[libvirt] [PATCH] Pass GPG_TTY env var to the ssh binary

[Guilhem Moulin]

And I didn't test this carefully, my apologies :-(  Whether gpg-agent
can prompt the password depends on the pinentry program in use, but for
pinentry-curses this also requires to pass TERM.  Patch modified
accordingly.

 
From: Guilhem Moulin <guilhem at guilhem.org>
Subject: [PATCH] Pass GPG_TTY env var to the ssh binary

gpg-agent(1) can emulate the OpenSSH Agent protocol (which provides
pubkey-authentication using an authentication-capable OpenPGP key, in
addition to the usual identity files).  However for a console-based
password prompt (such as pinentry-curses) to work, the ‘GPG_TTY’
environment variable needs to be set to the current TTY.

Using gpg-agent's ssh-agent implementation is currently not possible for
SSH remote URIs, because the environment is cleaned before calling the
ssh(1) binary.  The enclosed patches adds ‘GPG_TTY’ to the list of
environment variables passed to the child.

References: http://bugs.debian.org/843863
---
src/rpc/virnetsocket.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
index 325a7c7..8d20074 100644
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -839,6 +839,8 @@ int virNetSocketNewConnectSSH(const char *nodename,
     virCommandAddEnvPassBlockSUID(cmd, "KRB5CCNAME", NULL);
     virCommandAddEnvPassBlockSUID(cmd, "SSH_AUTH_SOCK", NULL);
     virCommandAddEnvPassBlockSUID(cmd, "SSH_ASKPASS", NULL);
+    virCommandAddEnvPassBlockSUID(cmd, "GPG_TTY", NULL);
+    virCommandAddEnvPassBlockSUID(cmd, "TERM", NULL);
     virCommandAddEnvPassBlockSUID(cmd, "DISPLAY", NULL);
     virCommandAddEnvPassBlockSUID(cmd, "XAUTHORITY", NULL);
     virCommandClearCaps(cmd);

-- 
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20161125/bc82bdaa/attachment-0001.sig>