-
-
Notifications
You must be signed in to change notification settings - Fork 156
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rewrites pinentry
find code to be more resilient
#543
base: master
Are you sure you want to change the base?
Conversation
This change rewrites the custom `pinentry` search code to instead be a modified form of the standard `/usr/bin/pinetry` fallback script. The prior behaviour could not handle cases where a `pinentry` executable existed but was not actually usable. Now it checks using `ldd` for if an executable is functional or not. Additionally rewritten to be more clear and easier to extend with newer `pinentry` backends. `make test` was ran, and it passed the main usability tests for password entry. As my testing system uses swap it failed during the KDF test from an error from swap being enabled; I did not attempt further tests with swap disabled. This partially fixes Issue dyne#542.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's a neat improvement, good to ldd check. But we need to build the musl compatible alternative in it to avoid breaking people's workflow.
It is documented in the official FAQ so users should be aware of such specialities and take care of it themselves? Magically doing stuff behind the scenes like tampering with |
Sorry, been busy with work and haven't had time to address this yet. Going to leave a quick proof sketch, and a follow up. First some administrative points:
Basic idea: # `_ldd` must ALWAYS be used in a subshell, it potential runs `exec`.
local _ldd
local _potential_musl="/lib/ld-musl-$(uname -m).so.1"
if _is_found ldd; then
# Nothing to do
_ldd="ldd"
elif [ -f "$_potential_musl" ]; then
# Musl will act like `ldd` if called as `ldd`. This requires an exec hack sadly.
_ldd="exec -a ldd $_potential_musl"
else
# Give up and revert to old behaviour of just blindly using the first thing we find
# TODO: Make a CLI arg to specify pinentry executable and mention it in this warning
_warning "System has no 'ldd' command nor does it appear to be running musl, falling back to imprecise pinentry detection mode"
_ldd="true"
fi
unset _potential_musl
...
lddout=$($_ldd "$pinentry" 2>/dev/null) || continue
[[ "$lddout" == *'not found'* ]] && continue The |
This change rewrites the custom
pinentry
search code to instead be a modified form of the standard/usr/bin/pinetry
fallback script. The prior behaviour could not handle cases where apinentry
executable existed but was not actually usable. Now it checks usingldd
for if an executable is functional or not. Additionally rewritten to be more clear and easier to extend with newerpinentry
backends.make test
was ran, and it passed the main usability tests for password entry. As my testing system uses swap it failed during the KDF test from an error from swap being enabled; I did not attempt further tests with swap disabled.This partially fixes Issue #542.
Note: This adds a new dependency on
ldd
. For systems withoutldd
installed (such asmusl
systems) they either need to create a compatibilityldd
symlink / script, or we need to check forld-musl-$ARCH.so
and use it ourselves ifldd
does not exist.