Integrate pinentry-mac into pinentry

Jonathan Schleifer js-gnupg-users at webkeks.org
Sun Feb 22 16:53:31 CET 2015 

Am 22.02.2015 um 13:17 schrieb Roman Zechmeister <Mento at gpgtools.org>:

> 1. On Mac OS X it's standard to use Xcode for builds and we're using it for pinentry-mac and all of our other tools.
> Is it okay for you, if we're using an Xcode-Project and Xcode, instead of plain automake, to build pinentry for Mac OS X?

I've seen a lot of projects where the Mac-specific part is nicely integrated into automake. The huge disadvantage of Xcode project files is that they are huge, can't make much use of the results from configure which often results in basically needing a different .xcproj file per combination of OS version and architecture (or at least different targets) and do not support cross-compiling at all. automake OTOH has none of these problems and is hardly any more work. Plus it's possible to edit build rules with an editor instead of a GUI that is only available for OS X. Oh, and then of course there's the problem that it's not possible to do reproducible builds with .xcproj files!

I think Walter mentioned that he never touched OS X, so I'm guessing he'd prefer something that he can read and modify ;).

> 4. pinentry-mac allows the calling app to define a custom message to show.
> This is implemented using PINENTRY_USER_DATA. We allow placeholders like %KEYID and %USERID.
> To fill the placeholders, we parse the description from pinentry. This works in the most cases.
> The reason for this feature is, to allow some more informative and readable messages. e.g. We can tell the
> user for which email/file, he enters the passphrase.
> What do you think about that? Is this a desirable feature for pinentry?

Hm, this sounds good at first, but after some thought, there are several issues. This could be used to trick the user into thinking he's doing the right thing when in fact he's not. What if you just don't use %KEYID, but write another key ID there that the user expects, when in fact you sign for something else? I think it would be better to have a dialog that shows all these information and then maybe a free form text for the justification, where no replacing takes place?

> 5. Using PINENTRY_USER_DATA we also allow to set a custom icon to be shown, like the standard
> Mac OS X security dialog. Opinions?

I can't think of any problem with that and this sounds indeed like a good addition.

--
Jonathan

More information about the Gnupg-users mailing list