus changes – otherwise the pinentry dialog will invariably come up in a random terminal. Of course this might still be inconvenient if pinentry is triggered from a UI application instead of on the console.
If the pinentry dialog comes up in a terminal other than the one where the gpg process originated, it doesn’t work correctly anyway – the dialog is drawn on screen, but the command prompt (or whatever is running) remains active in the background and grabs input. I didn’t investigate this any further.
As far as I’m aware, there is no way of making this work other than somehow executing
gpg-connect-agent updatestartuptty /bye every time a terminal window is focused. I didn’t want to go down that path and I was wondering why a graphical UI pinentry wasn’t used by default. But of course the standard container is just a very basic starting point and especially doesn’t come with loads of UI stuff installed.
The first UI pinentry I tried was
pinentry-gnome3, and I immediately stumbled upon the next issue: when started from the command line, the error
No $DBUS_SESSION_BUS_ADDRESS found, falling back to curses was shown. I have never had reason to look into the exact details of how dbus-daemon is started on Debian, and I suspect that the launch process is somehow out of whack on Crostini due to the fact that no conventional X session is started. I found that dbus-daemon was running, but the environment wasn’t configured correctly. As a workaround I configured
terminator to start through dbus-run-session. I created
#!/bin/sh /usr/bin/dbus-run-session -- /usr/bin/terminator
Then I copied
/usr/local/share/applications and modified it to use a different name (DBUS-Terminator) and call
dbus-terminator. This approach means that the entry appears in the Chromebook launcher automatically, and it configures
DBUS_SESSION_BUS_ADDRESS correctly for the
pinentry-gnome3 quite happy and it stopped showing the error message. However, it still wouldn’t work! I did notice at this point that gpg-agent was ignoring
~/.gnupg/gpg-agent.conf – it always ran
pinentry regardless of the entry there – but
pinentry is just a configured alternative anyway, so I can
update-alternatives --config pinentry to explicitly activate
pinentry-gnome3. In spite of all that, it would always fall back to curses – no idea why, I stopped investigating at this point because I wasn’t fixed on the Gnome version of pinentry. I summarized all of the above in the hopes that somebody else may benefit from it!
Now for an actual working solution:
pinentry-qt. It turns out that this is a much easier choice. Once installed and activated through
update-alternatives, it runs correctly without further trouble. I ended up thinking, if only I’d been able to find a simple solution when I searched, one that really works in Crostini… so I wrote this, hope it helps!
Sorry, this blog does not support comments. Why not?
I used various blog hosting services since this blog was established in 2005, but unfortunately they turned out to be unreliable in the long term and comment threads were lost in unavoidable transitions. At this time I don't want to enable third-party services for comments since it has become obvious in recent years that these providers invariably monetize information about their visitors and users.
Please use the links in the page footer to get in touch with me. I'm available for conversations on Keybase, Matrix, Mastodon or Twitter, as well as via email.