[libvirt] [PATCH] Pass GPG_TTY env var to the ssh binary

[Guido Günther]

Hi Daniel,
On Mon, Nov 14, 2016 at 10:02:55AM +0000, Daniel P. Berrange wrote:
> On Sat, Nov 12, 2016 at 02:19:37PM +0100, Guido Günther wrote:
> > This came in via the Debian BTS:
> > 
> > http://bugs.debian.org/43863
> 
> This seems to be the wrong bug number.

I've updated the commit message and added the correct bugnumber as
reference. Does this look better:

From: Guilhem Moulin <guilhem at guilhem.org>
Subject: [PATCH] Pass GPG_TTY env var to the ssh binary

gpg-agent(1) can emulate the OpenSSH Agent protocol (which provides
pubkey-authentication using an authentication-capable OpenPGP key, in
addition to the usual identity files).  However for a console-based
password prompt (such as pinentry-curses) to work, the ‘GPG_TTY’
environment variable needs to be set to the current TTY.

Using gpg-agent's ssh-agent implementation is currently not possible for
SSH remote URIs, because the environment is cleaned before calling the
ssh(1) binary.  The enclosed patches adds ‘GPG_TTY’ to the list of
environment variables passed to the child.

References: http://bugs.debian.org/843863
---
 src/rpc/virnetsocket.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
index 325a7c7..8d20074 100644
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -848,6 +848,7 @@ int virNetSocketNewConnectSSH(const char *nodename,
     virCommandAddEnvPassBlockSUID(cmd, "KRB5CCNAME", NULL);
     virCommandAddEnvPassBlockSUID(cmd, "SSH_AUTH_SOCK", NULL);
     virCommandAddEnvPassBlockSUID(cmd, "SSH_ASKPASS", NULL);
+    virCommandAddEnvPassBlockSUID(cmd, "GPG_TTY", NULL);
     virCommandAddEnvPassBlockSUID(cmd, "DISPLAY", NULL);
     virCommandAddEnvPassBlockSUID(cmd, "XAUTHORITY", NULL);
     virCommandClearCaps(cmd);
-- 
2.10.2