diff --git a/doc/tomb.1 b/doc/tomb.1 index c7703cef..c0785dfc 100644 --- a/doc/tomb.1 +++ b/doc/tomb.1 @@ -329,6 +329,12 @@ Select a different tool than sudo for privilege escalation. Alternatives supported so far are: pkexec, doas, sup, sud. For any alternative to work the executable must be included in the current PATH. +.B +.IP "--pinentry \fI\fR" +Add a \fIpinentry\fR which is tried first for usage. Allows to force a specific +one or the use of an alternative not listed (like bemenu or wayprompt). +Important: It needs to be a drop-in replacement for \fIpinentry\fR. It doesn't allow +for a different architecture of password input. .B .IP "-h" @@ -435,10 +441,13 @@ To avoid that tomb execution is logged by \fIsyslog\fR also add: .SH PASSWORD INPUT Password input is handled by the pinentry program: it can be text -based or graphical and is usually configured with a symlink. When -using Tomb in a graphical environment (X11 or Wayland) it is better -to use either pinentry-gtk2 (deprecated), pinentry-gnome or -pinentry-qt because it helps preventing keylogging by other clients. +based or graphical. \fITomb\fR implements a logic to detect the +preferred and working password input based on the environment (tty, +X11 or Wayland). +It is possible to specify a specific pinentry program which is tried +first (\fI--pinentry tty\fR or \fI--pinentry=wayprompt\fR) but it +should be avoided to use a text based one in a graphical environment +as the graphical ones help preventing keylogging by other clients. When using it from a remote ssh connection it might be necessary to force use of pinentry-tty for instance by unsetting the DISPLAY (X11) or WAYLAND_DISPLAY (Wayland) environment var. diff --git a/tomb b/tomb index baf1be65..9ec8a385 100755 --- a/tomb +++ b/tomb @@ -500,27 +500,33 @@ ask_password() { # fallback logic directly here. # Pinentry supported: curses, tty, qt{,4,5}, gtk{,-2}, gnome3, and x11. - # TODO: Implement a user option to specify a pinentry program and - # wrap pinentry with a `_pinentry()` function that implements the - # search logic if the user option is not specified: Issue #542 + # TODO: Wrap pinentry with a `_pinentry()` function that implements + # the search logic: Issue #542 # make sure LANG is set, default to C LANG=${LANG:-C} _verbose "asking password with tty=$TTY lc-ctype=$LANG" - # Guess preferred backend based on environment. - backends=(curses tty) + # Check for user specified pinentry + option_is_set --pinentry && { + backends+=`option_value --pinentry` + _verbose "Adding ::1 pinentry:: to pinentry backends" $backends[0] + } + + # Guess and add preferred backends based on environment. if [[ -n "$DISPLAY" || -n "$WAYLAND_DISPLAY" ]]; then _verbose "Graphical display system detected" case "$XDG_CURRENT_DESKTOP" in KDE|LXQT|LXQt) - backends=(qt5 qt qt4 gnome3 gtk gtk-2 curses tty) + backends+=(qt5 qt qt4 gnome3 gtk gtk-2 curses tty) ;; *) - backends=(gtk gtk-2 x11 gnome3 qt5 qt qt4 curses tty) + backends+=(gtk gtk-2 x11 gnome3 qt5 qt qt4 curses tty) ;; esac + else + backends+=(curses tty) fi _verbose "Checking backends '${backends}'" @@ -3136,7 +3142,7 @@ main() { # can only use the non-abbreviated long-option version like: # -force and NOT -f # - main_opts=(q -quiet=q D -debug=D h -help=h v -version=v f -force=f -tmp: U: G: T: -no-color -unsafe g -gpgkey=g -sudo:) + main_opts=(q -quiet=q D -debug=D h -help=h v -version=v f -force=f -tmp: U: G: T: -no-color -unsafe g -gpgkey=g -sudo: -pinentry:) subcommands_opts[__default]="" # -o in open and mount is used to pass alternate mount options subcommands_opts[open]="n -nohook=n k: o: -ignore-swap -tomb-pwd: r: R: p -preserve-ownership=p"