Should gpg2's --passphrase-fd option automatically set --pinentry-mode loopback?

[Sam Varshavchik]

I have an application that runs gpg in batch mode to sign files.

No issues with using gpg:

$ gpg --passphrase-fd 10 -s -b -a --default-key [hash] 10<z <filetosign

With the secret key's passphrase piped in on file descriptor #10, and the  
content to sign on standard input, this works just fine, and the following  
comes out on standard output:

Reading passphrase from file descriptor 10

You need a passphrase to unlock the secret key for
user: "Sam Varshavchik <mrsam at courier-mta.com>"
4096-bit RSA key, ID 279DBF25, created 2013-08-25

-----BEGIN PGP SIGNATURE-----
[ the signature]

But the same parameters do not work if I use gpg2 instead of gpg:

$ gpg2 --passphrase-fd 10 -s -b -a --default-key [hash] 10<z <filetosign
X11 connection rejected because of wrong authentication.
X11 connection rejected because of wrong authentication.
gpg: signing failed: Inappropriate ioctl for device
gpg: signing failed: Inappropriate ioctl for device

Not very helpful.

After copiously pouring through the manual page, I discovered that adding a

--pinentry-mode loopback

option makes gpg2 work exactly like gpg in batch mode.

So, the question on the table is as follows:

Keeping in mind the stated purpose of the --passphrase-fd option, does it  
make sense to automatically set "--pinentry-mode loopback" when the -- 
passphrase-fd option is provided to gpg2? This way, gpg2 and gpg will be  
interchangable, in batch mode, with the same options.

I'll be happy to create a bug, for this.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: </pipermail/attachments/20161125/9e50d1b1/attachment.sig>