Re: [PATCH] cli: crypto: tell gmime to use gpg-agent

Subject: Re: [PATCH] cli: crypto: tell gmime to use gpg-agent

Date: Thu, 28 Feb 2013 00:46:57 +0200

To: Jameson Graef Rollins, David Bremner, notmuch@notmuchmail.org

Cc:

On Wed, 27 Feb 2013, Jameson Graef Rollins <jrollins@finestructure.net> wrote:
> On Wed, Feb 27 2013, David Bremner <david@tethera.net> wrote:
>> But right now we force people to enable the agent globally via use-agent
>> if they want to decrypt mail in notmuch-cli/emacs. The proposed change
>> allows them to use the agent only for notmuch.
>
> Doesn't the proposed change actually *force* the user to use gpg-agent?
> How can the user opt out?

If the user wants to have decryption in notmuch, the user *must* use
gpg-agent, regardless of this change or the "use-agent" configuration
option. There is no opt out if one wants to have decryption in notmuch,
regardless of this change.

The proposed change gives the user the possibility to opt out of
*globally* using gpg-agent for everything, and still have decryption in
notmuch.

The proposed change merely passes the --use-agent option to gpg. It does
not *force* anything. It tells gpg to *try* to connect to the gpg-agent
before it asks for a passphrase. (Except that notmuch will never ask for
a passphrase. It will fail if it can't connect to the gpg-agent. Without
--use-agent or "use-agent" option it will unconditionally fail.)

When I use gpg on the command line, I want it to prompt for the
passphrase on the command line instead of popping up a gpg-agent
dialog. I don't think that is unreasonable. To achieve that I have
disabled the "use-agent" configuration option. Without the proposed
change, if I still wanted to have this *and* decryption in notmuch, I
would have to pass --no-use-agent on the gpg command line. I think that
*is* unreasonable.

>> I don't think we should directly care about the presence of an X session
>> or not; the agent protocol doesn't depend on how the agent was started
>> afaik. 
>
> Maybe, but I would like some example of what happens if you force usage
> of an agent and the agent is not present or there is no X session.

There is no force anything. It tries to connect to the agent, and if one
is not present, decryption fails like it would have failed without this
change.

Finally, look up the references I provided. The whole function in gmime
was provided *exactly* for situations like we have: the caller will fail
without the agent, so have a tiny bit of sanity and see if it's there
before failing.

BR,
Jani.

Previous message (by thread): Re: [PATCH] cli: crypto: tell gmime to use gpg-agent

Thread:

Jani Nikula—[PATCH] cli: crypto: tell gmime to use gpg-agent [inbox, notmuch::patch, notmuch::pushed, unread]
- Tomi Ollila—Re: [PATCH] cli: crypto: tell gmime to use gpg-agent [inbox, notmuch::review, unread]
- Jameson Graef Rollins—Re: [PATCH] cli: crypto: tell gmime to use gpg-agent [inbox, signed, unread]
  - David Bremner—Re: [PATCH] cli: crypto: tell gmime to use gpg-agent [inbox, unread]
    - Jameson Graef Rollins—Re: [PATCH] cli: crypto: tell gmime to use gpg-agent [inbox, signed, unread]
      - Jani Nikula—Re: [PATCH] cli: crypto: tell gmime to use gpg-agent [inbox, unread]
        Jameson Graef Rollins—Re: [PATCH] cli: crypto: tell gmime to use gpg-agent [inbox, notmuch::review, signed, unread]
        Daniel Kahn Gillmor—Re: [PATCH] cli: crypto: tell gmime to use gpg-agent [inbox, notmuch::review, signed, unread]
        Tomi Ollila—Re: [PATCH] cli: crypto: tell gmime to use gpg-agent [inbox, unread]
- Jani Nikula—[PATCH] man: show and reply --decrypt option requires gpg-agent [inbox, notmuch::patch, notmuch::pushed, unread]
  - Jameson Graef Rollins—Re: [PATCH] man: show and reply --decrypt option requires gpg-agent [inbox, notmuch::review, signed, unread]
- David Bremner—Re: [PATCH] cli: crypto: tell gmime to use gpg-agent [inbox, unread]