Thomas Roessler wrote:
> Mutt's gpg agent code also expects GPG_TTY to be set.
Ahh, thanks for that tip Thomas! I did get things working, with one other
change (which seems silly to have missed in hindsight). I had to remove the
--passphrase-fd 0 option from the gpg commands in gpg.rc. I just created a
gpg-with-agent.rc file and sourced that instead of the default gpg.rc
shipped with 1.5.4 and CVS as of yesterday.
I also applied a patch Dale Woolridge submitted to mutt-dev in April, which
is now in CVS, that changed the return code of crypt_valid_passphrase() in
crypt.c. With that, 1.5.4 seems to behave well (though I haven't tested it
a lot yet, so other issues could still pop up).
I'll attach the small diff I made against 1.5.4, in case anyone wants it.
Thanks again Thomas!
--
Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
============================================================================
To tax and to please, no more than to love and be wise, is not given to men.
-- Edmund Burke
diff -uNr mutt-1.5.4~/contrib/gpg-with-agent.rc
mutt-1.5.4/contrib/gpg-with-agent.rc
--- mutt-1.5.4~/contrib/gpg-with-agent.rc Wed Dec 31 19:00:00 1969
+++ mutt-1.5.4/contrib/gpg-with-agent.rc Wed Sep 10 16:21:12 2003
@@ -0,0 +1,82 @@
+# -*-muttrc-*-
+#
+# Command formats for gpg.
+#
+# This version uses gpg-2comp from
+# http://muppet.faveve.uni-stuttgart.de/~gero/gpg-2comp.tar.gz
+#
+# $Id: gpg.rc,v 3.1 2002/03/26 22:23:58 roessler Exp $
+#
+# %p The empty string when no passphrase is needed,
+# the string "PGPPASSFD=0" if one is needed.
+#
+# This is mostly used in conditional % sequences.
+#
+# %f Most PGP commands operate on a single file or a file
+# containing a message. %f expands to this file's name.
+#
+# %s When verifying signatures, there is another temporary file
+# containing the detached signature. %s expands to this
+# file's name.
+#
+# %a In "signing" contexts, this expands to the value of the
+# configuration variable $pgp_sign_as. You probably need to
+# use this within a conditional % sequence.
+#
+# %r In many contexts, mutt passes key IDs to pgp. %r expands to
+# a list of key IDs.
+
+# Note that we explicitly set the comment armor header since GnuPG, when used
+# in some localiaztion environments, generates 8bit data in that header,
thereby
+# breaking PGP/MIME.
+
+# decode application/pgp
+set pgp_decode_command="/usr/bin/gpg --charset utf-8 --no-verbose --quiet
--batch --output - %f"
+
+# verify a pgp/mime signature
+set pgp_verify_command="/usr/bin/gpg --no-verbose --quiet --batch --output
- --verify %s %f"
+
+# decrypt a pgp/mime attachment
+set pgp_decrypt_command="/usr/bin/gpg --no-verbose --quiet --batch
--output - %f"
+
+# create a pgp/mime signed attachment
+# set pgp_sign_command="/usr/bin/gpg-2comp --comment '' --no-verbose --batch
--output - --armor --detach-sign --textmode %?a?-u %a? %f"
+set pgp_sign_command="/usr/bin/gpg --no-verbose --batch --quiet --output
- --armor --detach-sign --textmode %?a?-u %a? %f"
+
+# create a application/pgp signed (old-style) message
+# set pgp_clearsign_command="/usr/bin/gpg-2comp --comment '' --no-verbose
--batch --output - --armor --textmode --clearsign %?a?-u %a? %f"
+set pgp_clearsign_command="/usr/bin/gpg --charset utf-8 --no-verbose --batch
--quiet --output - --armor --textmode --clearsign %?a?-u %a? %f"
+
+# create a pgp/mime encrypted attachment
+# set pgp_encrypt_only_command="pgpewrap gpg-2comp -v --batch --output -
--encrypt --textmode --armor --always-trust -- -r %r -- %f"
+set pgp_encrypt_only_command="pgpewrap /usr/bin/gpg --charset utf-8
--batch --quiet --no-verbose --output - --encrypt --textmode --armor
--always-trust -- -r %r -- %f"
+
+# create a pgp/mime encrypted and signed attachment
+# set pgp_encrypt_sign_command="pgpewrap gpg-2comp -v --batch --output -
--encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f"
+set pgp_encrypt_sign_command="pgpewrap /usr/bin/gpg --charset utf-8 --batch
--quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a?
--armor --always-trust -- -r %r -- %f"
+
+# import a key into the public key ring
+set pgp_import_command="/usr/bin/gpg --no-verbose --import -v %f"
+
+# export a key from the public key ring
+set pgp_export_command="/usr/bin/gpg --no-verbose --export --armor %r"
+
+# verify a key
+set pgp_verify_key_command="/usr/bin/gpg --verbose --batch --fingerprint
--check-sigs %r"
+
+# read in the public key ring
+set pgp_list_pubring_command="/usr/bin/gpg --no-verbose --batch --quiet
--with-colons --list-keys %r"
+
+# read in the secret key ring
+set pgp_list_secring_command="/usr/bin/gpg --no-verbose --batch --quiet
--with-colons --list-secret-keys %r"
+
+# fetch keys
+# set pgp_getkeys_command="pkspxycwrap %r"
+
+# pattern for good signature - may need to be adapted to locale!
+
+# set pgp_good_sign="^gpg: Good signature from"
+
+# OK, here's a version which uses gnupg's message catalog:
+set pgp_good_sign="`gettext -d gnupg -s 'Good signature from "' | tr -d '"'`"
+
diff -uNr mutt-1.5.4~/crypt.c mutt-1.5.4/crypt.c
--- mutt-1.5.4~/crypt.c Fri Mar 7 03:23:44 2003
+++ mutt-1.5.4/crypt.c Wed Sep 10 16:21:12 2003
@@ -120,7 +120,7 @@
if (pgp_use_gpg_agent())
{
*PgpPass = 0;
- return 0; /* handled by gpg-agent */
+ return 1; /* handled by gpg-agent */
}
if (now < PgpExptime) return 1; /* just use the cached copy. */
diff -uNr mutt-1.5.4~/doc/PGP-Notes.txt mutt-1.5.4/doc/PGP-Notes.txt
--- mutt-1.5.4~/doc/PGP-Notes.txt Thu Jan 24 08:35:07 2002
+++ mutt-1.5.4/doc/PGP-Notes.txt Wed Sep 10 16:25:04 2003
@@ -153,6 +153,17 @@
+Q: "How do I use gpg-agent to handle my passphrases instead of mutt's builtin
+passphrase caching?"
+
+Configure gpg-agent according to it's documentation and ensure you export both
+GPG_TTY and GPG_AGENT_INFO into your environment (see the gpg-agent
+documentation for details and examples).
+
+You also need to set the $pgp_use_gpg_agent configuration variable.
+
+
+
BACKGROUND
Attachment:
pgp96Dyh9lo4O.pgp
Description: PGP signature